CNN Warns All Blogs & Websites re GDPR Law on May 25

Today’s CNN news story about the European Union (EU) to Regulate Facebook frightens me!

CNN claims, “The European Union is preparing to enforce sweeping new data protection law that gives consumers much more control over how their personal details are used. Companies are scrambling to comply.”

“Any organization that sells goods and services to people in Europe will be impacted.”

“Under the new law, companies will have to obtain an individual’s consent in order to store and process personal data. Requests must be clear and written in plain language.”

What Does this Mean?

CNN’s story is about the upcoming GDPR , the European Union’s General Data Protection Regulation taking effect on May 25.

GDPR applies to “Non-EU companies that collect, process, or store data on EU citizens and/or residents (even, for example, an IP address for a single individual)” .

It only takes one EU resident to visit your business blog or website no matter what country you are in and provide any kind of personal information.

This means every blog and website selling goods or services in the world must post GDPR privacy warnings and obtain consent from EU users before collecting any personal information (data).

Organizations and Solely Owned Businesses

“Organizations” defined by the EU includes every type of business like companies, corporations, partnerships, ecommerce stores, even charitable groups.

Every business blog or website in the world must comply with GDPR by May 25.

Even a sole proprietor (one owner) business must comply which the GDPR law calls “sole traders” .

Personal Information (Data)

“Personal Data” means any information that can be used to directly or indirectly identify an individual . Information such as: first & last name, phone number, email address, social media activities, banking information, IP address, medical information, photos, etc.

Consent Required

CNN claims, “Consent must be made separately, and cannot be bundled with general terms and conditions.”

“For example: Rather that automatically signing a user up for a mailing list and later offering an unsubscribe option, companies now have to explicitly seek consent ahead of time. The default option when asking users if they want to subscribe must be ‘no’.”

In other words, every EU user must provide Affirmative Consent before any personal information is collected separate from consent to other Privacy Policies or Terms and Conditions notices.

GDPR - Non-Copyrighted

Big Fines

“European regulators can impose fines of at least 20 million Euro ($25 million) or up to 4% of annual global sales.”

Ouch!

How can the EU Enforce Fines against my American Business?

Foreign court judgments can be enforced in the U.S. Wikipedia provides a nice explanation of how enforcement of foreign judgments works.

Most U.S. states follow the Uniform Foreign Money Judgments Recognition Act (UFM-JRA). The UFM-JRA established a process for American state courts to enforce foreign civil court judgments.

If the EU slaps any U.S. business with a big fine, that business is sued in a EU country. After a civil court judgment by the EU court is issued, the UFM-JRA can be used to collect the judgment in the U.S.

GDPR - Non-Copyrighted

Where to Get More Information about GDPR

Everyone knows that the most reliable information explaining laws are found on a licensed lawyer website.

One British lawyers’ website explaining GDPR in English can be visited HERE .

GDPR - Non-Copyrighted

How Your Blog and Website Complies with GDPR

The EU wants to protect its residents from data breaches like the current Facebook Scandal .

GDPR attempts to protect EU users’ personal data by requiring every business blog and website in the world which collects their personal information to create a system protecting the data from breaches.

In addition, GDPR requires obtaining affirmative consent from every EU user regarding how the blog or website collects, shares, processes, and stores the personal data.

The first thing your business blog and/or website must do is to create a Privacy Policy specifically mentioning and complying with the GDPR. Then, set up a system to protect every EU users’ personal data.

The GDPR Deadline is May 25, 2018.

Include the Two U.S. Laws

That’s right, the U.S. has two Data Privacy Laws which must be included in your Privacy Policy.

While many think the EU is the first to force every blog and website in the world to comply with their data protection law, the State of California was the first to enact a similar law. It’s called the California Online Privacy Protection Act ( CalOPPA ) requiring every website (and blogs) in the world to include Privacy Policies for California users. Since the penalty for violation is only $2,500 USD; most site owners don’t feel compelled to follow it.

The U.S. federal law is called the Children's Online Privacy Protection Rule ( COPPA ) which protects children under 13 years old. Every site in the world is supposed to publish a specific Privacy Policy to obtain consent from a parent or legal guardian of a child under 13 before collecting their personal data.

GDPR - Non-Copyrighted

Explanation of the Required GDPR Documentation

As mentioned above, EU lawyers’ websites provide the most reliable information regarding the GDPR law.

Required GDPR documentation explained in English by EU lawyers can be visited HERE .

Be sure to scroll down the web page to find the reasons for the required documents.

Where to Find a GDPR Privacy Policy

You can make the mistake by researching online for a “Free GDPR” Privacy Policy. But, as the old saying goes: ”You get what you pay for.” The problem with the “Free” Privacy Policies is that many are Scams and others simply provide a partial “sample” policy and send you a reminder later on about how you must purchase a fully compliant GDPR Privacy Policy before the May 25 deadline. They usually charge you more money than other sources for their “update”.

I found several EU law firms selling GDPR Privacy Policies for around $1,000 USD. I even found non-lawyer companies offering a GDPR Privacy Policy for around $500 USD.

The best one I found online comes from an English speaking EU law firm using two EU lawyers and an American lawyer to create their unique GDPR Privacy Policy which also includes the two U.S. Data Privacy Laws (CalOPPA and COPPA). That’s 3 laws in 1 Privacy Policy. They offer it for $200 USD.

I wish I can provide you with a link to their "Order Now" web page, but LinkedIn does not allow their articles to include advertisements.

So, you must contact me here on the LinkedIn Message System for me to send you the link and explanation of their privacy policy document you can download online.

If any of you have questions about the upcoming GDPR you can also contact me here in the LinkedIn message system of leave Comments for this article.

Steven Rich, MBA

Copyright © 2018 Steven Rich, MBA



