Non-EU Business Websites Must Comply with GDPR by May 25
By: Steven Rich, MBA
Parts previously published by the author at: https://www.linkedin.com/pulse/cnn-warns-all-blogs-websites-re-gdpr-law-may-25-steven-rich-mba/
Non-EU business websites must comply with GDPR by May 25.
Last April 12th, CNN ran this news story about the European Union (EU) to Regulate Facebook which frightens me!
CNN claims, “The European Union is preparing to enforce sweeping new data protection law that gives consumers much more control over how their personal details are used. Companies are scrambling to comply.”
“Any organization that sells goods and services to people in Europe will be impacted.”
What Does this Mean?
CNN’s story is about the upcoming GDPR, the European Union’s General Data Protection Regulation taking effect on May 25.
GDPR applies to “Non-EU companies that collect, process, or store data on EU citizens and/or residents (even, for example, an IP address for a single individual)”.
It only takes one EU resident to visit your business blog or website no matter what country you are in and provide any kind of personal information.
This means every blog and website selling goods or services in the world must post GDPR privacy warnings and obtain consent from EU users before collecting any personal information (data).
Organizations and Solely Owned Businesses
“Organizations” defined by the EU includes every type of business like companies, corporations, partnerships, ecommerce stores, even charitable groups.
Every business blog or website in the world must comply with GDPR by May 25.
Even a sole proprietor (one owner) business must comply which the GDPR law calls “sole traders”.
Personal Information (Data)
“Personal Data” means any information that can be used to directly or indirectly identify an individual. Information such as: first & last name, phone number, email address, social media activities, banking information, IP address, medical information, photos, etc.
Consent Required
CNN claims, “Consent must be made separately, and cannot be bundled with general terms and conditions.”
In other words, every EU user must provide Affirmative Consent before any personal information is collected separate from consent to other Privacy Policies or Terms and Conditions notices.
Huge Fines
The same CNN news story claims:
How can the EU Enforce Fines against my American Business?
Foreign court judgments can be enforced in the U.S. Wikipedia provides a nice explanation of how enforcement of foreign judgments works.
Most U.S. states follow the Uniform Foreign Money Judgments Recognition Act (UFM-JRA). The UFM-JRA established a process for American state courts to enforce foreign civil court judgments.
If the EU slaps any U.S. business with a big fine, that business is sued in a EU country. After a civil court judgment by the EU court is issued, the UFM-JRA can be used to collect the judgment in the U.S.
Where to Get More Information about GDPR
Everyone knows that the most reliable information explaining laws are found on a licensed lawyer website.
One British lawyers’ website explaining GDPR in English can be visited HERE.
How Your Blog and Website Complies with GDPR
The EU wants to protect its residents from data breaches like the current Facebook Scandal.
GDPR attempts to protect EU users’ personal data by requiring every business blog and website in the world which collects their personal information to create a system protecting the data from breaches.
In addition, GDPR requires obtaining affirmative consent from every EU user regarding how the blog or website collects, shares, processes, and stores the personal data.
The first thing your business blog and/or website must do is to create a Privacy Policy specifically mentioning and complying with the GDPR. Then, set up a system to protect every EU users’ personal data.
The GDPR Deadline is May 25, 2018.
Include the Two U.S. Laws
That’s right, the U.S. has two Data Privacy Laws which must be included in your Privacy Policy.
While many think the EU is the first to force every blog and website in the world to comply with their data protection law, the State of California was the first to enact a similar law. It’s called the California Online Privacy Protection Act (CalOPPA) requiring every website (and blogs) in the world to include Privacy Policies for California users. Since the penalty for violation is only $2,500 USD; most site owners don’t feel compelled to follow it.
The U.S. federal law is called the Children’s Online Privacy Protection Rule (COPPA) which protects children under 13 years old. Every site in the world is supposed to publish a specific Privacy Policy to obtain consent from a parent or legal guardian of a child under 13 before collecting their personal data.
Explanation of the Required GDPR Documentation
As mentioned above, EU lawyers’ websites provide the most reliable information regarding the GDPR law.
Required GDPR documentation explained in English by EU lawyers can be visited HERE.
Be sure to scroll down the web page to find the reasons for the required documents.
Where to Find a GDPR Privacy Policy
You can make the mistake by researching online for a “Free GDPR” Privacy Policy. But, as the old saying goes: ”You get what you pay for.” The problem with the “Free” Privacy Policies is that many are Scams and others simply provide a partial “sample” policy and send you a reminder later on about how you must purchase a fully compliant GDPR Privacy Policy before the May 25 deadline. They usually charge you more money than other sources for their “update”.
I found several EU law firms selling GDPR Privacy Policies for around $1,000 USD. I even found non-lawyer companies offering a GDPR Privacy Policy for around $500 USD.
The best one I found online comes from an English speaking EU law firm using two EU lawyers and an American lawyer to create their unique GDPR Privacy Policy which also includes the two U.S. Data Privacy Laws (CalOPPA and COPPA). That’s 3 laws in 1 Privacy Policy. They offer it for $200 USD.
Being new to Medium, I don’t know if I am allowed to post links to website order pages. If you are interested, send me a message to my box here at Medium. I can then explain what is included in the EU law firm’s Privacy Policy and provide you with a link to their order page.
Steven Rich, MBA
Copyright © 2018 Steven Rich, MBA