A Quick Guide to Data Protection Regulations in 2018

A Quick Guide to Data Protection Regulations in 2018

Every day, it becomes more normal for us to share personal information online. Right now, chances are high that multiple websites and online services have access to sensitive data about you. This can include your address, contact data, and even credit card numbers. As a website owner, you need to ensure that you’re treating your users’ data with the care you would want for your own information.

Data protection regulations are essential if we want to enforce higher security standards and transparency, both as customers and administrators. This article will give you a crash course on the two most important pieces of data privacy regulation in 2018. We’ll explain what they mean for you, and how to enforce them on your website. Let’s take a look!

Data protection regulations set rules for how and when you can collect personal information from your website’s users. Details such as email addresses, names, and IP addresses all fall under the category of personal data, and most websites collect at least some of this information.

For example, even if you’re running a very basic WordPress website, chances are it still uses cookies. These fall under the jurisdiction of some data protection legislation. This goes to show that you don’t need to enable user registration on your website to collect data from visitors. If you’re using a modern Content Management System (CMS), you’re already gathering this data whether you know it or not, so you need to inform yourself about the latest developments in data protection regulation.

As an internet user, it’s easy to see why such regulations are essential. Let’s break down the main reasons:

Once your information is out there, websites can share or sell it to third-party services. Those with malicious intent can even gain access to it after a data breach, which often results in massive databases of stolen information circulating around the web. All of this means that if you run a website, you may need to step up your game when it comes to security and transparency. Users have a right to know what happens with their information, and you may even have a legal obligation to inform them.

Before we dive into specifics, it’s important to note that we are not lawyers. If at any point you’re unsure whether certain legislation applies to you, or you think you may be liable for a breach of any of these regulations, you should consult with a professional.

To be fair, you probably don’t need to worry about fines for breaching these regulations unless you’re running a massive website. However, you should still take the time to read through them and understand how they work. That way, you can ensure that your website is always fully compliant with any applicable legislation.

The The General Data Protection Regulation (GDPR) was created in December 2015, and designed to ensure the right of EU citizens to basic data protection standards. It was ratified in early 2016, replacing the erstwhile Data Protection Directive (1995-2018), and it will become enforceable on May 25th, 2018. That means you still have a little time to acquaint yourself with this regulation, and figure out what you need to do in order to comply with it.

Lately, the GDPR has generated a considerable buzz online, since it’s the most comprehensive set of rules for data privacy drafted so far. This legislation’s primary goal is to create a set of easy-to-follow rules for the entire EU, which uphold the highest standards of data privacy.

Despite being an EU regulation, the GDPR will apply to any site that collects data from EU citizens. This means that if you’re running a WordPress website with registration enabled, and some of your users reside in the EU, the GDPR technically applies to you.

You might still be tempted to ignore this legislation if you operate elsewhere, but remember that its main goal is to protect EU citizens. Since non-EU businesses also need to comply with the GDPR, it stands to reason that you could get fined for breaching its rules, no matter where you’re based.

The GDPR can impose several types of penalties. For example, you could get fined 2% of your worldwide annual revenue for failing to disclose a data breach, or up to 4% for failing to ask for user consent when storing data. These are steep fines. However, the good news is that complying with the GDPR is relatively simple.

The GDPR is a massive piece of legislation, but we can ultimately boil down its contents to the six fundamental rights it grants to users. Here’s what they are and how to comply with each of them:

That’s a lot of information to process. However, as you can see, most of those rights are relatively simple to enforce. We’ve already talked about how to comply with user account deletion requests in the past, as well as how to create privacy policies. Other clauses, such as informing your users about data breaches, simply require you to send an email notification. Complying fully with the GDPR may take a little work, but it’s very achievable for nearly any website.

The ePrivacy Regulation is a piece of legislation that is still in the middle of its approval process. It should be approved during the 2018-2019 period, however. Its main goal is to complement the GDPR. To put it another way, the GDPR’s primary focus is on protecting your personal data. The ePrivacy Regulation, on the other hand, is all about your right to privacy as an individual.

Just as the GDPR supersedes the Data Protection Directive, the ePrivacy Regulation will act as a replacement to the Cookie Law (also known as the 2002 ePrivacy Directive). In case you haven’t heard of it, the Cookie Law requires you to inform users if you intend to collect private information via cookies. It also gives visitors the right to refuse cookies when you notify them.

Before we move on, let’s briefly discuss the difference between aregulation and a directive within the EU. Regulations approved by the EU automatically become enforceable within all member states. However, directives simply specify a goal, and members are free to use to use the methods they want to achieve it. In other words, replacing the ePrivacy Directive with the ePrivacy Regulation is meant to make things easier for regulatory bodies.

The new ePrivacy Regulation is a complement to the GDPR in more ways than one. For example, the regulation will share the same fine system outlined for the GDPR.

Also, if you have users or customers located within the EU, you can be held liable for breaches. This means that you will almost certainly need to adapt to it, no matter where you’re located.

Keep in mind that the ePrivacy Regulation is still not in effect. That means it could be subject to change before it actually passes. However, as it stands now, here are the main stipulations you’ll need to adjust to:

When you boil it down, the ePrivacy regulation is all about consent. Users have a right to online privacy until they specify otherwise, and you can’t take consent for granted. If a lot of your business comes from online marketing, you’ll have to stay away from avenues such as cold emails, for example. We recommend keeping an eye on the latest news about this regulation as it becomes finalized.

A lot of people play fast and loose with the information users entrust to their websites. However, this can be a dangerous game to play. Something as simple as not including a privacy policy on your site is often enough to breach existing regulation.

In other words, you need to be aware of what the latest data privacy regulations are. Otherwise, you won’t be able to keep your users’ information secure. These two recent pieces of legislation are a great place to start:

Do you have any questions about how these data protection regulations affect you? We’re not lawyers, but let’s talk about it in the comments section below!

Images Powered by Shutterstock