GDPR COMPLIANCE IS HERE
GDPR (General Data Protection Regulation) is here. This new regulation, which went into effect on May 25, 2018, seeks to create a harmonized data protection law framework across the European Union (EU) and aims to give data back to your website viewers so they have more control over their personal date. These strict rules apply to hosting and processing website data anywhere in the world.
Why does the GDPR exist?
The short answer to that question is public concern over privacy. Europe in general has long had more stringent rules around how companies use the personal data of its citizens.
What types of privacy data does the GDPR protect?
- Basic identity information such as name, address and ID numbers
- Web data such as location, IP address, cookie data and RFID tags
- Health and genetic data
- Biometric data
- Racial or ethnic data
- Political opinions
- Sexual orientation
How we protect personally identifiable information under GDPR
Personally identifiable information (PII) is any data that can be used to identify a specific individual. Social Security numbers, mailing or email address, and phone numbers have most commonly been considered PII, but technology has expanded the scope of PII considerably. It can include an IP address, login IDs, social media posts, or digital images. Geolocation, biometric, and behavioral data can also be classified as PII.
Even though we don’t do business with the EU, it’s likely to have impact on global security standards going forward. Consequently, companies working in the EU or with GDPR-impacted data are quickly trying to come into compliance. The essence of the GDPR is individual privacy protection. Europeans consider data privacy a basic human right. If the founding fathers knew that snapchat was on its way, they might just have written it into the constitution. Something along the lines of “life, liberty, and the right to be able to erase those awkward pictures with Ben Franklin.”