In the wake of the May 25th deadline for GDPR compliance, many brands were left wondering about what they should do to comply with this new European data protection regulation. With advice on the internet ranging from ‘do absolutely nothing’ to ‘pay a consulting company to audit your website and integrate GDPR-specific solutions’, it’s easy to understand why people are confused.
We’re here to help you determine whether the GDPR compliance applies to your business or website, and the actions you should take if it does.
Does my website need to be GDPR compliant?
If your website collects data from EU citizens, or if it has transactions that occur within EU member states, then this new regulation applies to you. Establishing whether or not you’re collecting data from EU citizens can be tricky and time-consuming, but it is crucial for determining your next steps.
How do I find out if my site collects data from the EU?
One of the simplest ways to find out if you are collecting data from the EU is to check your reporting metrics (Google Analytics is commonly used) and review the Geographic locations of the IPs’ visiting your site. These tools typically allow you to drill-down and produce detailed reports about the origin countries of your visitors.
I receive visits from EU IPs, but they are low-volume. Can I get away with not doing anything?
If you have a small website with very few or no official visitors in the EU, then the GDPR enforcement team might only take action against you if they receive a complaint. However, not being GDPR compliant is still a risk, so this is something that you and your legal team should discuss.
I receive a high amount of visitors from EU IPs. What should I do?
If your website receives a high amount of visitors from within the EU, then meeting compliance is something you need to take very seriously. The next thing you should establish is whether or not your site is collecting any data such as the following:
- Basic identity information such as name, address and ID numbers
- Web data such as location, IP address, cookie data and RFID tags
- Health and genetic data
- Biometric data
- Racial or ethnic data
- Political opinions
- Sexual orientation
Your site could also be using plugins or third party applications that collect this data for cookies or other purposes, so you will next to check each of those. Examples of these third-party tools include the following:
- Email newsletters
- Analytics
- Email contact forms
- Web hosting companies
- Email providers
- File hosting (like Dropbox, Google Docs, etc)
- Payment processors
- Accounting software
- Time tracking software
- Project management software
- Chat, calling, video software
- CRMs
I’m overwhelmed and don’t have the time to research into this. What can I do?
We understand that performing this audit can be time-consuming and challenging if your expertise is in something outside of web-technology. If you decide that you need assistance, reach out to us at HMG Creative and our team will be happy to help! We can perform a detailed audit of your GDPR compliance and help you implement solutions that will ensure you are protected.
It is also a good idea to speak with legal counsel to find out exactly what needs to be done to ensure you are GDPR compliant and to find out more about how these new laws will affect US businesses.
If you are interested in learning more, we’ve curated a few helpful resources: