You probably know by now that General Data Protection Regulation (GDPR) from the European Union is going to take effect on 25th May 2018. The GDPR applies to organizations located in both inside and outside EU countries who interact with the EU residents. As stated, it gains regulatory power in May 2018, and it could have a big effect on how businesses all over the globe handle privacy. The General Data Protection Regulation (GDPR) puts regulatory teeth into longstanding governmental guidance about how EU member states handle personally identifiable information. This level of regulatory overview of personal data is unprecedented and will require companies to ensure the highest levels of-of privacy protection or suffer dire financial consequences.
How did these regulations come about, and why should world companies care?
The GDPR is the latest in a series of EU parliamentary measures designed to put the highest levels of protection around personal data. From its charter: “The protection of natural persons in relation to the processing of personal data is a fundamental right.”
While American laws and regulations tend to favor business over the consumer, the EU has always promoted a consumer-first point of view. It started with the Organization for Economic Co-operation and Development (OECD) Guidelines (from September 1980), which were based on the Protection of Privacy and Transborder Flows of Personal Data, which is also known as Data Protection Directive. That guidance was agreed upon by the EU member states and the US through a Safe Harbor agreement, then tested through two major legalchallenges, and finaly resulting in the need for GDPR.
If this sounds like a mouthful, it’s because it is a long-winded way of saying that the EU is aggressive about protecting consumer privacy, and it has been for a long time. Now, it hopes to lead the way globally with a broad, comprehensive law backed by unprecedentedly steep fines of up to 4 percent of a company’s total global revenue. These fines could easily cripple a business that breaches its policies.
How does GDPR affect non-EU businesses?
GDPR Recognizes that data can travel well beyond the borders of the EU and provides protection to EU citizens no matter where their data travels. This means that really any company, anywhere in the world, that has a database that includes EU citizens is bound by its rules. Businesses of all sizes are affected by it, from micro to multinational, and no one is exempt.
In order to comply, American and other non-EU companies can either block EU users altogether or have processes in place to ensure compliance. The first option is of course impossible for any business online, except maybe the most local-oriented businesses. The other one takes time, additional software and/or reworking the existing software and, in many cases, an auditor to make sure that everything is ok.
What is GDPR all about?
In its most basic sense, GDPR protects user data in just about every conceivable way. It operates with an understanding that data collection and processing provides the basic engine that most businesses run on, but it unapologetically strives to protect that data every step of the way while giving the consumer ultimate control over what happens to his data in the process.
In order to be GDPR-compliant, a company must not only handle consumer data carefully but also provide consumers with myriad ways to control, monitor, check and, if desired, delete any information pertaining to them.
Companies that wish to stay in compliance must implement processes and in many cases, add personnel, to ensure that when data is handled, it remains protected. To comply with this requirement, GDPR promotes pseudonymization, anonymization and encryption.
Anonymization is the encryption or removal of identifiable information so that it can never be tied back to a user. Pseudonymization is somewhere between identified and anonymous. With pseudonymization, the data components are anonymized and separated but can be put back together. As an example, the company’s system might assign a user one identifier for location and another for browser that can only be tied back to the user if it is put together with their date of birth, which is kept completely separately. The regulation promotes pseudonymization over anonymization.
Companies must ensure that customers have control over their data by including safeguards to protect their rights. At its core, the protections have to do with processes and communications that are clear and concise and are done with the explicit and affirmative consent of all the data subjects.
Basicaly, if you’re running even the tiniest WordPress site that gathers any user data (like comments etc…), you need a solution fast.
Which businesses will be most harmed?
Of course, small businesses all around the world will take the cake. While big multinational companies have teams of lawyers and engineers that will take care of each and every step of the requierements, small companies (like you and me) do not have these luxury. And because they are no exempt, an audit can happen any time after May and take your hard earned money away, possibly even killing your business altogether.
Many of these small businesses rely on WordPress to run one or many websites, used for blogging, ecommerce etc. Each of these sites MUST be prepared for GDPR or else they pose a serious threat to the owner. Specific businesses that rely on email marketing will have their own set of problems, as all the email lists containing EU citizens have to be “reworked” according to GDPR.
While WordPress presented a partial solution with its version 4.9.6 (specific privacy settings), it’s far from enough for GDPR compliance. Hence, new plugins are coming that can in fact cover the most important parts of the GDPR compliance and will be really helpful to any non-techy website owner.
WordPress GDPR Fix plugin
We’ve checked two of the plugins that seem to be the most valuable to you. Remember, if you own any WordPress sites, we strongly suggest you take a close look at this; for initial pricing of under $20 they can take many hours of your work away and secure the basic 7 mandatory things that GDPR requests.
Don’t forget to check them out HERE.
Check also: U.S. companies could get badly burned by GDPR
Here at MaxProfitReviews we are in affiliate business with many of the vendors who's products we mention here and write reviews about, which means we will get a certain commission from them should you buy their product via our link. We are however not connected to them in any other way, nor we receive any special commissions for making good reviews. We try to hold our opinion fair and honest, giving you both the ups and downs where we see them. Nevertheless, everything written here is our own opinion and assessment of the possibilities that software provides.