back to all posts

UPDATED: The GDPR and How it Applies to Small Business Websites

UPDATED December 2019: Although the following article is about GDPR, the new California Consumer Privacy Act (CCPA) has similar requirements and is being used as a template by other states interested in creating their own laws.


 

What is GDPR

It is a wide ranging regulation that can impact many areas of a business, but for simplicity we will cover how it impacts most websites.

The GDPR is a set of rules designed to give EU citizens more control over their personal data. However, it extends beyond the EU. It applies to anyone, anywhere, who processes the personal data of an EU citizen. Given the global nature of the internet, this effectively applies to every site at this point.

Given the global nature of the internet, this effectively applies to every site

Within the GDPR, the definition of “personal data” has been expanded to include much more general information about a visitor. If you use Google Analytics, and someone from Germany visits your site, it immediately applies to you. So every site owner needs to address it at some level.

What should I do

Just as with the ADA, the General Data Protection reinforces many practices that should already be in place. In its simplest terms you need to:

  1. Tell people what personal data you want to collect about them
  2. Give people the opportunity to decide if they want to give you that data
  3. If they allow you to collect that data, protect it

For a standard small business owner, this is relatively straightforward at the web site level. It can be addressed with good security practices, a privacy policy, and some documentation that outlines the rules that your staff needs to follow.

Privacy

Even if you don’t have a web form, you need to address general privacy concerns. Log files, analytics data, etc. all need to be addressed within your privacy policy. Often your privacy policy can also provide visitors with a way to opt out of being tracked. Privacy is a big issue for everyone, under the GDPR or otherwise, so it makes sense to cover these items even if you don’t deal with foreign visitors.

Security

Keeping personal data secure is a big deal as well, regardless. When people allow you to collect information about them, they are trusting that you will keep that information safe. Make sure you follow good basic security practices, and if you have WordPress or a similar CMS, make sure that you keep it up to date.

What happens if I ignore the GDPR

The penalties for violating the GDPR are quite significant, but the severity of fines will depend on whether or not a company is deemed to have taken compliance and security seriously. And of course the level of interaction you have with EU citizens can greatly impact the level to which you need to address the GDPR. If you are still unsure you should definitely reach out to an expert with any concerns.

...the severity of fines will depend on whether or not a company is deemed to have taken compliance and security seriously

To us, following the rules if the GDPR on every site just makes sense, and we typically recommend most of the items that are written into it regardless. The rules essentially support the privacy of your visitors and promote good security practices. Both are critically important these days, no matter who you are or where you are browsing from.

 

Share this article

We’d Love to Help You!

Want to sign that contract now? Still have a couple lingering questions? Are you thinking, "this is all great but I need a new site"? No problem! Talk to someone on our team and they will answer your questions and point you in the right direction.

Talk to us Now!

sales@whatarmy.com or call (617) 714-0259
WhatArmy © 2024 | Privacy Policy | Accessibility Statement