So you’re still in a bit of a tizzy over the European Union’s General Data Protection Regulation (GDPR), you’re in good company.
As it were, it’s one of the biggest data privacy laws in over 20 years, so it’s quite natural for businesses to take some time to find their sealegs.
However, the impact of GDPR is affecting global markets and US companies. Therefore, it’s critical to have a firm grasp on how it works. Here’s what you need to know about GDPR and how it affects North American businesses.
What Is GDPR?
In essence, GDPR stands for General Data Protection Regulation. It’s a set of laws that passed back in May 2016. It was put in place in order to establish ‘digital rights’ for European Union citizens, however its effects spanned the globe.
Giving organizations two years to comply with the personal data protection and privacy laws, GDPR went into effect on May 25, 2018.
The reason why the laws have global impact is due to the explicit regulations it contains. It identifies ‘liable’ organization as any sort of business that utilizes personal data of EU citizens. It doesn’t matter whether the company has a physical presence in Europe or not.
Thus, if you’re a company with a website and you get traffic from EU visitors, then you’re liable. Even if you don’t actively market your products or services to European markets.
What Is Personal Data?
This term gets thrown around…a lot. However, what does it actually mean under GDPR?
According to the European Commission, personal data includes “any information relating to an individual, whether it relates to his or her private, professional or public life.
It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.
Basically, these are condensed into the following data categories:
Identification information: name, telephone, physical and email address and government ID numbers
Website data: location, IP address, cookie histories, and RFID tags
Health, mental and genetic data
Racial, cultural or ethnic data
If your business has a single data point that includes any of the aforementioned data categories, then you’re accountable for this data.
How Does This Impact North American Websites?
All North American websites are considered data controllers by the European Commission. As such, they’ll be held accountable for any data collected, processed or dispersed on an EU citizen.
In the case of data infringement of a customer’s data on a US or Canadian website or if a breach of security is not reported correctly, then these companies could risk humongous financial and legal penalties.
Looking at the current numbers, you might be looking at potential fines of up to 4% of annual global revenue or 20 million euros. The greater number applies.
The California Consumer Privacy Act (CCPA)
The application of GDPR on such a big scale leads to new regulations following in their footsteps. Enter the California Consumer Privacy Act.
The CCPA is going into effect on January 1, 2020. As it were, it’s quite similar to the GDPR with a focus on California residents. It gives them the right to control the data that companies collect on them.
With GDPR and CCPA, any organization with a website needs to make changes to the way they collect and store customer data in order to avoid any crippling penalties.
GDPR for Publishers
Publishers gathering information on their readers is a given. To provide readers with relevant content and add value to their lives, successful publishers gather the biggest amount of relevant information on their readers possible.
This (of course) puts them firmly in the ‘data collector’ category.
Now, we understand that it can be overwhelming to manage an overhaul of how you collect and store your consumer data.