How to Tackle GDPR
What is GDPR?
GDPR stands for General Data Protection Regulation, a European Union law that goes into effect on May 25th. GDPR aims to strengthen online rights of individuals by allowing users to force companies to reveal or delete their personal data (among other things). That’s why your favorite companies have been contacting you and begging you to opt into their updated terms.
Does GDPR Affect My Company?
You should be concerned by GDPR if any of your users live in or are citizens of the European Union. If you’re a tech company, you’re most likely affected, even if you’re based outside of the EU and you don’t market to Europe.
Developing for GDPR?
If you fall into the above category (like most tech companies), don’t panic. Complying with GDPR isn’t going to take months. If you haven’t already done this, you can cover yourself by following these steps:
- Previously, you could opt users into marketing and advertising by default; a user could choose to opt-out if he/she wanted. Now, it’s the opposite; opt-out is the default, but you can give users the option of opting in.
- Allow user to request what data is stored about them on your site.
- Users must be able to remove their data. You can automate this or do it manually by removing or anonymizing the data.
- You need to have a plan in case of a data breach. You’ll have to notify users about the impact and implications and inform them of which data of theirs was hacked.
- If you use 3rd party services on your site, like payment processing or mailing lists, you need to make sure that they are GDPR compliant as well; otherwise the liability is yours.
Make sure you’re compliant; otherwise, you can be hit with a hefty fine. Even worse, you’ll have to talk to lawyers, and nobody wants that.
Disclaimer: RPS is not a legal adviser. We’ve just had to do this (among other things) to keep our clients compliant. Despite what we said above, you should consult with your legal team to fully understand the impact of GDPR on your business.