What is GDPR and Do I Need It?

GDPR became enforceable May 25, 2018, and it's a pretty important regulation. If you're still wondering what it is and if you need to update your site to comply, it's past time to figure it out.

GDPR became enforceable May 25, 2018, and it’s a pretty important regulation. If you’re still wondering what it is and if you need to update your site to comply, it’s past time to figure it out.

What Is It?

The GDPR (General Data Protection Regulation) is a regulation to “protect and empower all EU citizens’ data privacy,” according to The regulation affects any website that collects “personal data or behavioral information from someone in an EU country.”

This covers offering products (even for free) or simply monitoring visitor behavior, assuming the visitor is within the European Union. Also included are requirements regarding:

  • security breach notification
  • data erasure
  • right of access (requests for identifying information)
  • assignment of a data protection officer

The penalties can be steep, up to €20 million or 4% of your “annual global turnover” for the worst infractions. If there is any chance your site may have visitors originating in the EU, it might be best to follow the regulation. To be absolutely sure, contact an attorney to review your specific circumstances.

What If I’m US Based?

Unless you can guarantee no visitor from the EU will be able to access your site, it doesn’t matter where your company is physically located. The GDPR applies to the visitor, not the provider or company on the other end. As the regulation states, its purpose is to protect residents of the EU; it doesn’t matter if they stumbled upon your site.

The exception to this is if you collect no data whatsoever, in which case there’s nothing to protect them from.

Is There An Easy Solution?

Several plugins are available to simplify some aspects of compliance, but these plugins may not offer everything you need. Most include a clear action for opt-in and opt-out of data collection to present on your site. Other features to look for in a plugin may include:

  • -subject access request or user access to personal information,
  • request deletion or anonymization,
  • cookie management tools,
  • privacy policy creation tools,
  • proper consent to existing forms

Not all plugins are created equally. Some may work better with your site than others, regardless of the features they provide. Make sure to verify compatibility with your site themes, forms, and other plugins and look for a combination that works for you.

What the plugins don’t typically offer are appointed data protection officers, security breach notifiers, or locating externally collected information (such as for AdSense or Analytics). Be sure to check all avenues of data collection, including user id’s, transaction id’s, encrypted data, and URL parameters. This might also be a good time to turn on the IP Anonymization feature for Google Analytics to be sure no personal data is collected in unwanted places.

Final Thoughts

Adding a plugin and checking your data collection may not be enough to fully comply with this EU regulation. To ensure your site complies entirely, it might be necessary to appoint a lawyer versed in the GDPR to review your company practices and site.

Today's Author


Interested in Guest Posting?
Read our guest posting guidelines.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

As Seen In

Hello there! Please read to understand how we handle your privacy.

This website uses tracking cookies to help us understand how you use the site and improve upon your experience. We do not share any information collected – either personal or anonymous – with any other parties, with the exception of the reporting programs we use in conjunction with those cookies. By continuing to use this site, you agree to the use of these cookies. If you do not agree, please close the site.