A Brief Breakdown of the GDPR (and How We’re Taking Action)
A new regulation known as the GDPR, which stands for General Data Protection Regulation and aims to protect European Union (EU) citizens from privacy and data breaches, will go into effect on May 25, 2018. While this (at the time of this writing) applies primarily to member states of the EU, it is important that individuals, organizations, and companies in the US understand the regulation and how it could apply to them. Below is a brief breakdown of the basics of the GDPR and how we’re taking a proactive approach here at BxB with your website and GDPR compliance.
What is the GDPR?
The General Data Protection Regulation (GDPR) was prepared and debated for four years before being approved by the EU Parliament on April 14, 2016. Despite more than two years passing since its approval, the GDPR is now gaining a great deal of attention here in the United States and elsewhere around the world with its enforcement date, May 25, 2018, approaching and the transition period coming to a close.
The GDPR will consist of a number of changes and rights for citizens in each member state in the EU, some of which include an increase in the territorial scope, a fine for breaching the General Data Protection Regulation, and a strengthening of the conditions of consent. There are also a number of rights being added or expanded upon, such as rights on how personal data can be used and the “Right to be Forgotten”, which gives people the right to access their data and information from websites that collect it and companies that hold it. With the GDPR in place, people can now request that their data and information be erased, no longer be collected, and no longer be shared with third party processors.
What We’re Doing
While the GDPR currently applies to organizations, companies, or individuals considered either ‘data controllers’ or ‘data processors’ (entities that either control or process personal data) located within the EU, it will also apply to locations outside of the EU if they offer goods and services to, or monitor the behavior of, EU data subjects. While not guaranteed, a regulation this significant is likely to spread to other parts of the world eventually. We are taking proactive steps here to ensure that your website is as GDPR compliant as possible, even if the regulation does not yet apply to your website.
If you are subject to the GDPR and you offer goods or services to citizens located within the EU, your website will be updated to meet GDPR compliance by May 25, 2018 when the regulation goes into effect. In addition to the changes listed above, we will be making the necessary changes to ensure the eCommerce portions of your website are GDPR compliant as well.
For More Information
There is currently no single official online resource for information on the GDPR and the regulation is expected to continue to change over time. Even still, there are a number of online sources providing extensive and detailed information on the subject for educational purposes. Explore the resources below for additional information. Be sure to fact check the information you find and remember that these resources are to be used at your own discretion as they are not official.
- The Information Commissioner’s Office Website (ICO)
- “Getting ready for the GDPR resources” guide from the ICO
- Data Controllers and Data Processors Comparison PDF from the ICO
- EU GDPR (unofficial GDPR educational resource website)
- Key GDPR Changes Overview from EU GDPR
- Wired UK article on GDPR Compliance