The GDPR—General Data Protection Regulations, or more specifically Regulation (EU) 2016/679, is a European wide data privacy and protection law that aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. It becomes enforceable from 25 May 2018.
Warning: The following is not legal advice, rather the opinion of Brian Clifton, author of Advanced Web Metrics with Google Analytics and Successful Analytics: Gain Business Insights by Managing Google Analytics. He is Director of Data Insights & Analytics at Search Integration Sweden AB.
From a website owner’s point of view, little changes in terms of end-user privacy. That is, the EU takes the privacy rights of its citizens seriously and you need to comply with the law if you conduct business with any EU citizen—including EU citizens visiting your website. What does change is your liability. That is, failure to be compliant can lead to a fine of €20M euros, or 4% of your global revenue. The aim is clear—to make privacy laws bite!
Key requirements of the GDPR form a web site owners point of view:
Note that GDPR is not just about operating a website, it’s about how you conduct business with EU citizens. However, this brief guide is only concerned with your website implications of being compliant. See also PII Reference Guide.