Does the New European General Data Protection Regulation (GDPR) affect my Business?
By: Paloma Kennedy, Attorney with Boardman & Clark, LLP
Have you noticed lately how many websites have sent you an email or requested you to agree to their new, updated privacy policy or terms of service? This is due to a new EU regulation that was passed May of 2018, called the General Data Protection Regulation (GDPR). The GDPR affects any business that collects or processes EU resident information, which includes an EU resident’s name; address; IP address; cookies; health, racial and ethnic data; political opinions; and sexual orientation – regardless of whether the collection or processing of this data is intentional. The regulation requires business owners to implement safeguards to prevent against data breaches and it’s optimal for businesses to update contracts with third-party partners that may be accessing, collecting, or processing such data on the business’ behalf.
Why should U.S. business owners care about EU regulations?
The GDPR requires active consent to collect data from EU residents and because the Internet is a global place, no business is safe from inadvertently collecting this data. More importantly, the regulation comes with a steep penalty of up to 10,000,000 euros for non-compliance.
So, what can you do to make sure your business is compliant?
If your website collects data either through online purchases or a contact form, you should update or implement a privacy policy (Tingalls Example) and terms of use (Tingalls Example). A strong privacy policy and terms of use will help your business avoid liability for data breaches and should require, with the help of Tingalls, all website visitors to actively accept data collection. Having an attorney draft these policies ensures they are customized to your specific business and, as a result, are most protective. Updating or drafting these policies for the first time is simple and affordable, which when compared with the potential fines, makes protecting your business a smart and easy decision.
~~~~~
If you would like to learn more about how your business may be affected by the GDPR, contact Attorney Paloma Kennedy for a free consultation at 608-283-7504.