What is GDPR?
In short, the General Data Protection Regulation (GDPR) is a law that requires any organisation (globally, not just the EU) that is handling Europeans’ data to give these citizens access to their data:
- The right to be forgotten (deleted).
- The right to demand how their data is being handled (think Facebook)
- The right to demand copies of their data (what's been collected)
- Personal data includes protecting names, emails, physical address, IP address, health information, income, and more
Basically, if your company, big or small, based anywhere in the world, is collecting data from citizens in the EU, you must comply.
Repercussions of non-Compliance
Disclaimer: this should not be considered legal advice. We are not lawyers.
Europe is not taking this issue lightly; with the latest data scandals happening across the globe, it is no surprise that fines will be as high as 4% of annual “global” revenue.
The EU understands that this is a big change, so it is rumoured that as long as the right steps are being taken to become compliant, that penalties and warnings will follow as such:
- Suspension of data processing, or Fine
How Can Acro Media help?
We're working with the Drupal community and many of our clients who do business in the EU to help them become compliant.
Acro Media is working with a GDPR module for Drupal, but as all websites differ (data storage, etc.), there is some custom work required to bring your site up to full compliance.
Contact us if you have any of the following questions:
- How much of my data needs to be protected?
- If you need a data map for your site
- If you need a price for becoming compliant