You have probably already heard about EU Regulation 2016/679, better known as the “General Data Protection Regulation” (GDPR), which has been in place since the end of May.
It applies to any website that Europeans have access to and that collects information about its visitors. The penalties are absolutely horible! In the event of a breach of the rules, the latter provides for a penalty of 4% of the organization’s worldwide turnover, or 20 million euros.
Do you have to comply with the GDPR?
If your company or website is collecting personal data from people in the European Union or if you have offices in their territory, you must comply with the GDPR.
You will say “But I do not have European customers! Maybe, but if someone in Europe visits your site, you can be held responsible.
In addition, as we often say, prevention is better than cure, so having a policy before you need it can save you a lot of headaches.
What type of site does this concern?
If your site contains these elements, you must apply the new regulations :
- Newsletter subscription
- Online shope
- Members area
How to comply with the GDPR?
- Designate a person responsible for data protection and compliance in the organization.
- Create a data processing registry: establish what type of information you collect (human resources, customer information, supplier information, etc.) and for each type of information, establish how it is collected, used, kept and communicated.
- Ensure the compliance of suppliers and subcontractors.
- Set up a quick and easy way to contact you to make withdrawal and/or data transfer requests.
- Create a data protection policy