I think GDPR is a Movement
If you’re data footprint on the world is anything like mine, in recent weeks you’ve been bombarded by updates to data privacy policies from every company or site that has your email address. Frankly, I don’t think I’ve seen movement on an legal issue like this since the Y2K panic nearly 20 years ago. And it’s strange to me. We’ve known about the coming of the GDPR for quite some time, yet everyone waited until the very last minute to update their policies. Why?
I think everyone is afraid of the potential fines for non-compliance, which are substantial under the new regulation. But truthfully, does anyone think the EU is going to come after the little online e-commerce site that happens to have a customer in Europe? I mean, the big banks and multi-national corporations should have been doing some of the things outlined in the GDPR even before the regulation went into effect. After all, they are the ones who are most likely to be targets for data intrusions.
I Updated My Website. Did You?
Still, I am updating my website if only because I believe in the noble purpose of the regulations and in general data privacy. People should have the right to know what we’re doing with their personal information. And people should be asked before their information is shared with someone else. These kinds of things just make sense that in our increasingly online world. There’s a lot to be determined about the GDPR. My legal friends have called it vague and lacking in details. I’m sure a few court decisions will resolve the ambiguity in short order.
In the meantime, if you’re operating a organization that touches information belonging to citizens of the EU, the prudent thing to do is update your policies to alert your “data subjects” what data you are collecting, how the data is being used, and giving them the option to be “forgotten” if they so choose. I’m told the best practice is to ask customers to affirmatively “Opt-In,” which I think can be accomplished with a check box and sentence or two telling them what they are opting in to. Either that, or take my friend Craig’s advice (see insert below)
