GDPR stands for General Data Protection Regulation. It’s based out of the EU but is worded so that if you have the data from any citizen in your databanks or it passes across your virtual desk, you may need to comply. And since the digital world knows no physical boundaries and there are many EU citizens who live/work in the US, the chances are pretty good that you fall under this legislation.
It goes into effect May 25th and is NOT limited to your website. It will require both front end and back end updates to your systems and processes. Ignoring this may result in fines, bans for abusing third party platforms like Google, or both.
Basically, any information that can be used to identify / track a user falls under the new regulation. This includes but is not limited to:
An EU user has the right to know what data you have on them, how you are going to use it, and the right to have all of their data erased. You have an obligation to keep their data secure, provide them with what you have for free in electronic format, and the ability to completely erase them. This includes on Google, in your database, backups, email lists, on your server, or your christmas list.
We’re not covering everything here. That includes opt in, data retention policies, and many other details. You should seek more information from your company’s legal team. Our 300FeetOut lawyer constantly reminds us that we are not lawyers and not eligible to give legal advice. Be advised that all of this will require time to implement but this isn’t something to ignore as GDPR is waking the world to the importance of data security and privacy.