Privacy is becoming increasingly important as more businesses move online. Last year, the European Union’s General Data Protection Regulation (GDPR) went into effect, but it’s not only European businesses that need to comply with this regulation. U.S. companies also need to pay attention to GDPR, especially if your business website gets traffic from European countries.
What is GDPR?
It’s one of the biggest privacy laws to have gone into effect in the past two decades, and it gives people more control over their personal data, which is defined as any information related to someone, including their:
- Name
- Email address
- Physical address
- Phone number
- Photo
- Social profiles
- Banking details
- Medical info
- Computer IP address
It also assures people that their information is secure and protected.
What Does Your Business Need to Know About GDPR?
This regulation applies to both B2C and B2B, and there’s no distinction between people’s personal, private data, and work-related data. Both types of businesses are about people interacting and sharing information. While B2B customers are companies, the relationships are between people, which is what GDPR cares about.
According to Forbes, businesses with more than 250 employees are required to comply with GDPR. SMBs with less than 250 employees must be GDPR compliant if they regularly process personal data from people overseas in the EU.
Websites should have a banner or pop-up that alerts visitors that the site uses cookies.
If your business website collects information, including gated content that requires a name and email, you must offer an opt-in/opt-out option for emails. All forms and data collection methods must be distinctly opt-in — boxes should not be pre-ticked.
All people who’ve interacted with your business website have the right, under GDPR, to request access to their personal data, free of charge. People also have the right to be forgotten and have their data removed from a company’s files. People also have the right to update their data if it’s incorrect or expired.
If your company experiences a data breach, you must notify all customers or clients within 72 hours of first becoming aware of the cyber attack.
Businesses that don’t comply with GDPR are subject to fines up to 4% of annual global revenue or 20 million Euros –whichever is greater.
Ensure Your Online Presence is GDPR Compliant
Take the guesswork out of GDPR compliance and work with technology professionals. The team at EQ Technology Group understands GDPR compliance rules and uses their expertise to ensure your website, Google Analytics, and social profiles comply with this regulation.