Not Implementing GDPR – Are You Feeling Lucky?

It is not hard to be in compliance with the EU's GDPR.
It is not hard to be in compliance with the EU’s GDPR.

So far only one of my US based webmaster clients has taken notice of the changes needed to their website to be EU compliant with the new GDPR rules on EU citizen privacy.

This is what I hear from clients:

  1. I do not sell in the EU so this does not apply to me.
  2. I don’t care if I have EU visitors. No one will prosecute me.
  3. I guess I am feeling lucky and so am not doing anything.

Let me demystify something please.

  1. It is not complicated to make these changes.
  2. There are free cookie handling scripts for this.
  3. Your privacy policy needs just a few minor changes.

For most clients we work with, the implementation would be under one hour and the cookie acceptance script is free unless you are on https and then expect to pay about $100 for the script.

The site update is not obtrusive, yet gives you protection. Although our own website does not get a lot of traffic from the European Union, factor 30 day traffic times 12 months. That number is high enough to think twice about saying no one will find me out.

One of our clients who said he did not want us to implement the updates, and said he was feeling lucky. But later sent an email and said go ahead and make the changes. He was feeling lucky but also wanted to be safe.

From my point of view, making this relatively simple update for most sites is a no brainer and I am baffled as to why more US business sites are not updating to this important change.

Being transparent with website visitors is important, not hard to do, and is the right thing to do. That is what the EU’s GDPR is all about.

EU Privacy Considerations for US Clients

Understanding the GDR Regulations for Privacy
Understanding the GDPR Regulations for Privacy

The European Union is instituting a number of important privacy regulations. Even if you do not sell to clients based in the European Union, you may have visitors who live there and so it is important to prevent a penalty or legal issue to review your privacy policy and make updates to your website as needed now.

If you serve or have visitors from the European Union, you will need to enact a number of privacy policy changes supplying information about what you track, how to opt out and get proactive approval before tracking starts.

Please make sure that you take the time to review these important new guidelines that go into effect May 25, 2018.  Below are several examples of many articles on the web to help you understand what changes may be needed to your website to be in compliance. It is important to do your own research and implementation to be compliant.

https://www.eugdpr.org – the official EU website

and

Easy to understand explanation from American Express.

https://www.americanexpress.com/us/small-business/openforum/articles/what-the-new-european-general-data-protection-regulations-mean-for-your-business/

“Who does the GDPR affect? (From the Official EU site)

The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.”

So the bottom-line is if you sell to or even have visitors from the EU, you need to be in compliance.

Important note: I am not a privacy expert and I cannot make recommendations for you that will bring you into compliance. This blog post is only to advise you that action may be needed by your firm’s website  to be in compliance.