What is GDPR?


GDPR is a new data privacy regulation created by the European Union to regulate how EU member state citizens personal data is used and collected. The regulation itself is an unbelievably long list of rules of protocols to handle personal data and goes into effect on May 25th, 2018.

Most site owners will assume that these regulations do not apply to them. In the cases of local business that collect minimal data, this will be the case. The law was intended to protect the citizens of the EU regardless of where the business is located. Enforcement for NON EU entities and business may be difficult, but it is better to be safe than sorry.

What are the Main Changes?


The main change with GDPR is that “Implied consent is no longer sufficient”. It used to be that a “Privacy Policy” page linked in the footer was enough to satisfy the legal requirements of the EU. The understanding was that the website consumer was responsible for being proactive and reading these terms. The new GDPR regulations require the user to consent to any data being collected. This requirement can be satisfied with a notice the user can click to “accept” with a link to a page describing any data that is being collected and how it is being used.

How to Achieve GDPR Compliance


The first step to achieve GDPR compliance is to understand what data is being collected from your web site forms, cookies and by any other means. Technically a website with no contact form that has Google Analytics installed will generate a cookie on the user’s system.

Once you have determined what data is being collected and how it is being used, you then have the obligation to notify the user. This is normally done with a “floating” bar in the header or footer. A CMS like WordPress makes this pretty easy to achieve with a plugin. I am using GDPR Cookie Consent on ShaneWebGuy.com. I am not collecting any data, but would recommend the paid version for any website that was planning to collect data for any re-marketing.

It is the responsibility of the site owner to evaluate and understand the new GDPR laws. A larger organization where commerce is involved should get professional legal advice to minimize their risk. If you have any implementation questions, feel free to send me a note from my contact page and I will do my best to respond.