For many people who operate websites in the US the new General Data Protection Regulation (GDPR) will mean very little. Many of our clients here at Nicely Done Sites do not do business with people in the European Union so there is little that they feel that they need to do with their webpage at the moment. While that may be true in some regards there are always things that can be done to shore up security and protect information on the Internet.
Keeping WordPress up to date is a good idea
One of the easiest things to do is to simply make sure that your WordPress page is up to date. WordPress released a new update during the week of May 14 in preparation for the May 25 implementation of the GDPR rules in Europe. WordPress did a lot of the heavy lifting for you so all you need to do is update it. It is a good idea to do anyway as keeping your website up-to-date just makes sense.
What would my webpage need for GDPR?
If your website does business with people or other businesses in the EU there are some things that need to be changed with your website. You will need to explain to customers what your business does, why you need a customer’s data, how long you will keep it and who can access that data. The customer must consent to having their data collected and must be given the option to opt out if desired. Customers also have the “right to be forgotten” or to download their data that you have and to have it deleted. Furthermore data breaches must be reported within 72 hours.
For many websites that are affected by the GDPR this meant a massive overhaul of the site, which was not easy nor was it cheap. Websites and plug-ins collect massive amounts of user data and not all of it is relevant for the business the customer needs done. The GDPR has reduced it down to the bare bones of information that is allowed to be collected. This also requires a complete overhaul of the website’s privacy policy or terms of service as well as all of this needs to be spelled out there. That is a lot that needs to be done.
No legislation pending in the US
If you do not do business with anyone in the EU you do not need to worry about this at the moment but legislation like this will one day be law here in the United States and Canada has implemented regulations like this as well so the day when you need to do something about this will be here sooner rather than later. Should you worry about this? Not at the moment. While there are many things that can be done to any site to shore up security trying to be proactive about any GDPR-esque legislation could be a waste of time and resources. Simply put there is no legislation pending before Congress nor is there likely to be until the next session. With no legislation available to serve as a guide there is simply no way to adequately prepare your website for compliance. When that legislation does come from Capitol Hill there will be several years given for compliance so it will not need to be done overnight. That is good news for us as digesting any Congressional bill is never easy.
One of the main questions you might be asking is if the EU has placed requirements down why not just use them as a guide to make a website compliant? Some of these requirements do not correspond to anything within our government or legal system so it is hard to implement some of those measures. As such Congress cannot just simply copy and paste the EU’s law into our law and who knows what will happen when the lobbyists get hold of this.
Something like the GDPR will become law here in the US. The people are sick of data breaches and having their data used unscrupulously for someone or some company’s gain and this could be one of the hot button issues in the 2020 presidential election. It is certainly something that no Congressman will want to stand in the way of. When it comes, be ready but have patience as breaking down the regulation and updating all of our clients pages will not be an easy or quick process but we’ll get it done.