Have a Business Website? A New European Privacy Law May Affect You

Do you need to be compliant with GDPR? Photo by: graphic stockDo you need to be compliant with GDPR? Photo by: graphic stock

By: Mike Rhodes—

Muncie, IN— A new piece of  European Union (EU) legislation called the General Data Protection Regulation is being touted as one of the most stringent policies to affect the protection of personally identifiable information on the internet in 20 years.

The law is primarily aimed at companies who heavily market and collect data from residents of the European Union, but will also have a far-reaching impact in the U.S.

Websites must be compliant by May 25, 2018. The full regulation can be found here. 

For example, if you are a Delaware County manufacturer and market your products in the EU, you will definitely be affected by the GDPR. The new law covers all industries, not just manufacturing. A quick Google search for the term “GDPR” results in over 14 million returns, so there is plenty of information (sometimes conflicting information) on the web about GDPR if you choose to learn about the new regulation and how it will affect your business. Fair warning: the law is somewhat complex and technical so you’ll need time to absorb it.

The biggest change with the law comes with the extended jurisdiction of the GDPR, as it applies to all companies processing the personal data of data subjects residing in the EU, regardless of the company’s location.

There are a number of reasons why you should be compliant, but the main one is to keep your bottom line from being hit—business owners whose websites are not GDPR compliant by May 25, 2018 could be fined up to 4% of global revenue or 20 million euros, whichever is greater. This is the maximum fine that can be imposed for the most serious infringements.

For US websites, personally identifiable information can minimally include the website’s use of “cookies” if the website is accessed by persons in the EU. The internet is a global medium, so the chances of your website being accessed by persons in the EU can be high, whether you intended it to be or not.

Michael Wolfe is vice president and chief technology officer at Ontario Systems in Muncie.  “If your US-based website(s) currently experience European web traffic, or utilizes cookies in a personally identifiable way, then, yes, you will not be compliant for GDPR,” he said. “GDPR compliance goes far past the simple use of cookies, so it really behooves businesses to know if the new law will affect them,” said Wolfe.

Website cookies are small bits of data that are stored on a users computer by using a web browser and are used for a variety of purposes including: measuring web-tracking, analytics, collection of data through use of web forms, etc.

If you are unsure if your business website uses “cookies,” the website below will analyze your site, email you with a report, and indicate whether or not your site is currently GDPR compliant on a “cookie level.” All you need to do is enter your website’s URL and your email address. https://www.cookiebot.com/en/

Again, the law is not simply about the use of cookies on a website. That’s just the easiest thing to audit first.

If you measure the performance of your website using Google Analytics, you should login to your account and look for any messages Google has sent you regarding changes to how Google Analytics will store your data and resulting reports as a result of GDPR.

Ty Morton is principal with Tylonius Design & Development in Muncie. Ty said, “We have been advising our clients about GDPR for the past few months. We have done quite a bit of legwork on GDPR, so business owners who need help can call us and take advantage of the work we have already done.”


Editor’s note & disclaimer: This article is for awareness purposes only and you should not consider it legal advice. Nor is it a definitive overview of GDPR.  Most mainstream business websites such as Forbes, Business Insider, and Fortune among others are recommending business owners reach out to their attorneys, third-party providers and IT suppliers to see how the new regulation may affect them.