These days, it seems like any time you click to a new website you face a pop-up warning about the company’s privacy policies. Where did all these warnings come from? Does your business need to change its website too?
On April 27, 2016, the European Parliament and the Council of the European Union passed Regulation 2016/679: the General Data Protection Regulation (GDPR). This regulation created one set of privacy policies for all members of the European Union. It was based on the premise that “everyone has the right to the protection of personal data concerning him or her.” It gives individual users the right to control how businesses and websites use their personal data across the EU.
The GDPR says that any controller of personal data has to establish appropriate technical and organizational measures” for data protection and use the highest-possible privacy settings by default. It also includes reporting requirements when data breaches do occur, and privacy policies designed to protect the users and give them control over their online data. This includes the famous “right to be forgotten” which is now called the right to erasure. This part of the law says that any time a person asks for their personal data to be removed, companies have 30 days to take their information off the company lists. The goal is to be sure data does not become publicly available without a user’s explicit, informed consent.
The pop-up privacy policies come from a part of the GDPR that says any time a company or website collects personal data about its users, it must disclose:
- That data collection is occurring,
- The law allowing data collection,
- The purpose of the data processing,
- How long the data will be retained
- Whether the data is shared with third parties
- Whether the data will be transferred outside the European Economic Area (EEA).
Most companies find it easiest to comply with these disclosure requirements by putting a pop-up on their website and requiring users to consent before they view its content.
Why Should American Business Owners Care About EU Privacy Policies?
For American companies selling to EU residents, the cost of not following the GRPD could be quite high. A future blog post will go into more details about the GRPD’s requirements, and what businesses need to do to follow the law. If they don’t meet those requirements, they could be fined up to €20 million or up to 4% of the annual worldwide sales from the last fiscal year.
How Your Business Can Comply with the GDPR
If your company does business in the EU, you should sit down with a Provisio Technology Solutions web solutions specialist today. We can help you update your existing website or create a new one with all the proper security protocols in place. Not only will this keep you on the right side of international law, but it will protect your users’ personal information and help defend your business from timely and expensive data breaches. Contact us today to schedule meeting with a web solutions specialist.