Article by Lexi Wilkinson
The General Data Protection Regulation, or GDPR, is a regulation in data collection and use that was implemented by the European Union in May of 2018. This regulation serves to better protect the digital information of consumers on the Internet, and though it originates in, Europe it applies to every company that has even a small tie to the European Union. This means that if your company website is visible to someone in France, for example, your business must comply with the GDPR or face penalties such as fines of up to 4% of your company’s global revenue.
The GDPR is fairly simple to understand. Basically, companies are required to get “affirmative consent” from an individual prior to collecting any data whatsoever from them. This includes personal information like names and addresses as well as IP addresses and cookie information. In order to comply, make sure that all your privacy policies are updated to include information about the GDPR and what that means for your customers. You know those pop-up windows telling you about the website’s cookies? That is part of GDPR compliance. Experts suggest including a popup like that to make sure everybody knows that they’re consenting to their personal data being collected.
Companies are also required to keep a record of the individual’s consent and to allow individuals to revoke their consent at any given time, as well as the ability to request that their data be accessible to them, corrected in some way, or even erased completely. A financial transaction does not have to occur in order for GDPR compliance to be required. There is no “grandfather clause” with the GDPR—all customers, regardless of how long their data has been involved with a company, must be given the ability to consent if the business is to comply with the GDPR. MM&E
Lexi Wilkinson is a contributing writer from St. Louis