The EU GDPR – General Data Protection Regulation
The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. (Source: Wikipedia)
GDPR – EU General Data Protection Regulation
Essentially, GDPR is about protecting privacy. Any company doing business in the EU or with EU citizens must be transparent about the use of personal information.
- Only collect information that you need. Don’t ask for the phone number if you really have no intention of calling the customer/client. If you do intend to call, explain why.
- If a third party requires the data for some reason, explain what it’s for.
- You need to indicate how long the data will be stored.
- There must be some way for users to delete their information from the database if they choose to. Members of the EU have the “right to be forgotten.”
- If your Google Analytics is set up to collect email addresses or other personal information through query strings, set up filters to eliminate them from view within the account.
Please do not substitute these guidelines for legal advice.
Learn more about the details of this new legal requirement at the GDPR portal.