GDPR: New Law Could Fine You $24M!
Does your website invite visitors from the U.S. and Europe? Or perhaps the entire world? Then you need to know about a new law (effective next month) that you’re almost certainly in violation of, and that could cost you over $24,000,000 in fines!
You say you don’t have a website in Europe, you don’t store financial information, you’re just a little business in Tampa with a little website, so you don’t need to be concerned?
Let’s say you have a little message board where you only store members’ names and email addresses, and maybe you have a section specifically for French or maybe German interests. Guess what? Yup – GDPR is aimed at you!
Or you charge member fees or maybe have a little online store where customers can pay in Euros or dollars. Yup – you’ve just been GDPR’d!
Most articles about GDPR quote a maximum fine of 4% of gross revenues. Actually it is 4% or 20 million euros, whichever is greater! And it is almost a certainty that the U.S. would assist enforcement of GDPR. (BTW, €20M euros = $25M)
Whether or not your website is covered by the new GDPR law depends on whether you are in any way “targeting” european citizens. Such targeting seems to include web content in european languages or content directed toward european interests; websites with european TLD’s (.nl, etc.).
So, if your website has nothing specifically targeting european customers, then there’s a good chance that you’re not subject to the new GDPR laws. BUT – maybe you should pay attention anyway. Here’s why –
- Dozens of countries around the world have laws requiring privacy policies and you could be subject to their laws under current treaties if you collect information from their citizens. GDPR requirements are likely even more stringent than these laws.
- Gain visitors’ trust and loyalty.
- Having a long-form, fine-print, legalesed privacy form only irritates visitors and creates mistrust.
- Making privacy issues simple, clear and putting your visitors in charge of their data .
- Future changes to your website might change your GDPR status, so proactively complying keeps you safe.
- If your website is not in compliance with GDPR and a year from now a web designer adds something that would cause you to be subject to the law, you may not remember that changes are required. Complying now will future-proof you.
- It’s really just the right thing to do.
- People should have a right to know what you’re going to do with their data and to opt-out.
- They should have the right to remove that data in the future.
I’ll list some resources below if you want to handle this yourself. If you’re busy running your business, you may prefer to have me take care of your website. Why not contact me now?
- Entire GDPR law (pdf)
- Forbes: “Yes, the GDPR Will Affect Your U.S.-Based Business
- National Conference of State Legislatures
- Simplified breakdown for U.S. businesses