Data privacy online is a huge deal these days, and after much debate and preparation, the General Data Protection Regulation (GDPR) was finally approved in April of 2016. Now the time has come for the GDPR policy changes to take effect, which is slated to happen on May 25th, 2018. By this date, any organization that is not in compliance with these changes in policy can be fined.
The GDPR replaces the Data Protection Directive and was established to make data privacy laws across European nations much more streamlined, as well as to protect the privacy of all data of EU citizens. But how does this apply to companies based on Canadian soil?
Being Ready For GDPR
When the new GDPR becomes enforceable on May 25th, 2018, it could significantly impact how you manage personal data.
Not only does it apply to European organizations that process personal data, but also to entities outside Europe that target consumers in the EU. Even companies that are Canada- or US-based will be impacted. Basically, a company that has an online presence and markets their products or services over the internet will have to do some homework on the GDPR in order to be ready for it.
It doesn’t matter what industry you are in, it is important that you are ready with a plan or you could risk being legally accountable. Article 3 of the GDPR stipulates that if a company collects personal data or information regarding consumer behavior from someone in a European Nation, the company will be subject to the criteria of the GDPR. The law applies only if the consumers being targeted are in the EU when the data is collected.
Businesses should also understand that the GDPR would still apply even if a financial transaction never actually takes place. If you collect personal data as part of your marketing strategy and don’t end up with a sale, the data would still need to be protected by GDPR.
Things can get a little murky when we are talking about people in EU countries who just happen to stumble upon your website. According to the new GDPR policy changes, your organization would have to purposely target data subjects in a European Nation. For instance, an Italian user who finds an English-language website on Google that is specifically written for North American consumers would not be covered under the GDPR.
That said, if the marketing is in the Italian language and there are references to EU customers, then your website would be considered to be targeting these consumers, in which case the GDPR would apply. And if your business accepts the Euro currency, the GDPR will be applicable.
If you have an eCommerce website and you are running Woocommerce – take a look at a recent article provided by the creators of Woocommerce and how to handle the GDPR for your online store. View article here