See who does GDPR apply to and how to edit your Privacy Policy to be GDPR compliant.
What is GDPR?
The GDPR has been discussed and negotiated for several years. However, its entry into force has caused a lot of excitement in digital marketers and websites owners. It is because the aim of GDPR is to protect personal data and digital privacy. A coherent system will ensure a consistent level of protection of individual data in the entire European Union. It will also provide companies with transparency and legal certainty, as well as the same monitoring procedures. Generally, the GDPR assumes three main courses:
- the extension of rights for individuals,
- new obligations for companies that manage data (they should, for example, prepare more detailed GDPR Privacy Policies),
- a new level of sanctions for non-compliance with GDPR guidelines.
- Who is impacted by GDPR?
- In short, GDPR applies to companies that collect and process personal or sensitive data.
Personal data is any information on which a person can be identified. These are, for example, name and surname, the address of residence, IP number, ID number, etc. Sensitive data are, for example, confession of faith, sexual orientation or information about the state of health.
However, in the view of the specific situation of micro, small and medium-sized enterprises, GDPR provides an exception concerning the registration of processing activities for institutions employing fewer than 250 employees. If you belong to this group, make sure about the rules that apply to you.
GDPR plugin for WordPress users
Remember that even if you have a simple contact form on your page, you subject to GDPR. As users leave their e-mails on your web page, you already collect personal data. So, if you run a page on WordPress, it is better to add a GDPR plugin to it. GDPR plugin will, for example, display the acceptance of the privacy policy before the user's registration on your website.
What about marketers from outside the EU?
GDPR applies to the businesses that offer products or services to citizens of the EU (as they collect their clients’ data). So, if you run, for example, an U.S.-based business that sells products to residents of the EU, you have to be GDPR compliant. Start with writing a GDPR Privacy Policy. What should it contain?
What should GDPR Privacy Policy contain?
You should know that GDPR determines not only what should be included in the Privacy Policy of your site, but also how you should write it. The information you provide in GDPR Privacy Policy must be:
- intelligible,
- easily accessible,
- concise,
- written clearly and plainly.
The mandatory content of your GDPR Privacy Policy should include the following information:
- Who is collecting the data (Who is a so-called Database Administrator)?
- What kind of data do you collect on the page?
- What is the legal basis for processing the data (you should mention the GDPR basis)?
- Will you share the data with any third parties (for example analytical tools you use, such as Google Analytics)?
- How will you use the information (for example, for marketing purposes)?
- How long will you store the data (you can enter the time period)?
- What rights do your users have?
- How can your users raise a complaint?