The majority of Relevance readers live and work in the US. However, the EU’s General Data Protection Regulation (GDPR) has the potential to impact any business with a website no matter its geography. There’s potential to be fined even if you don’t have customers in the EU. Businesses around the world are working on or have finished their compliance to this new regulation. It goes into effect May 25, 2018.
There are two primary groups that must comply with the GDPR:
It’s designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
It seeks to apply these three updates to the existing 1995 law:
Here’s some important information to know regarding the change and its penalties:
The below is a truncated list of a person’s “data bill of rights.”
Breach Notification – companies must notify individuals if their data has potentially been accessed.
Right to Access – companies must provide individuals with electronic access to their data.
Right to be Forgotten – businesses must delete and cancel all third-party processing of an individual’s data if requested.
Data Portability – individuals can request their data in a commonly used digital format and move it to another data controller.
Privacy by Design – calls for the inclusion of data protection from the onset of the designing of systems.
My biggest concern with this new law is a potential wave of ambulance-chasing European lawyers making lists of US and other foreign companies out of compliance this year to sue. It might even cause some small online businesses to pull out of Europe entirely.
My advice to companies that do NO business in Europe and never intend to is to simply block all European IP addresses. There’s no need to be compliant with the regulation or be harassed by ambulance chasers.