The GDPR takes affect on May 25, 2018, and you may need to make some changes to your website to stay in compliance or risk facing fines. The implications for most of us are likely minor, but some of our clients could have much greater needs. It's a complicated subject, so we'll big digging into:
- What the GDPR really is
- How it affects websites based in the US
- What the penalties could look like
- Tools and plugins to help you prepare
15. Official Gutenberg Block ExamplesGeneral Data Protection Regulation
GDPR, or the General Data Protection Regulation, is a set of rules designed
to protect the privacy and personal data of European Union residents. The
implications of GDPR are far reaching, as it impacts all organizations
worldwide that collect personal information about EU residents.
In a nutshell, the regulations affect how companies must handle personal
user data commonly tracked online. This includes IP addresses, geographic
locations, names, home or work addresses, gender, and a wide range of
more sensitive information such as health status, political affiliation,
religion, and ethnicity, among other things.
29. Official Gutenberg Block ExamplesWho does it apply to?
Any U.S. company that has a web presence and
markets their products over the web will need
to know these regulations.
It does not apply only to financial transactions;
if the organization collects “personal data”,
then GDPR could apply.
30. Official Gutenberg Block ExamplesPenalties
If your business doesn’t comply with GDPR, you
can get sanctioned up to 4% of the annual
worldwide turnover or fined up to €20 million
(the higher of the two), per infringement.
31. Official Gutenberg Block ExamplesIt matters to you…?
Article 3 of the GDPR says that if you collect
personal data or behavioral information from
someone in an EU country, your company is
subject to the requirements of the GDPR.
33. Official Gutenberg Block ExamplesTargeting
If your company is in the US and you don’t target
EU users, you’re likely in good shape.
34. Official Gutenberg Block ExamplesTargeting
Use of the language of a Member State
Use of the currency of a Member State
Use of a top-level domain name of a Member State
Mentions of customers based in a Member State
Targeted advertising to consumers in a Member State.
35. Official Gutenberg Block ExamplesTargeting
website.com/fr/
“we accept €”
dutchnews.nl
“10 ways to find a great job in Germany”
38. Official Gutenberg Block ExamplesGoogle Analytics
Anonymize IP addresses
12.214.31.144 → 12.214.31.0
ga('set', 'anonymizeIp', true);
39. Official Gutenberg Block ExamplesGoogle Analytics
Watch out for long URLs with PII
mysite.com/form?gender=female&birthdate=31-12-1980
&companyName=Facebook&homeCity=Winchester
40. Official Gutenberg Block ExamplesGoogle Analytics
Is this cookie “personal data”?
Analytics stores a randomized identifier called the
ClientId in their _ga cookie
41. Official Gutenberg Block ExamplesGoogle Analytics
Sync with WooCommerce?
Do you sync your Analytics with WooCommerce?
That might make Analytics able to identify
individual people.
42. Official Gutenberg Block ExamplesGoogle Tag Manager can help
https://www.cookiebot.com/en/google-tag-manager-gdpr/
43. Official Gutenberg Block ExamplesHTTPS?
“In order to maintain security and to prevent
processing in infringement of this Regulation, the
controller or processor should evaluate the risks
inherent in the processing and implement
measures to mitigate those risks, such as
encryption.”
44. Official Gutenberg Block ExamplesMake it obvious on forms
https://kinsta.com/blog/gdpr-compliance/
48. Official Gutenberg Block ExamplesPrivacy policies
The GDPR says that the information you provide
must be:
● Concise, transparent, intelligible and easily
accessible;
● Written in clear and plain language, particularly
if addressed to a child; and
● Free of charge.
49. Official Gutenberg Block ExamplesPrivacy policies
The privacy notice should address the following to
sufficiently inform the data subject:
● Who is collecting the data?
● What data is being collected?
● What is the legal basis for processing the data?
● Will the data be shared with any third parties?
● How will the information be used?
● How long will the data be stored for?
● What rights does the data subject have?
● How can the data subject raise a complaint?
52. Official Gutenberg Block ExamplesHelp your clients
Offer to audit their site and needs.
Do it for free if they’re on a monthly plan?
Charge them for it?
53. Q & A
Questions about what we just
covered, or other problems?