The General Data Protection Regulation applies automatically to all 28 member states of the European Union, unlike a directive, which demands member states draft their own domestic laws to enforce its rules.
Before its implementation, misuse of a person's data was punishable by a relative slap on the wrist. Now, unbelievable fines can be issued against companies which fail to comply by the tougher standards. Companies that are found guilty of misusing data can be fined up to €20 million, or 4% of the company's annual turnover in worst case scenarios, so are you taking the risk?
The regulation aims to give people greater power over their data and make companies more transparent in how they deal with sensitive information.
The GDPR regulation has been in existence for well over a year now! remember the release date? effective 25 May 2018.
The big question is what has your company done about it? The alarming fact is there are still so many business website owners out there ignoring the GDPR regulation that may one day come back to haunt them if in breach.
There are some excellent articles written about GDPRo on everything you need to know, from requirements to fines, https://www.itpro.co.uk/it-legislation/27814/what-is-gdpr-everything-you-need-to-know is a good example, well worth reading.
What are the consequences of non compliance?
If you don't think you need to respect the GDPR legislation, think again, you're unfortunately probably going to find yourself heading in the danger direction and in very hot water indeed. Whether your business operates with clients in the EU or outside it, it's vital you respect the rules and make sure you're compliant with regulations.
As a business website owner you have a duty to protect, not only the data you gather but the unbelievable fact that your family, business and whole life could be at risk for non compliance.
The General Data Protection Regulation (GDPR), aims to protect the fundamental right to privacy and the protection of personal data of European Union (EU) citizens.
This regulation affects any entity (including websites) that processes EU citizens' personal data. Whether or not you or your business is located in the EU, if you have EU site visitors, or if your marketing campaigns target EU citizens, this affects you, so be warned and take action!
What does the GDPR mean for you?
Transparency and communication with your site visitors are key elements of the GDPR. As part of the new regulation, you must let your site visitors know how you collect, store, and use their data, in a clear and transparent way. In addition, you must comply with your site visitors' requests to receive a copy of their data that is processed on your site.
What should you do as protection?
Establish a legal basis for processing your site visitors' data
In accordance with the GDPR, you are permitted to process your site visitors' data (e.g. collect, use, store), so long as the process meets the requirements of the GDPR. There are many ways in which you can lawfully process your site visitors' data - requesting their consent is just one of these ways.
Get consent for all your marketing campaigns
Sending marketing campaigns requires consent from your site visitors. If you're using Wix Email Marketing, MailChimp, or any other email marketing tools, this applies to you.
Add consent tick boxes to your wix forms and get subscribers.
Make sure your third-party apps are GDPR compliant also
As part of the GDPR, you are responsible for any third-party apps or services implemented on your site. These services can include data analytics tools (e.g. Google Analytics, the Facebook pixel, etc.). While reviewing your Wix site for GDPR compliance, make sure that these apps and services are also GDPR compliant. If you're not sure, contact them directly with your questions or concerns or use ones that are compliant.
Use Wix tools to access and delete your site visitors' data
In accordance with the GDPR, site visitors have the right to access their data or "be forgotten" (to be permanently deleted from your databases). Wix has developed two main tools to assist you in becoming GDPR compliant:
Right to access
Right to be forgotten
Whom ever clients engage to design or update their websites, designers have a duty of care to advise and ensure their client work includes a number of important functions in their designs, not least GDPR compliance.
For more information download the GDPR Guide to compliance; https://www.michaeljfoxwebdesign.com/resource-select