Non-EU Business Websites Must Comply with GDPR by May 25

Steven Rich, MBA
6 min readMay 8, 2018
GDPR — Non-Copyrighted

By: Steven Rich, MBA

Parts previously published by the author at: https://www.linkedin.com/pulse/cnn-warns-all-blogs-websites-re-gdpr-law-may-25-steven-rich-mba/

Non-EU business websites must comply with GDPR by May 25.

Last April 12th, CNN ran this news story about the European Union (EU) to Regulate Facebook which frightens me!

CNN claims, “The European Union is preparing to enforce sweeping new data protection law that gives consumers much more control over how their personal details are used. Companies are scrambling to comply.”

“Any organization that sells goods and services to people in Europe will be impacted.”

“Under the new law, companies will have to obtain an individual’s consent in order to store and process personal data. Requests must be clear and written in plain language.”

What Does this Mean?

CNN’s story is about the upcoming GDPR, the European Union’s General Data Protection Regulation taking effect on May 25.

GDPR applies to “Non-EU companies that collect, process, or store data on EU citizens and/or residents (even, for example, an IP address for a single individual)”.

It only takes one EU resident to visit your business blog or website no matter what country you are in and provide any kind of personal information.

This means every blog and website selling goods or services in the world must post GDPR privacy warnings and obtain consent from EU users before collecting any personal information (data).

Organizations and Solely Owned Businesses

“Organizations” defined by the EU includes every type of business like companies, corporations, partnerships, ecommerce stores, even charitable groups.

Every business blog or website in the world must comply with GDPR by May 25.

Even a sole proprietor (one owner) business must comply which the GDPR law calls “sole traders”.

Personal Information (Data)

“Personal Data” means any information that can be used to directly or indirectly identify an individual. Information such as: first & last name, phone number, email address, social media activities, banking information, IP address, medical information, photos, etc.

Consent Required

CNN claims, “Consent must be made separately, and cannot be bundled with general terms and conditions.”

“For example: Rather that automatically signing a user up for a mailing list and later offering an unsubscribe option, companies now have to explicitly seek consent ahead of time. The default option when asking users if they want to subscribe must be ‘no’.”

In other words, every EU user must provide Affirmative Consent before any personal information is collected separate from consent to other Privacy Policies or Terms and Conditions notices.

GDPR — Non-Copyrighted

Huge Fines

The same CNN news story claims:

“European regulators can impose fines of at least 20 million Euro ($25 million) or up to 4% of annual global sales.”

GDPR — Non-Copyrighted

How can the EU Enforce Fines against my American Business?

Foreign court judgments can be enforced in the U.S. Wikipedia provides a nice explanation of how enforcement of foreign judgments works.

Most U.S. states follow the Uniform Foreign Money Judgments Recognition Act (UFM-JRA). The UFM-JRA established a process for American state courts to enforce foreign civil court judgments.

If the EU slaps any U.S. business with a big fine, that business is sued in a EU country. After a civil court judgment by the EU court is issued, the UFM-JRA can be used to collect the judgment in the U.S.

Where to Get More Information about GDPR

Everyone knows that the most reliable information explaining laws are found on a licensed lawyer website.

One British lawyers’ website explaining GDPR in English can be visited HERE.

GDPR — Non-Copyrighted

How Your Blog and Website Complies with GDPR

The EU wants to protect its residents from data breaches like the current Facebook Scandal.

GDPR attempts to protect EU users’ personal data by requiring every business blog and website in the world which collects their personal information to create a system protecting the data from breaches.

In addition, GDPR requires obtaining affirmative consent from every EU user regarding how the blog or website collects, shares, processes, and stores the personal data.

The first thing your business blog and/or website must do is to create a Privacy Policy specifically mentioning and complying with the GDPR. Then, set up a system to protect every EU users’ personal data.

The GDPR Deadline is May 25, 2018.

Include the Two U.S. Laws

That’s right, the U.S. has two Data Privacy Laws which must be included in your Privacy Policy.

CalOPPA — Non-Copyrighted

While many think the EU is the first to force every blog and website in the world to comply with their data protection law, the State of California was the first to enact a similar law. It’s called the California Online Privacy Protection Act (CalOPPA) requiring every website (and blogs) in the world to include Privacy Policies for California users. Since the penalty for violation is only $2,500 USD; most site owners don’t feel compelled to follow it.

COPPA — Non-Copyrighted

The U.S. federal law is called the Children’s Online Privacy Protection Rule (COPPA) which protects children under 13 years old. Every site in the world is supposed to publish a specific Privacy Policy to obtain consent from a parent or legal guardian of a child under 13 before collecting their personal data.

Explanation of the Required GDPR Documentation

As mentioned above, EU lawyers’ websites provide the most reliable information regarding the GDPR law.

Required GDPR documentation explained in English by EU lawyers can be visited HERE.

Be sure to scroll down the web page to find the reasons for the required documents.

Where to Find a GDPR Privacy Policy

You can make the mistake by researching online for a “Free GDPR” Privacy Policy. But, as the old saying goes: ”You get what you pay for.” The problem with the “Free” Privacy Policies is that many are Scams and others simply provide a partial “sample” policy and send you a reminder later on about how you must purchase a fully compliant GDPR Privacy Policy before the May 25 deadline. They usually charge you more money than other sources for their “update”.

I found several EU law firms selling GDPR Privacy Policies for around $1,000 USD. I even found non-lawyer companies offering a GDPR Privacy Policy for around $500 USD.

The best one I found online comes from an English speaking EU law firm using two EU lawyers and an American lawyer to create their unique GDPR Privacy Policy which also includes the two U.S. Data Privacy Laws (CalOPPA and COPPA). That’s 3 laws in 1 Privacy Policy. They offer it for $200 USD.

Being new to Medium, I don’t know if I am allowed to post links to website order pages. If you are interested, send me a message to my box here at Medium. I can then explain what is included in the EU law firm’s Privacy Policy and provide you with a link to their order page.

Steven Rich, MBA

Copyright © 2018 Steven Rich, MBA

--

--

Steven Rich, MBA

Professional writer with MBA degree and many years experience with marketing, content writing, copywriting, and journalism.