With the rampant collection and misuse of personal data by marketing companies and online businesses, regulatory bodies are stepping in to safeguard individual privacy and personal data.
Today, almost every country has regulations to protect the privacy and personal data of its citizens. The European Union (EU), is no exception.
On the 25th of May 2018, the EU released its version of the data privacy law. It is called the General Data Protection Regulations or better known as GDPR. Any company caught flouting the rules of the GDPR is liable. They can be fined up to 4% of their annual revenue or 20 million euros, whichever is higher.
While the geography of most country bounds the privacy laws of the country, the EU’s GDPR is unique. The GDPR is not restricted by geography at all. As long as the personal data of a citizen of any of its member states is collected leaked, the organization collecting the data would be held liable and fined under GDPR. Under GDPR, the organization or company will be prosecuted even if they do not have a legal entity in the EU.
One of the significant areas of violation for companies is the company’s very own website. The website is a very public application and has such everyone has a view of it, including regulators
In the event of a personal data breach, privacy investigators will inspect your website. They can very quickly ascertain whether you have taken the regulations seriously and put in place measures to be compliant.
Hence to understand whether you would be prosecuted under GDPR, you need to ask yourself the following questions :
- Does your website allow a visitor to add or submit information on your website?
- On any part of your website, can your visitors leave any comments?
- Does your website accept any form of payment?
- Can your site visitors chat with you directly?
If your answer to any of the above questions is yes, then you will be impacted by GDPR if there is a personal data breach. Moreover, you never know which country your website visitor could be a citizen of.
Even if you are not actively doing any business with the EU, you need to understand your GDPR obligations to protect yourself and business.
Let’s have a conversation if you need assistance in this area.