The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live and outside of the European Union (EU). Approved in April 2016, the GDPR went into full effect two years later on May 25th, 2018. The purpose of the GDPR is to give consumers control over their personal data by holding the companies responsible for how they process and use the data they receive from visitors.
While GDPR originated in the European Union (EU), that does not mean that American companies are automatically exempted. The regulation applies regardless of where websites are based, which means American companies must be conscious about potential European visitors, even if they don’t specially market their goods or services to EU residents.
If your US-based business has international customers or obtains information from EU citizens, it is advised that you take steps to ensure your online forms are GDPR compliant so your business can avoid fines.
The regulation makes it difficult for companies to mislead consumers with unclear or confusing language. It ensures:
- Website visitors are notified of the data collected
- Visitors need to consent to the information-gathering by clicking a button, or an another manual action
- Sites notify visitors in a timely manner if any of their personal data held by the site is ever breached
- There is a mandated assessment of the site’s data security
- These assessments are performed by either a dedicated data protection officer (DBO), or an existing staffer
Becoming GDPR compliant includes obtaining consent from any users who fill out a form on your website, and detailing exactly how you will be utilizing any data they provide. A privacy policy, as well as terms and conditions, must be clearly displayed and easily accessible.
If you want to make your website GDPR compliant, contact us today and we can help get you started.