The EU GDPR – General Data Protection Regulation

The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. (Source: Wikipedia)

GDPR – EU General Data Protection Regulation

Essentially, GDPR is about protecting privacy. Any company doing business in the EU or with EU citizens must be transparent about the use of personal information.

1. Only collect information that you need. Don’t ask for the phone number if you really have no intention of calling the customer/client. If you do intend to call, explain why.
2. You absolutely need a Privacy Policy and Terms of Service on your website.
3. Include a checkbox to indicate that the user has read the Privacy Policy and Terms of Service.
4. If a third party requires the data for some reason, explain what it’s for.
5. You need to indicate how long the data will be stored.
6. There must be some way for users to delete their information from the database if they choose to. Members of the EU have the “right to be forgotten.”
7. If you have a website that functions independently within the EU, you need to gain consent for the use of cookies. You need a checkbox that says the user consents to the use of cookies – leave the box blank by default. On the issue of consent is where the US and EU law differ the most.
8. If your Google Analytics is set up to collect email addresses or other personal information through query strings, set up filters to eliminate them from view within the account.

Please do not substitute these guidelines for legal advice. 

Learn more about the details of this new legal requirement at the GDPR portal.

Concerned that your site may be noncompliant, we can help! You can either call us (610) 317-4010 or contact us through our form. We can help ensure your site is fully compliant.