These days, it seems like any time you click to a new website you face a pop-up warning about the company’s privacy policies. Where did all these warnings come from? Does your business need to change its website too?
General Data Protection Regulation Sets Privacy Policy Rules for the EU
On April 27, 2016, the European Parliament and the Council of the European Union passed Regulation 2016/679: the General Data Protection Regulation (GDPR). This regulation created one set of privacy policies for all members of the European Union. It was based on the premise that “everyone has the right to the protection of personal data concerning him or her.” It gives individual users the right to control how businesses and websites use their personal data across the EU.
The GDPR says that any controller of personal data has to establish appropriate technical and organizational measures” for data protection and use the highest-possible privacy settings by default. It also includes reporting requirements when data breaches do occur, and privacy policies designed to protect the users and give them control over their online data. This includes the famous “right to be forgotten” which is now called the right to erasure. This part of the law says that any time a person asks for their personal data to be removed, companies have 30 days to take their information off the company lists. The goal is to be sure data does not become publicly available without a user’s explicit, informed consent.
The pop-up privacy policies come from a part of the GDPR that says any time a company or website collects personal data about its users, it must disclose:
- That data collection is occurring,
- The law allowing data collection,
- The purpose of the data processing,
- How long the data will be retained
- Whether the data is shared with third parties
- Whether the data will be transferred outside the European Economic Area (EEA).
Most companies find it easiest to comply with these disclosure requirements by putting a pop-up on their website and requiring users to consent before they view its content.
Why Should American Business Owners Care About EU Privacy Policies?
Even though the GDPR was passed in 2016, it didn’t take effect until Spring 2018. That’s why over the past year you have begun to see privacy policy warning pop up on websites here in the United States. The GDPR doesn’t specifically affect American companies doing business in the United States. If your company is entirely local, the new regulations may not affect you at all. But it does apply to any company that markets goods or services to EU residents. That includes anyone who sells goods on Amazon, Ebay, or other e-commerce sites, and any company willing to ship its products overseas.
For American companies selling to EU residents, the cost of not following the GRPD could be quite high. A future blog post will go into more details about the GRPD’s requirements, and what businesses need to do to follow the law. If they don’t meet those requirements, they could be fined up to €20 million or up to 4% of the annual worldwide sales from the last fiscal year.
How Your Business Can Comply with the GDPR
A privacy policy pop-up is one step to complying with the GDPR, but there are many others. Depending on the size of your company, and the types of data you collect, you may need to implement changes to the way you handle data online and on-site to comply with GDPR. That way you and your staff will know what to do to avoid exposure to time-consuming and expensive penalties if your company’s website is ever breached. At Provisio Technology Solutions, we know what the EU requires for internet security. We can help you update your website and build in strong security measures to protect your users, and your company.
If your company does business in the EU, you should sit down with a Provisio Technology Solutions web solutions specialist today. We can help you update your existing website or create a new one with all the proper security protocols in place. Not only will this keep you on the right side of international law, but it will protect your users’ personal information and help defend your business from timely and expensive data breaches. Contact us today to schedule meeting with a web solutions specialist.