GDPR: Keeping Data Safe

Data breaches have been all over the news in recent years. As private citizens, we sometimes take it for granted that our personal information - everything from our social security number to our bank account information - is secure and inaccessible to anyone other than us. Unfortunately, we’re learning that this is not the case. Some of us have learned the hard way.

Last month, my husband received a form letter from Equifax letting him know that he had been affected by a massive data breach. The letter noted that 143 million (!) US consumers were impacted. You’ve probably heard about the Equifax issue (and other data breaches) in the news.  

Knowing that our modern digital age calls for stricter data storage requirements, the EU parliament passed the General Data Protection Regulation (GDPR) in 2016. The regulation went into effect across the European Union on May 25, 2018. It gives consumers more control over their personal data, and enforces fines on companies that don’t comply with the regulation. The requirements are very stringent.

How does this impact your business? It could have implications for some - or all - of the following:

• Email Marketing: How you build your email list (double opt-in), and how you manage your list over time (inactive/unengaged subscribers)
• Website Tracking: Even for something as common as tracking for Google Analytics or Facebook, do you need to communicate to website visitors that tracking is in place, and give them the ability to opt out?
• User Account Information: If your website or app has user accounts with personal information, is there a way for those users to view all the collected data, and upon request, have the ability to download it?

What does this mean for the US in general? Well, with the European Union making a strong commitment to data integrity, we can expect that the US will probably follow suit. US companies doing business in Europe are already affected. If a US company collects any data from a contact in Europe, that company is subject to the requirements of GDPR. You may have noticed a significant uptick in "we've updated our privacy policy" notices in your in-box lately. This is another side effect of GDPR. Sure, we know that no one reads those policies (except my friend Paul, who definitely reads all legal documents), but if you did read them, the upshot is that your data is yours and you have the right to access it. Providers (like Etsy, Twitter, Facebook, etc.), in turn, have the responsibility to keep it safe. 

A team from Fyin.com recently attended the Umbraco Codegarden conference in Odense, Denmark. GDPR was one of the big topics on the schedule. In fact, I heard a rumor that a reading of the GDPR was accompanied by an interpretive dance. Whatever it takes to get the point across, right? With all the buzz about GDPR overseas, we can assume that similar regulations may hit our shores before too long. If your company/organization collects personal data for any reason, it’s not too soon to start thinking about having your data-gathering methods and infrastructure audited to identify any weak points.

Whether this is a current concern or something you'll be dealing with in the future, our team at Fyin.com, can help with the technical aspects. As with all legal matters, consult your legal counsel to ensure you comply with all the legal aspects of policies like GDPR.