The EU General Data Protection Regulation (GDPR) is making a major change to its policies for user data storage on May 25, 2018. At a high-level, the regulation is meant to help protect EU citizens from privacy and data breaches and will affect any website that may collect data from EU citizens. Here’s more to help you prepare:
How do I know if it affects my site?
If your website collects any user data information from EU users, whether via a cookie, newsletter sign-up, contact form, checkout and/or customer portal, you will most likely have to make changes to your website and privacy policies. This information could include a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
Some changes you may need to consider:
Data Permission: Do you have a newsletter sign-up? You may need to review business processes, applications and forms to be compliant with double opt-in rules and email marketing best practices. You’ll most likely have to improve your opt-in/opt-out experience.
Data Access: Users should be able to easily access their data and remove consent at all times. How you implement these controls will vary based on the type of data you collect and you must allow users the ability to opt out of communication channels. This can be done with an unsubscribe link that connects a user to manage their contact preferences.
Data Focus: You may not be able to collect ancillary information from users anymore. Make sure your data is focused, as GDPR wants you to only collect what’s pertinent.
Data Deletion: Users may request that you erase all of their personal data.