Disclaimer: No one at VIA is a lawyer, so this is not legal advice. However, we are pretty good at translating digital to human, so here we go:
You may have heard about the General Data Protection Regulation (GDPR) – a European Union (EU) law that went into effect in May. You, like many people, were probably confused about what that means for you, your business and your website. Never fear, we have some answers!
What is the GDPR and Should I Be Concerned?
First, we recommend this article as a good overview of GDPR, what it requires, and how it will affect your website:
Secondly, it’s important to note that while the penalties under the GDPR are potentially massive, they do have a lengthy warning process and (to our knowledge) legal actions in the US are not currently widespread. That does NOT mean you should ignore the GDPR, but rather that nothing is currently on fire.
The Core Concepts of GDPR and How to Be Compliant
The core concepts of GDPR apply to most websites:
- Get an opt-in from your users when you collect their data.
- You need to have a process to export and/or delete a user’s individual data.
The good news is that #2 and #3 are things that we (VIA Studio) can easily help you with, in a relatively small amount of hours. We can update your contact forms and ecommerce systems to ask for an opt-in. WordPress and its popular ecommerce add-on WooCommerce have both added features to achieve the export and deletion of a user’s individual data.
The bad news is that #1 is something you should work with your attorney to draft, review and approve to be posted on your website. We can recommend a few good ones if you like.