In somewhat related news, on May 25, the European Union will begin enforcing the General Data Protocol Regulation (GDPR). The goal of the GDPR is to protect the privacy of residents of the European Union. That’s good, right? So what does that mean for a small organization operating in the United States… like yours?
According to the GDPR, any company (regardless of national origin) that processes data of EU residents must implement measures to protect privacy *by default*. As it applies to you and me, if your website requests any information from website visitors (including tracking analytics and Contact Forms), they must be alerted to how that information will be used and how long the data will be retained. Even if you don’t serve EU residents directly, if your website is visited by a European resident, you are affected by this new law.
I have been looking into the issue and will put measures in place before May 25 to make sure that we’re in compliance. Note: I am not charging my clients for this “service after the sale”.
Please see https://en.wikipedia.org/wiki/General_Data_Protection_Regulation or contact your attorney for more information about how the GDPR affects your organization.