Privacy is becoming increasingly important as more businesses move online. Last year, the European Union’s General Data Protection Regulation (GDPR) went into effect, but it’s not only European businesses that need to comply with this regulation. U.S. companies need to pay attention to GDPR as well, especially if your business website gets traffic from European countries.
What is GPDR?
It’s one of the biggest privacy laws to have gone into effect in the past two decades, and it gives people more control over their personal data, which is defined as any information related to someone, including their:
- Name
- Email address
- Physical address
- Phone number
- Photo
- Social profiles
- Banking details
- Medical info
- Computer IP address
It also assures people that their information is secure and protected.
What Does Your Business Need to Know About GPDR?
This regulation applies to both B2C and B2B, and there’s no distinction between people’s personal, private data, and work-related data. In both types of businesses, it’s about the people interacting and sharing information. While B2B customers are companies, the relationships are between people, and this is what GDPR cares about.
Businesses with more than 250 employees are required to comply with GDPR, according to Forbes. SMBs with less than 250 employees must be GPDR compliant if they regularly process personal data from people overseas in the EU.
Websites should have a banner or pop up that alerts visitors that the site uses cookies.
If your business website collects information, including if you have gated content that requires a name and email, you must offer an opt-in/opt-out option for emails. All forms and data collection methods must be distinctly opt-in — boxes should not be pre-ticked.
All people who’ve interacted with your business website have the right, under GPDR, to request access to their personal data, free of charge. People also have the right to be forgotten and have their personal data removed from a company’s files. People also have the right to update their data if it’s incorrect or expired.
If your company experiences a data breach, you must notify all customers or clients within 72 hours of first becoming aware of the cyber attack.
Businesses that don’t comply with GDPR are subject to fines up to 4% of annual global revenue or 20 million Euros –whichever is greater.
Ensure Your Online Presence is GDPR Compliant
Take the guesswork out of GDPR compliance and work with technology professionals. The team at EQ Technology Group understands GDPR compliance rules and uses their expertise to ensure your website, Google Analytics, and social profiles all comply with this regulation.