If you’ve opened your email in this summer, your inbox has most likely received information about the new privacy policies from websites you’ve subscribed to or have an account with. What’s the big deal, and why all at once?

The answer lies in Europe. In May, the General Data Protection Regulation (GDPR) went into effect. GDPR is a European Union regulation managing data protection and privacy for EU residents. It imposes new rules on websites that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents. How and why does a European regulation impact American websites? If a website offers services to people residing in the EU, the website owner is responsible for complying with the EU regulation, and non-compliance can bring a hefty fine.

How Can Europe Regulate US Sites?

Is this just more government red tape, and what right does the EU have to regulate US websites? The EU is concerned about protecting the privacy of its citizens and residents. If someone is residing in the EU, they are entitled to the privacy provisions in the GDPR, regardless of where the website they are accessing is hosted. Protecting privacy is a good thing. If you followed Mark Zuckerberg’s testimony before Congress back in April, a scary amount of data is being collected and left relatively unprotected online or even shared without consent. The intention of GDPR is not to fine websites, but instead to encourage compliance. If your site is deemed to be out of compliance, you will be given several warnings and only fined if you continue to knowingly ignore the law.

Privacy Should Always Be a Priority

Protecting the privacy of your constituency should be a priority, regardless of federal regulations. Privacy protection is really a customer service issue. In the end, GDPR covers good, ethical privacy practices that businesses should already be implementing on their websites, whether or not they are directly impacted by GDPR. These are the areas GDPR covers:

  1. Businesses can’t spam people by sending them emails without their request.
  2. Businesses can’t sell people’s data without explicit consent.
  3. Businesses have to delete a user’s account and unsubscribe them from email lists if requested.
  4. Businesses have to report data breaches and manage data protection.

In order to accomplish this protection, site visitors have to give explicit consent before their data is collected and processed. This includes intentional activity such as filling out an online form and passive data collected through cookies.

Does GDPR Impact Your Site?

As a CS Design client, do you need to worry about GDPR compliance? That depends on how you use your site. Many of you represent physical businesses, and you use your website to reach people in your region, which is well outside of the EU. You’re pretty safe with GDPR compliance. However, others of you may do ecommerce internationally, or you may provide a newsletter or other information to people around the world, and your sites will need to be brought into GDPR compliance. Either way, most of GDPR is common sense and good practice. Your CS Design team would be happy to talk with you about your privacy practices, bringing your website into GDPR compliance, or any other website needs!