No doubt you’re breathing a sigh of relief as the onslaught of updated privacy policies coming into your inbox slows to a trickle. Perhaps you took a quick glance at one updated policy and then deleted the emails that every other company sent you because they were clogging up your inbox.
But what does it all mean? Some of these sites you haven’t even been on in years and some you can’t even remember joining.
What is the GDPR?
In general, what the 261-page GDPR document has set out to do is a good thing. It has required European companies to be more transparent about how they collect data (email or IP addresses, names, personal addresses etc.) and tell users exactly how this data is being used in their privacy policies, or face high fines.
The conditions set out in privacy policies requesting the consent for data collection now have to be crystal clear too. Businesses are not allowed to confuse people by using ambiguous language, legalese or vague nods towards making improvements to service and not explaining exactly how they’re going to do this.
Companies also need to give people the option to opt out of any direct marketing that uses their data, and they have to put in place extra safeguards for sensitive info.
Should I be reading these updated privacy policies?
You can if you like but the emails with the links or attachments to updated policies are a protocol by businesses to show that they’re conforming to the new regulations. It’s also a good move on their part to show existing customers that they’re all above board.
How does the GDPR affect US based businesses?
But that’s Europe you might think. Does the GDPR affect U.S.companies that have no direct business operations in any of the 28 member states of the European Union? Yes, it does. A lot of the privacy policies you’ve been getting probably are from U.S companies that have dealings with EU countries.
U.S based businesses need to look at updating their policies if they target market to EU customers or collect data from EU citizens that are in the country at the time of the collection. Target marketing could include: marketing in the language of the EU country and references to to EU customers/users. If you own a website that accepts an EU currency it would also be subject to the GDPR.
What sort of businesses fall into this category?
Businesses that offer goods or services to any EU residents, have a market in an EU country and/or deal in hospitality, travel, software services and e-commerce, should certainly look at reviewing their online marketing practices to make sure they’re GDPR compliant.
What happens if a US based company isn’t GDPR compliant?
It’s not exactly clear how the EU will enforce any breaches of compliance by U.S. based companies, but in the EU businesses there face hefty fines if data controllers and processors don’t report an unlawful use of personal data.
According to GDPREU.org a lower level fine can be “up to €10 million, or 2% of the worldwide annual revenue of the prior financial year, whichever is higher”. While a lower level fine can be “up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher”.
Author : About Matt Ramage, Founder of Emarketed
Matt Ramage has been marketing websites for over 20 years. He loves helping businesses improve their user experience and searchability on the Internet. Matt now heads Emarketed which is located in Los Angeles, California. They specialize in SEO, social media marketing and web development.