GDPR Compliance – What is GDPR?
GDPR Implications for Your Business Website
Over the last year you may have heard the term GDPR which stands for Global Data Protection Regulation. GDPR was created by the European Commission to protect the privacy of internet users who are citizens of the European Union. The European Commission – which proposes legislation and implements policy for the EU – instituted GDPR in May of 2018. Although it originated overseas, the regulations can affect U.S. based companies.
Which Companies are Affected?
You are probably aware of privacy issues that have come to light regarding big tech companies like Facebook and Google. These companies and others have been accused of violating user privacy by sharing data without user consent.
However, GDPR affects small companies too. Even if you have a privacy policy on your website, this does not cover you when it comes to GDPR Compliance. If your company operates within the EU or offers goods or services in the EU, you must follow GDPR regulations or risk hefty fines.
What if you are in the hospitality industry and receive internet traffic and bookings from EU citizens? The answer is – it depends. According to the European Commission, “Provided your company doesn’t specifically target its services at individuals in the EU, it is not subject to the rules of the GDPR.”
If you have a page on your website that promotes your hotel, resort or campground to EU citizens, it’s in your best interest to follow GDPR Compliance. You’ll also be ahead of the curve if similar regulations are implemented by the U.S. government. This may not be far behind since companies continue to be criticized for their failure to protect user data.
How to Be GDPR Compliant
In general, you want to be transparent about why you are collecting data and what it will be used for. There are several points outlined in GDPR that we paraphrase here. For starters, you should only collect data for the stated purpose and not use it for something else later. Data should not be stored for longer than necessary and you must have safeguards in place to protect the data. In simpler terms, GDPR says you should “explain in clear and plain language why you need the data, how you’ll be using it, and how long you intend to keep it.”
GDPR Compliance does not define how long is acceptable for keeping data but says “You must store data for the shortest time possible.”
Here are some specific ways to start implementing GDPR.
First, review your mailing lists and any EU contacts. If you don’t have proof of their consent to be on your list, they should be removed. Next, do an assessment of all the ways you collect data, i.e. contact form on your website or newsletter sign-up form. Are you asking for information that isn’t necessary? For example, if someone is signing up for your monthly newsletter, you probably don’t need to ask for their household income. Also, add a County of Residence field to your forms so you can easily identify EU citizens within your database. Plan for how long you will keep data before it’s removed. Although it can be hard to delete contacts that you worked hard to get, if someone has not interacted with your business in several years, they are probably not good contacts anyway. Finally, has it been awhile since you reviewed your Privacy Policy? Now is a good time to take stock of all your processes and update the policy posted on your website.
Need Help Navigating GDPR?
If you need an expert to handle GDPR Compliance or privacy compliance for you, trust MorePro Marketing. We have a 20-year track record of improving digital marketing efforts for both large and small businesses. We have extensive experience in the hospitality and franchise space, and a reputation for being effective and efficient.
This article does not constitute legal advice.