The European Union’s pledge to make its citizens’ digital life much more secure and devoid of data breaches has brought GDPR or General Data Protection Regulations to existence.

They are a set of rules made for each website that serves content, service, or any other digital resources to people of EU. Their framework basically calls for reforms on how personal data is collected from citizens of EU and how it is handled by the website or service owner.

The enforcement came into existence on 25th of May, 2018, and has grappled the tech giants, Google and Facebook in lawsuits worth 8.8 billion already. They have been alleged to not comply with the guidelines “enough”.

This is a clear signal to everyone who has a digital asset, that they should make their privacy policy and other measures of collecting data GDPR compliant or face heavy monetary losses!

Here are a few General FAQ’s regarding GDPR:

My business and/or website is not located on the EU, am I exempt from GDPR?

No. Apparently, even if your business and/or website is not located in EU but affects the citizens of EU in some way (basically, exists on the internet), you are obliged to make the required compliances.

How does GDPR recognize personal data?

Moving beyond the present definitions of personal data such as age, name, email address, GDPR makes certain parameters like biometric information, genetic data and IP addresses also fall recognized as personal data.  

What are the penalties in non-compliance scenarios?

In case a company doesn’t comply with the regulations, they will be penalised depending upon how severe the misconduct under GDPR is. There could be a fine as greater as 20 million EUR or four percent of a companies annual turnover. It is a severe fine anyway if you are found not complying to the regulation and call small businesses a heavy loss of funds.

Gdpr - Important Compliance Changes To Be Made:   

Check Contact Form

If you have a contact form on your website for a purpose as simple as collecting an email address from the site visitor, you need to specify that you are collecting this email address for communications.

Specifying the same for contact numbers, and other form of contact information is necessary under GDPR. A simple example for stating it could be;

“We will be communicating with you with your submitted contact details”

In addition to this, a checkbox for taking user intent for distributing marketing emails, SMS, calls etc will be mandatory. If you want the user to subscribe to newsletters, they will agree by ticking the checkbox.

Ask for Email Opt-in Confirmation

If you have a newsletter service that sends out emails constantly to the list of subscribers who have voluntarily given you their email information to you, a confirmation of the same must be made by you.

If the subscribers have agreed to receive marketing emails from you before May 25, you will have to send out another email to everyone in which you shall obtain a confirmation that your subscribers still wish to receive marketing emails from you.

If the subscribers don’t confirm the same to you, they must be deemed as “unsubscribed” by you. Following on, you won’t be allowed to send any more emails to these subscribers.

The confirmation can be taken by simply sending out a web page link, clicking on which, the user will confirm that they want to maintain their newsletter subscription status.

Data Integrity Measures

Websites now strictly need to get a privacy policy in place if they don’t have one. Although this is a highly recommendable practice, now it will be seen with the light of legal obligation. If your website, by any chance, doesn’t have a Privacy policy in place, it’s time to get one ASAP.

For a much more detailed take on how your Privacy Policy should look like, you can refer to the guidelines by the ICO.

The use of HTTPS protocol for ensuring the integrity of the collected data is also a prime concern under GDPR. Website owners are expected to keep the data safe and in an encrypted format after collection from users.

For website owners who rely on 3rd party software such as Wordpress, MongoDB, MySQL and the like, need to ensure that the software providers themself comply with the GDPR laws.

Conclusion

In the nutshell, it can be said that if you’re going to collect data from your users, you will be liable to protect it and ensure that it doesn’t fall into the wrong hands. GDPR is all about protecting user interest and the way the privacy of their data is given the due importance.

So, go ahead and make these changes to your website quickly as the deadline May 25, 2018, has already passed. You will receive several updates regarding the privacy policies of the companies you have already subscribed to, make sure you read them carefully.