Is my website GDPR compliant? Does it need to be?

GDPR Compliance

Today is May 25th and for many web developers this day has been looming… because it is GDPR compliance day!

Wait… what?

What is GDPR compliance?

The General Data Protection Regulation (GDPR) is a European Union (EU) law that went into effect today, May 25, 2018. This law is designed to give EU citizens control over their personal data used and stored by websites/organizations across the world. In order to comply, companies now have to give EU users the option to control their data privacy settings or opt out or delete their personal data. If companies fail to comply they may face hefty penalties.

How hefty are the penalties?

If a company is not in compliance with the GDPR’s requirements they can face large fines up to 4% of a companies annual global revenue OR €20 million (whichever is greater). Cue eye-widening panic in everyone that has a website!!!

EU authorities have the ability to enforce these penalties via international law, especially against US-based businesses that have a physical presence in the EU.

But fear not, you will not automatically be penalized as of May 25 if your website is not in compliance. Furthermore, this only pertains to businesses that see site traffic from IPs located in the EU.

If your site is receiving EU traffic and you are caught without proper data privacy compliance your site will first be issued a warning, then a reprimand, then a suspension of data processing. If you continue to violate the law, only after that will you be hit with the large fine.

Since this law is over 200 pages long and consists of data subject rights such as; breach notification, consent, rights to be forgotten, etc – it will be very difficult for all websites to be in compliance by the time this law goes into effect (which is today). And due to the dynamic nature of websites, no single platform, plugin, or solution can offer 100% GDPR compliance. The GDPR compliance process will vary based on the type of website you have, and what data you store and how you process data on your site.

Does my website need to be GDPR compliant?

Short answer. Yes.

Long answer. Maybe… it depends on your business and website traffic.

GDPR was created by the European Union to protect its citizens, and so it only affects organizations with some kind of relationship with the EU or its people. Your site will be affected if any of the following apply:

  • you are established in the EU (or somewhere else subject to EU law), or
  • you offer goods or services to individuals in the EU, or
  • you monitor the behavior of individuals in the EU (meaning you get and track site traffic from the EU).

There is no need to worry about the nationality of website visitors residing in the US, this pertains only to visitors residing in the EU. If they are EU citizens and they are in the US this does not pertain to that users activity on your site.

If you don’t do business with or market to EU citizens your can relax a bit. Whew… however most of GDPR’s rules are good practice and applying them to your website will show your customers that you take data security seriously, and that puts your site in a good position should similar legislation ever be enacted in the US.

So how do I make my site GDPR compliant?

It is nearly impossible to share all the possible ways that your website data could be in violation. But some good rules of thumb are updating your website privacy policy, including an opt-in to data storage on any forms on your site, altering your customers that you are using cookies (or other tracking pixels), adding a “right to be forgotten” (a way for users to delete their user information) and turning off demographic collection in Google Analytics used on the site.

At Armada we build most of our client’s sites in WordPress (the latest version of which is now compliant with GDPR) and you can find more information about WordPress Plugins that can help bring your site up to compliance standards here.

If you are a current or former client of ours, speak to us about the need and strategy to for your site to become GDPR compliant. If you are not a client and are starting to panic a little, give us a call and we will be happy to help you get it figured out.

Share


Share