The answer = yes.
EU General Data Protection Regulation
After four years of preparation and debate the GDPR was finally approved by the EU Parliament on 14 April 2016. Enforcement date: 25 May 2018 – at which time those organizations in non-compliance may face heavy fines.
The GDPR is all about visitors data that is collected whilst using your website and the way you deal with it.
[responsive]
[/responsive]
If you collect any data from people interacting with your website then there are 3 things firstly that you must comply with.
if any visitors data is collected then they must be able to request to View, update, have a portable copy of this data sent to them and if requested have any data collected deleted.
The data must be stored securely, (HTTPS / SSL should cover this if your not encrypted then you need to be), this also has search engine ranking benefits, and if there is a data breach (Hacked / Stolen / Leaked) the the customer must be informed within 72hrs.
The penalties for non-compliance?
Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million.
What constitutes personal data?
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
More info to follow as we get closer to the 25th of May when it comes into force.
