Europe’s new data privacy law is gaining a lot of buzz here in the States. It’s called the General Data Protection Regulation — better known simply as GDPR — and it went into effect on May 25. Its primary effect is on companies in the European Union; however, any company anywhere in the world that does business in Europe is affected as well. At the heart of GDPR is the issue of handing over control of data to consumers, backed by fines of up to four percent of total global turnover if rules within the GDPR are broken, points out CNBC.
The new law aims to give greater protections to the personal data of individuals in the EU, essentially imposing a variety of new obligations on both “controllers” and “processors” of data. The GDPR brings large penalties if companies fail to comply. Many U.S. companies have already begun the process of meeting compliance expectations, but the GDPR is so pervasive it may encompass a large portion of U.S. organizations that would not otherwise be subject to European data privacy laws, says New York University School of Law. For instance, smaller organizations (including home care providers) can easily be caught off-guard. That’s why you need to take steps now to learn whether or not you are subjected to the rules of the GDPR and bring your company into compliance.
About GDPR
GDPR is legislation that was approved in April 2016, and European authorities allowed companies two years to comply. That’s why the May 25 date is so important. It’s a replacement of a previous law known as Protection Directive. The new law aims to unify rules across the EU bloc, comprised of 28 nations. The goal of the bill is to give consumers control of their personal data as it’s gathered by companies. In addition to the effect on organizations within the EU, it will also apply to companies outside the EU if they offer goods or services to people there.
Some of the key policies include:
- Companies can no longer use vague or confusing statements to get consumers to hand over data.
- Companies will no longer be able to bundle consent.
- That consent must be easy to withdraw.
- Parents or guardians for children under 16 must opt-in to collect data on the child’s behalf.
- Companies must notify their data protection authority about a data breach within 72 hours. The data processor must then notify customers immediately.
- Consumers will have more control over their data. They will have the ability to access their personal data stored by companies and learn what it is being used for. Consumers can even ask for data to be erased so third parties cannot access it.
- Consumers will be able to transfer their data to a different service provider.
- Heavy fines can result in failure to comply.
How GDPR Affects You
The EU may seem like a world away, but the impacts of GDPR will be felt here as well — even for small and medium elder care service businesses. Truth is, any U.S. company with an online presence that markets their products over the web can be affected. Actually, a financial transaction doesn’t even have to occur for the law to kick in — if your company simply collects personal data from someone in the EU, the data must be protected. Forbes points out that candidates who fall under the GDPR’s territorial scope would mostly include U.S.-based hospitality, travel, software services and e-commerce companies; that being said, a U.S. company that identifies a market in an EU country and features localized web content should take a closer look at this law.
How to Comply
No, your business may not sell and ship products to the EU. You may not systematically process personal data on a large scale of EU-based customers. And you may not offer a digital service targeting customers inside the EU. However, if you have a simple blog or website with comments that don’t even target EU-based visitors, the GDPR could affect you. Same goes if your content contains multiple sign-up forms, webinar sign-ups, and gated content. You may need to include opt-in language that reflects GDPR standards so visitors clearly understand what they are consenting to.
Some other things you should do:
- Make sure your website has an SSL Certificate (https://)
- Update your privacy policy and have a clear link to this on your website
- Audit your website forms
Here at A Servant’s Heart Web Design and Marketing, we use WordPress to create our websites. WordPress recently released version 4.9.6 to add features to enable initial support for some of the most important data protection and privacy provisions of GDPR. A Servant’s Heart can help you with the above bullet points and more.
Contact A Servant’s Heart Web Design and Marketing
Need help gaining compliance with GDPR? A Servant’s Heart Web Design and Marketing specializes in this area, so you can rest assured you’re getting targeted, focused attention to detail for your elder care business. Please call us at (760) 227-2720 to learn more.