You may have noticed that many websites you’ve visited in the past couple of months have been positively screaming at you about their new privacy policies. The new General Data Protection Regulation, or GDPR, is a huge overhaul of privacy on the web laid out over the course of a 261-page document. At its core, GDPR is a new set of rules designed to give European Union (EU) citizens more control over their personal data. The recent wave of privacy policy and terms of service notifications, however, mostly stems from a part of the regulation regarding consent and taking steps to prevent companies from opting users in to terms that are hidden within monstrous legal documents that most people don’t even read before clicking “agree.”
This new law has bled over into the U.S. due to the global reach of many large brands like Apple, Facebook, Google, etc. that serve clients in the EU and around the world. But what does this mean for small businesses in the U.S. like home care agencies?
Currently, the GDPR law only affects businesses operating in the EU. The main goal of this legislation is to give individuals more control over their personally identifiable information (PII), including the ability to restrict how companies use their information.
Below are some of the key components of GDPR.
- Individuals must be able to request a copy of their personal information. This means that companies need to develop a way to gather and export this type of data as well as present it to users in a simple format. The good news is that there isn’t expected to be an influx of these types of requests.
- Individuals have the “right to be forgotten.” Companies must have processes in place to permanently delete all of an individual’s records from their systems upon request.
- Explicit consent is required for any forms of direct marketing – phone calls, emails, snail mail, etc. Pre-selected “opt-in” boxes will no longer be acceptable.
- This includes placing a cookie on someone’s hard drive to track their activity when they visit your website and is why you will start noticing a lot more “By using this site you accept cookies” messages.
- Businesses can no longer share personal data across borders (i.e., between the EU and the US).
The law went into effect May 25th, 2018, and while some larger companies have needed to make changes to their privacy policies as a result, businesses that do not interact with individuals in the EU do not need to take any immediate actions.
However, it’s good to be as prepared as possible in the event that the US decides to enforce similar legislation. The following are some things that can be done now to prepare for potential US legislation changes.
- Develop a list of all types of PII that your business collects, where you collect that information from, who you share it with, what you do with it, and how long you keep it.
- Create a list of places where PII is stored.
- Make sure you have a publicly accessible privacy policy that outlines your process related to personal data and the reason for collecting it.
- Adjust your “opt-in” policy to more explicitly state what a user is opting-in to receive.
As always, if you need assistance crafting a new privacy policy or updating your website, call on the home care marketing skills of the corecubed team.