GDPR: What You Need to Know

Prev Next

What is GDPR?

GDPR or General Data Protection Regulation is the European Union's (EU) data privacy regulation which gives EU citizens more control of their personal information. This regulation goes into effect on Friday May 25, 2018.

Although this is an EU regulation, it affects U.S. businesses because the wording of the regulation is extremely broad and covers any citizen of the EU no matter where they are in the world. Additionally, companies like Google are creating new user agreements and policies that comply with these regulations. These regulations will apply to anyone using their services in any country. For more information visit the GDPR site.

Why was GDPR Created?

GDPR was created in response to the massive amount of personal information that's gathered for various organizations like Google and Facebook.

What does GDPR do?

GDPR tightens the collection of personal data and restricts what businesses can and can't do with personal information which includes any data that can be used to identify someone. For example, name, phone number, address, orientation, health data, political opinions, location and IP address.

What does your business need to do?

If your business asks for this information, you must include an updated privacy policy on your website. This policy should disclose the following:

  • What information is being collected?
  • Who is collecting it?
  • How is it collected?
  • Why is it being collected?
  • How will it be used?
  • Who will it be shared with?
  • What will be the effect of this on the individuals concerned?
  • Is the intended use likely to cause individuals to object or complain?

At the end of this privacy policy, users must have the ability to opt in or opt out of sharing their information with your business. Check out Google’s privacy policy for more information.

Users that share their information and later wish to be forgotten can do so, IF:

  • Information is no longer necessary for the original purpose for which it was gathered
  • The individual specifically withdraws consent
  • Data has been unlawfully processed 

What is the penalty for not complying?

A penalty will be given to businesses that are flagged and do not comply with these terms. The penalty is 20 million euro or 4% of annual revenue, whichever is greater.

For further advice, Klündt|Hosmer suggests seeking legal consultation. GDPR will have a major business impact across all industries as it affects any company with an online presence. 



DISCLAIMER: All data and information provided in this blog post are for informational purposes only. Klündt | Hosmer makes no representations as to the accuracy, completeness, currentness, suitability, or validity of any information contained herein. We recommend consulting with a lawyer for any legal advice pertaining to GDPR compliance.