GDPR (General Data Protection Regulation) and why should you care

19 May 2018

Fact:

Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. That’s about SGD 31,667,000!

Unless you have been living in the woods in the last two years, without internet access; chances were you have been noticing the terms “EU General Data Protection Regulation” or “GDPR” everywhere. We were like you, did not take the terms too seriously until few days ago, we started to receive emails from all our favorite web services, telling us about the changes they had made in order to be GDPR-ready. We decided to spend some time reading about GDPR, to our greatest shock, it seems GDPR actually concerns almost everyone who runs a business, especially those who runs business online.

It is our life mission to keep everything simple, so we are going to focus on making this post about GDPR as easy to understand as possible. We will include the hyperlink to GDPR Portal in case you fancy more in-depth understanding of GDPR. Meanwhile, the following text should not take more than 5 minutes of reading. So here we go.

What is GDPR?

GDPR = General Data Protection Regulation. It is a data protection directive implemented by EU Parliament in 2016, which to be enforced from 25 May 2018. It was designed to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.

Isn’t it for EU citizens only? Why would it concern everyone else?

The directive was implemented to protect citizens who reside in EU countries, but do not limit to businesses operating in EU countries only. Which means to say, you may have a website running from Singapore (or any other location but not Europe), so long your website accepts business or even just a visit from someone who is from EU country, you are liable to comply.

What kind of data are we talking about here?

The GDPR covers any information that can be classified as personal details or that can be used to determine your identity. Such as (not exhaustive):

  • Name
  • Photo
  • Email address
  • Social media posts
  • Personal medical information
  • IP addresses
  • Bank details

My website is only a simple brochure-ware website that does not collect any data from anyone…

Do you have a contact form that requires someone to fill in their name, email address or phone number? If yes, then you need to comply. Well unless you make it very clear up front that, if the person is from any of the EU countries then he or she MUST NOT use the form.

Even if you don’t even have a contact form, your website may still be collecting data. How? If you have Google Analytics or any other visitor tracker script installed, then your website is already collecting and storing user’s IP address. You need to make it known to your website visitors. If you are not sure, then you had better comply anyway, just to be safe.

What happens if I don’t comply?

Frankly, we have no idea. But do you want to wait around to find out? All we know is, organizations who failed to comply and got caught (likely kena complained by users) can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million (which ever is higher!) That’s a whopping 31,667,000 Singapore dollars! Do you have 31 million Singapore dollars lying around to deal with that? If not, you had better want to do something about it today!

So what do I need to do to be GDPR compliant?

We got these step-by-step action plan from another website:

  1. Study reams of documents to understand what’s required and sign on board a lawyer just to make sure.
  2. Design processes, systems and workflows to adhere to the compliance requirements.
  3. Hire a coder to create the systems and programming necessary to implement the compliance measures on to your site.
  4. Work with your experts on a continuous basis to make sure you’re actually legally covered and to do the actions required for GDPR compliance.

Not very helpful, you say? We also think so! That’s why we decided to take the more proactive steps to just implement it for our clients’ website. That’s right. In the coming weeks, we will work with out clients to get their website to be GDPR compliant. By the time we finished, our clients’ website will:

  • comply to 7 Key GDPR Requirements;
  • inform visitors about cookie policy;
  • require visitors’ consent to terms and conditions, and offer the right to forget compliance, if need be.

Conclusion

So there you have it! Us doing our part to bring the GDPR awareness to you. It is never our intention to scare you. But considering GDPR to be the biggest change in 20 years, we chose not to take it likely. Should you be panic? We don’t think so. But should you do something about it if you can? Of course! Like we said earlier, do you have 31 million Singapore dollars lying around to deal with it should sh*t happens? If not, then you owe it to the internet community to make it a better place!

Is your WordPress website GDPR compliant?

If you own a website running on WordPress, and if GDPR concerns you, you might want to get in touch with us today and see how we can make it a breeze for you.