The European Union’s new General Data Protection Regulation (GDPR) has a lot of online businesses worried, but the new policy isn’t as omnipresent as it seems. Ask yourself these few simple GDPR questions to find out if you need to worry about being GDPR compliant.
Note: We’ve provided general questions to ask, based on information from EUGDPR.org. It isn’t legal advice, so if you are on the fence about your products or services, consult a lawyer.
So, Is your business affected by the GDPR?
Do you sell goods or services to any customers within the European Union?
No? Then close out of the article, you don’t have to worry about it.
The GDPR applies to companies that operate in the EU, and international companies that collect and process the data of EU customers.
Does your company collect personal data?
The GDPR aims to protect the privacy of EU citizens. Here’s an example of data that it covers;
- Basic identity information such as name, address and ID numbers
- Web data such as location, IP address, cookie data and RFID tags
- Health and genetic data
- Biometric data
- Racial or ethnic data
- Political opinions
- Sexual orientation
If you don’t collect data on your customers, the GDPR shouldn’t affect your business. According to Sam Wood, even if an ecommerce business makes a few sales to customers in the EU, they may not need to worry about the GDPR as long as they don’t control personal information.
Do you handle data responsibly?
The GDPR requires responsible processing, storage, and protection of customers’ personal data. Do you ask for consent before storing data? Do you store data “no longer than is necessary for the purposes for which the personal data are processed?” Do you erase personal data upon request?
If you are already being responsible with the way you manage customers’ data (which is a best practice anyway, in whatever country you operate in), you don’t have to worry. Just take a look at the key changes of the GDPR and double check that you comply with each one.