If you own your own site and you are collecting customer information online, you need to learn as much as you can about GDPR. Since GDPR consists of new laws that affect websites on the internet, it covers a wide spectrum of things that need to be done for specific site owners to be in compliance (by May 25, 2018) or face heavy penalties. So, what is this law and how does it affect today’s businesses? First of all, you need to now that these laws are being imposed on companies in the EU and it stands for General Data Protection Regulation.
How Do these Laws Affect U.S. Small Business Websites?
Though GDPR will automatically effect those companies who are based in Europe, it is also important to note that the impact of these laws are not limited to the EU only but will also include companies outside of the EU. For instance, any company in the U.S. that handles EUs residents personal data on their websites must comply with these regulations or they can face some of the same fines established in these laws. Therefore, if you are a small business owner that is based in the United States, the WordPress website that you build must be GDPR compliant by May 25, 2018 if you are collecting personal data from EU residents.
On the other hand, if your site will only contain personal data from U.S. citizens and other countries that are exempt from these laws, you do not have to meet these standards. You will, however, need to make sure your site has a good privacy policy statement that is meant to protect personal data based on U.S. based laws instead.
Differences Between GDPR versus the Privacy Policy Statement
Before you build a new site or update an existing site, you need to make sure that your small business site meets one of the two data protection laws that have been mentioned in this article. Understanding the difference between the two is essential to following the right regulations so should know what is contained in each.
GDPR – is a data protection law that governs how personal data is to be collected and shared in the EU or on small business U.S. sites that collect EU residents information. Based on this law, EU resident data can only be collected and shared with the authorization of the resident. These laws are no longer an opt-out concept but an opt-in permission from the EU resident.
Privacy Policy Statement – this statement is also required by U.S. laws. It can be described as a legal document that tells how data is collected, used, gathered and managed by the site owner and their representatives. These laws are intended to protect the individual rights of the consumers.
Still confused? Sound off in the comments and I will answer your questions.
