The “Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC” — in short, the General Data Protection Regulation, or GDPR — comes to the end of its two-year transition period and will be fully enforced in four weeks, on May 25, 2018. What does this signify?
The aim of the GDPR is to protect the privacy of European Union residents by making the way companies store user and client data more transparent. Any EU resident can request to see the data collected about him / her at any time, and request that it be removed, and even, opt out from any future data collection. Companies must tell users clearly what information they collect, how it is stored and if it its to be shared with any third parties. Companies must also be able to describe how they protect whatever data they collect. It’s a tall order, and one that promises to reshape the global understanding and circumstances surrounding the collection, storage and management of user data.
What’s especially noteworthy is that even though the GDPR is a European regulation, and an EU directive, it applies to all businesses that deal with European users and clients. It’s all the same if your company is in the USA or in Burkina Faso. If I am your client and use your site from my home in my adopted home country Germany, you must comply with the GDPR. If you fail to comply, and are legally determined to breach such compliance, you may be fined up to 4% of your company’s annual global revenue or €20 million, whichever is greater.
Another notable GDPR stipulation is that it does not matter if you do not sell anything. Every commercial website that collects any kind of data from users even in a single EU country must comply.
Most international players have prepared for the GDPR, and will not face any issues with it. Take a “simple” site like our own Win10.guru: all we must do to comply is to provide a page on the site where you can check what kind of information we collect and what we will do with it. Because the information we collect is minimal it is a piece of cake to do comply. In fact, we only collect IP addresses, geo locations, user agent information, referrer links and — should you subscribe to our site — email addresses. Thus, like many other, similar sites, we do not even ask for or store your real names.
On the other hand, some global players have big issues with the GDPR. Most surprising of these is ICANN — or rather, its WHOIS service. Because ICANN is the overlord of all Internet, and WHOIS exists for the sole purpose of publicly identifying everything about a website owner, from a designated person’s name and email address, to an official contact address, complying with GDPR seems almost impossible. ICANN has requested more time but the European Union’s reply is, to quote the yellow press, “Whois is dead as Europe hands DNS overlord ICANN its a*** ” (full article). The very same story using language that more suitable for American audiences is available on MSN: https://www.msn.com/en-gb/finance/other/europe-tells-icann-its-gdpr-compliance-plans-need-more-work/ar-AAvWJbs
Not complying with the GDPR can get serious, fast. If your company’s website has European visitors, if you sell anything to Europeans, if you collect any kind of data from European visitors or clients of yours, you’d better do what is required. The European Union means business with its fines. And they have their ways to lay hands on your money, wherever you are located, if you do not comply.
Hurry up, you only have four weeks to get everything done! Start by reading what the GDPR is and what is required of you. EUGDPR.org, an independent organization has collected all the necessary information you need to know. The text of the full directive resides at https://gdpr-info.eu/. it might also be a good idea to visit some commercial sites to see how they have complied. In my opinion, GoDaddy, the company that hosts Win10.guru, shows how to do this correctly. Read about their compliance efforts at: https://uk.godaddy.com/help/privacy-gdpr-27883
Having now read quite a lot about the GDPR and what it is supposed to do, I have to say I welcome it. Although it aims primarily to protect European residents, it has global value and will help protect your privacy, too. Wherever on this globe of ours you are located, it means something to you, too.
Author: Kari Finn
A former Windows Insider MVP, Kari started in computing in the mid 80’s writing code for VAX / VMS systems. Since then, he’s worked in a variety of IT positions. He specializes in Windows image capture, customization, repair and deployment as well as Hyper-V virtualization. Kari is a proud Team Member at number #1 Windows site TenForums.com.