GDPR: New Law Could Fine You $24M!

Posted by on Apr 12, 2018 in Blog, Small Business


dgpr affects u.s. websites

New Euro-Law May Affect Your Website!

GDPR: General Data Protection Regulation

Does your website invite visitors from the U.S. and Europe?  Or perhaps the entire world? Then you need to know about a new law (effective next month) that you’re almost certainly in violation of, and that could cost you over $24,000,000 in fines!

You say you don’t have a website in Europe, you don’t store financial information, you’re just a little business in Tampa with a little website, so you don’t need to be concerned?


Let’s say you have a little message board where you only store members’ names and email addresses, and maybe you have a section specifically for French or maybe German interests.  Guess what?  Yup – GDPR is aimed at you!

Or you charge member fees or maybe have a little online store where customers can pay in Euros or dollars.  Yup – you’ve just been GDPR’d!

Most articles about GDPR quote a maximum fine of 4% of gross revenues.  Actually it is 4% or 20 million euros, whichever is greater!  And it is almost a certainty that the U.S. would assist enforcement of GDPR.  (BTW, €20M euros = $25M)

Whether or not your website is covered by the new GDPR law depends on whether you are in any way “targeting” european citizens.  Such targeting seems to include web content in european languages or content directed toward european interests; websites with european TLD’s (.nl, etc.).

So, if your website has nothing specifically targeting european customers, then there’s a good chance that you’re not subject to the new GDPR laws.  BUT – maybe you should pay attention anyway.  Here’s why –

  • The sum of various federal and states laws suggest that you should at least have a Privacy Policy on your website if you collect names, email addresses or any type of identifying information.  GDPR requirements are likely even more stringent than U.S. laws.
  • Dozens of countries around the world have laws requiring privacy policies and you could be subject to their laws under current treaties if you collect information from their citizens.  GDPR requirements are likely even more stringent than these laws.
  • Gain visitors’ trust and loyalty.
    • Having a long-form, fine-print, legalesed privacy form only irritates visitors and creates mistrust.
    • Making privacy issues simple, clear and putting your visitors in charge of their data .
  • Future changes to your website might change your GDPR status, so proactively complying keeps you safe.
    • If your website is not in compliance with GDPR and a year from now a web designer adds something that would cause you to be subject to the law, you may not remember that changes are required.  Complying now will future-proof you.
  • It’s really just the right thing to do.
    • People should be presented with a short, simple, easy to understand privacy policy.
    • People should have a right to know what you’re going to do with their data and to opt-out.
    • They should have the right to remove that data in the future.

With all the recent hubbub over Facebook and Cambridge Analytica and the psychological profiling and targeting of those whose personal data had been subjected to advanced AI algorithms, what better time, from a marketing standpoint, to display an open, simplified privacy policy that puts your visitors in charge of their own data?

To protect yourself from potential legal issues and from customer backlash, why not get GDPR compliant today?  Or at least add a people-friendly privacy policy.

I’ll list some resources below if you want to handle this yourself.  If you’re busy running your business, you may prefer to have me take care of your website.  Why not contact me now?