You have most likely heard the term GDPR, but what is it exactly? On May 25th, 2018, the General Data Protection Regulation (GDPR) came into practice. This act protects data of EU individuals – legislation is introducing a number of new legal concepts stated by GDPR Tracker.
As defined by GDPR Tracker, personal data is “any information relating to an identified or identifiable natural person (a data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person…” All organizations that process personal data will need to be compliant with GDPR by 25 May 2018. This also includes companies that are not part of the EU but serve EU citizens.
If you are a business owner in North America, South America, or outside of the EU, your website needs to be compliant with GDPR. If you do not comply with the EU governments GDPR, you’re putting your business’s online platform at potential risk of being fined no matter where you are in the world.
GDPR sets out the following principles with which any party handling personal data must comply. As stated by GDPR Tracker, all personal data must be:
- “Processed lawfully, fairly, and in a transparent manner in relation to the data subject;
- Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
- Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay; and
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by GDPR in order to safeguard the rights and freedoms of the data subject.”
To abide by the guidelines a simple plugin can be installed onto your website, allowing your traffic to opt-in to view your site and understand analytics may be tracked.