The General Data Protection Regulation [GDPR] And Your Small Business

January 19, 2018

What is the General Data Protection Regulation?

The General Data Protection Regulation  was created by three parties: the European parliament, Council of the European Union, and the European commision. It is a regulation that intends to strengthen and unify data protection for all individuals in the European Union. It has 11 chapters and 91 articles that aim to protect subjects (ie: citizens) from data breaches.

The European Union. That’s a lot of countries…

27 to be exact. They include Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the entire UK.

When does the GDPR go into effect?

It took four years of preparation and debate but on April 14, 2016 it was agreed upon. There has been a two year grace period ending on May 25, 2018.

What was in place prior to the GDPR?

The Regulation replaces the Data Protection Directive from 1995.

Why do we need to replace the Directive?

The world of technology was a very different place 20 years ago. Remember personal pagers and the original iMac? Data laws needed an update. 


What kind of companies does the GDPR affect?

Does your business have an online presence or do any kind of business with customers in any EU country? If you answered yes to either of these questions, the GDPR effects you. Any company that does business with EU residents, regardless of their location, is subject to the change. As a result, these changes will have an impact globally.

What are the penalties for non-compliance?

It depends, but for companies that fail to comply with certain GDPR requirements, fines may be up to 2% or 4% of total turnover. This can mean millions of dollars in fines for large enough corporations.

What needs to be done to be compliant?

It depends. If you have a basic e-brochure (or WordPress!) website, you should consider adding a terms of service agreement that discloses all of the information you collect on a user and provide a means for the user to opt-out of any data collection. If this is overwhelming, we’d be happy to discuss this over the phone or connect you with an attorney.

If you have a more advanced website or application that collects log-ins and passwords, etc., consider contacting a web development company such as BuildThis as well as an attorney.

Contact us with any questions!

Enter your email below to receive our FREE GDPR Checklist:

Let’s Start a Web Design Project

Talk with a Web Strategist.