So, what exactly is GDPR?
By now you’ve probably heard of the approaching General Data Protection and Regulation (GDPR) initiative for the European Union. While it may seem like it’s on the distant horizon, it’s happening sooner than you think and could mean serious fines and legal implications for both you and your organization if not complied with. GDPR is the first EU-wide regulation that harmonizes European data privacy laws and addresses personal data protection rights of residents, so that European citizens have full control over the data that is collected, used, and stored about them.
Who does GDPR affect?
GDPR will have a significant impact on every organization that holds or processes the personal data of EU citizens. Non-European organizations are at risk too – any institution that offers transactional services to European citizens, thus handling personal data, will need to be compliant as well. GDPR affects companies and public authorities – both data “controllers” and data “processors”.
So, what does GDPR mean for your website?
Becoming GDPR compliant by May 2018 can seem like a daunting task, for both companies and public authorities. However, a smooth process is possible with cross-departmental effort, support from management, and typically, board involvement. As part of this process, it’s important you and your organization are aware of your digital presence and the content that lives there. All organizations that fall under the regulation will need to have an overview of all personal data that resides on their websites. Personal data isn’t limited to names or email addresses, but can span any number of things, including:
- Physical addresses
- IP addresses
- Phone numbers
Put simply, personal data refers to anything that might reveal any facet of a person’s identity.
What can you do to reduce your risk of being non-compliant?
- Demonstrate that your organization is making an active effort to become compliant. Many third-party vendors can help validate this to the Data Protection Authority. In most cases, this will allow for fines to be drastically reduced, or even waived.
- Enlist the help of a system that allows you to map out and locate personal data. This way, you can locate and delete any information at the request of any customer.
- Be aware of your digital presence. Many organizations have multiple website domains that could contain personal data as well; to be best prepared for GDPR, your organization should be cognizant of all the places where personal data exists.
- Locate a tool that scans all data within your website. Personal information lives within meta data as well. As it is a nearly impossible task to search all of the meta data on your website, tools that automatically scan this type of data can aide you in the GDPR compliance process.
Working toward GDPR compliance
During the chaos of the compliance process, public digital assets run the risk of being overlooked and companies are often unaware of the sheer amount of personal data that lives all over their websites, including PDFs.
As May 25, 2018 approaches, emphasize the importance of acting with digital certainty during the GDPR compliance process by communicating efficiently and clearly within your organization and enlisting the assistance of the proper tools. With the right tools and sufficient knowledge, your organization can work toward building the correct privacy mindset, making sure that all competencies are in place to address data protection.
Not sure where to start? Download the free e-book, GDPR: Working Together for a Compliant Website, for a collection of tips for web, IT, and marketing teams.