As you may already be aware, the deadline for compliance with the European Union’s General Data Protection Regulation (GDPR) is fast approaching. By May 25, 2018, all organizations doing business with or collecting personal data on individuals in the EU are required to comply. While failure to do so could result in hefty fines, many organizations still find themselves unprepared and unsure where to begin.
For those unaware, GDPR is an EU-wide legislation that aims to give EU citizens full control over their personal data and how it is gathered, processed and stored by businesses and other third parties. Under GDPR, individuals not only have the right to access their personal data and restrict its processing, but also the right to be forgotten. When collecting personal information online, companies will be required to disclose exactly how it will use the data and must receive explicit consent from users to do so. More so than ever, organizations must uphold their responsibility to protect users’ personal information and take accountability if a security breach does occur.
Those of you outside the EU may be asking yourselves, “What does this have to do with me?” GDPR also applies to any company that does business with or monitors individuals in the EU region. And it’s not only businesses providing goods and services that must comply. U.S. nonprofits and associations may fall under GDPR for a number of reasons. Do you have any employees or members that are located in the EU? Do you host events in that region? What about events in the U.S. that are attended by EU citizens? If you answered yes to any of these questions, GDPR applies to you as well.
Many of the effected businesses and associations are going to have to drastically change the way they collect, store and handle user data in order to comply. To make the issue more complex, GDPR’s definition of personal data is wide-reaching. “Personal data” encompasses anything from a name, photo or email address, to bank details, social media posts or a computer IP address. And for most organizations, much of this data exists on their website. Manually keeping track of all this collected personal data seems like a daunting task, so how can you ensure your digital presence is compliant with GDPR?
Fortunately, there are tools available that help your organization efficiently keep track of personal data. Siteimprove’s GDPR module, for example, can monitor your website to make sure any personal identification information such as emails, phone numbers and social security numbers are processed and secure in compliance with GDPR. Implementing a tool like Siteimprove’s can be a great step in the right direction toward full compliance with the looming regulations. With all data monitored, your organization will not only be protected from the legal consequents of GDPR violations. You will also build a solid foundation of trust with customers and members when they feel their personal information is safe in your hands.