What GDPR Means For Small Business Websites in the United States
What does the GDPR Mean For You If You’re a Small Business in the United States?
The European Union’s new General Data Protection Act, which went into effect on May 25, 2018, has been the topic of much discussion, since its exact implications still remain unclear. If you run small businesses located in the US, the GDPR will have a minimal impact on how you run your website. However, it’s safer, and relatively easy, to bring your website into compliance anyway. This article will demystify the implications of the GDPR, and walk you through some easy steps to comply with the regulations.
What exactly is the General Data Protection Act?
The General Data Protection Act is legislation that protects the data of citizens of the EU when this data is collected on the internet. In particular, it stipulates:
- Websites must be clear about how collected data will be used.
- EU citizens must be able to give explicit consent for their data to be used when asked to provide it online.
- All EU citizens have “the right to be forgotten,” which means that they have the ability to request their data be deleted. They can also request to download their personal data from any website that has collected it.
- Any data breaches must be reported to local authorities within 72 hours.
What does this mean for me as a small business owner in the US?
The impact of the resulting EU General Data Protection Regulations (GDPR) on small businesses in the US will likely be limited. If your small business is US-based and targets customers in the United States, the vast majority of your traffic will likely be from within the US and therefore won’t be impacted by GDPR regulations. Even if you do have traffic from the EU, it is very unlikely that a business collecting minimal data from the EU will be prosecuted under the GDPR. First offenses of the regulations will receive a warning, rather than a fine.
However, there are times when EU residents may come to your site. For instance, if you have a blog to generate traffic for your business, the blog posts may bring in EU traffic through Google. Take a look at your Google Analytics to see how much traffic your website is generating from Europe to make an informed decision about whether or not to worry about making your site compliant.
How do I become compliant with the GDPR?
Check how the services you use are addressing the GDPR.
Most of the heavy lifting for GDPR compliance will be likely done by the services you already use to run your website. Check with your web host, email campaign service, and any other service you’re utilizing to see how they’re addressing the GDPR, and follow any specific instructions they have for their clients.
Bring your email list into compliance.
- Email the subscribers of your list, and remind them that they can unsubscribe at any time.
- Make sure that when users provide an email on your website, they must manually check a box to consent being added to your email list.
- Utilize a double-opt in method when adding new users to your list.
Note: This article should not be considered legal advice. Contact a lawyer if you are concerned about the legal implications of the GDPR on your company.