General Data Protection Regulation

The short answer is not much, if your customers are NOT residing in the EU. But if they are then you would need to make your website compliant to the new General Data Protection Regulation (GDPR) by the European Union. The regulation was implemented on the 25th of May 2018 and requires any website owner to specifically take steps allowing visitors/customers to let them view and or delete their collected data from your website. Failing to implement these regulations could result in hefty fines.

The regulation covers all Personally identifiable information (PII), like:

  • Name and other names used;
  • Email and physical addresses;
  • Social Security number, full and truncated;
  • Driver’s license and other government identification numbers;
  • Citizenship, legal status, gender, race/ethnicity;
  • Birth date, place of birth;
  • Home and personal cell telephone numbers;

Also if you do not have one you would need to create a Privacy Policy page, similar to this one, outlining how you collect and store personal data and all the steps you take to protect the data and their rights to view and or delete their PII data. On that Privacy Policy page you would also make visitors/clients aware that you use and process cookies to identify returning visitors/customers and for spam prevention.

And if not done so already you would need to implement measures to secure personal data of your visitors/clients, starting with SSL encryption of the website traffic with visitors/customers and protect and harden your website from potential attacks.

For more details on this subject please visit the official EU website! I am providing guidance and services for implementing the new GDPR on websites if required, simply contact me.