Have you noticed more pop-ups in the last few weeks? Does it seem like every website is reminding you of its terms of service or cookies policy? You can thank the European Union and the GDPR for this slightly annoying–and highly important–development. Here’s a quick overview of this new regulation and how it may impact your business.
What is it?
The General Data Protection Regulation (GDPR) requires companies to protect the personal data of EU citizens and residents in a much more stringent way, and to be more transparent regarding the personal data that they collect.
What specifically does it regulate?
This law regulates the processing of personal data belonging to an individual in the EU by an individual, a company, or an organization. If a website requires users to sign in before they can access premium content, if a merchant accepts credit card information from a customer, if an organization collects email addresses for its newsletter mailing list–all of these actions would fall under the purview of the GDPR.
Who or what does it affect?
• Any natural person who is residing or located within the European Union.
• Companies, organizations, and other legal entities located within the EU.
• Companies, organizations, and other legal entities located outside of the EU, but that process or otherwise handle the data of individuals who reside or are located within the EU.
Who or what does it not affect?
• EU citizens who are outside of the EU, including EU citizens who are studying or working abroad, EU citizens who are traveling abroad, any EU citizen who resides outside of the EU but maintains his/her EU citizenship.
• Deceased individuals.
• Legal entities (e.g., the data of corporations).
What is the scope of the GDPR?
Global, to put it bluntly. It applies to personal data belonging to any individual who resides or is located in the EU, any organization that is based in the EU or has an office in the EU, and any organization not based in the EU that deals with personal data of EU residents. Here are a few examples.
Hernan’s Gafas is an premium sunglasses retailer located in Madrid, but has customers all over the globe. John, a Jamaican citizen and resident, buys a pair online. Hernan’s Gafas will have to act in accordance with the GDPR when handling John’s data, even though John does not reside in the EU.
Mariah is a visiting professor at the Sorbonne and an American citizen. She wants to order a birthday gift for her daughter, Tilda, back in New York, and decides to get Tilda’s favorite bakery to deliver a dozen cupcakes to her office as a surprise. Mariah arranged for everything online, including a credit card payment. Because Mariah was located in the EU at the time of her order, the bakery must act in accordance with the GDPR.
If at least one individual or entity involved in a business or other professional interaction resides or is located the European Union, then the GDPR will apply. Note that this will not apply for any business-to-business transactions or activities.
What does it mean by “processing”?
The EU defines “processing” as the
collection, recording, [organization], structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
This covers both automated and non-automated means. Processing includes accessing or keeping a database of potential clients’ personal information, sending promotional emails, and storing IP addresses just to name a few.
Do you need help navigating the world of digital marketing? Do you want to amp up your social media marketing strategy? Do you want to get the most out of your brand’s online presence? The Go! Agency can help!