What is the GDPR?
GDPR is also known as General Data Protection Regulation. It's a new law that affects not only European citizens and residents, but people all over the world. It came into effect on 25th May 2018.
The purpose of the regulation is to protect people from being exploited by big companies who collect data and use it to target-market individuals.
As a website owner you are required to comply with the GDPR if your website can be accessed by people in Europe.
As a responsible person I embrace the regulation and support our right to privacy and the right to be forgotten.
Are you complying with the GDPR yet? There's more to it than simply updating your privacy policy page.
In this tutorial I've attempted to cover the many different things that you'll want to know about regarding the GDPR. If I've missed something then please tell me in the comments below so I can add it to the tutorial.
Next Page: Wealthy Affiliate's Official Take
Please share the love, click 'Like This' (if you do). Ask a question, share something or leave a comment.
Join the Discussion
Reply
jvranjes
Premium
"if your website can be accessed by people in Europe."
Are you sure this is a correct statement? I here in a discussion from yesterday that this is not so. A EU citizen is supposed to be protected regardless from where he/she is accessing your site.
I am just repeating what was claimed.
Are you sure this is a correct statement? I here in a discussion from yesterday that this is not so. A EU citizen is supposed to be protected regardless from where he/she is accessing your site.
I am just repeating what was claimed.
MarionBlack
Premium
I'm just going by what I've read including this extract from Wikipedia:
"The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.[1]"
It doesn't mention European citizens that are not located within Europe.
Please note that I am not a lawyer and therefore not qualified to give legal advice.
Thanks for bringing up this aspect, Jovo.
"The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.[1]"
It doesn't mention European citizens that are not located within Europe.
Please note that I am not a lawyer and therefore not qualified to give legal advice.
Thanks for bringing up this aspect, Jovo.
jvranjes
Premium
jvranjes
Premium
See this link
https://www.eugdpr.org/gdpr-faqs.html
It says " if they offer goods or services to, or monitor the behaviour of, EU data subjects."
So this is not "people in Europe". Wikipedia is not the official voice of the EU.
The question is, what is the true meaning?
https://www.eugdpr.org/gdpr-faqs.html
It says " if they offer goods or services to, or monitor the behaviour of, EU data subjects."
So this is not "people in Europe". Wikipedia is not the official voice of the EU.
The question is, what is the true meaning?
MarionBlack
Premium
As far as I'm concerned it should apply to every citizen of the world. We should all have the right to privacy and the right to be forgotten.
I just read this on the link you've given me:
"Who does the GDPR affect?
The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location."
I just read this on the link you've given me:
"Who does the GDPR affect?
The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location."
jvranjes
Premium
Yes this is the paragraph from which I gave the previous quote.
So back to my starting question. Is it "people in Europe" as you wrote? Or is it citizens of Europe regardless from where they come to your site. The difference is essential (and potentially costly).
So back to my starting question. Is it "people in Europe" as you wrote? Or is it citizens of Europe regardless from where they come to your site. The difference is essential (and potentially costly).
jvranjes
Premium
See why I am asking; US brands now block me. No doubt they do this by my computer IP address. This would indicate (if they understood the law correctly) that this is by EU territory. But what if this is not so?
I go outside of EU and access this site, so should I sue them? I am an EU citizen anywhere.
I go outside of EU and access this site, so should I sue them? I am an EU citizen anywhere.
MarionBlack
Premium
They do use the word "residing", so I'm thinking that it protects people living in Europe (whether they are European citizens or not).
"It applies to all companies processing and holding the personal data of data subjects residing in the European Union"
So from that, I guess that European citizens who reside elsewhere in the world are not protected YET.
"It applies to all companies processing and holding the personal data of data subjects residing in the European Union"
So from that, I guess that European citizens who reside elsewhere in the world are not protected YET.
jvranjes
Premium
I took the note about the disclaimer.
I can be travelling the world and still be residing in the EU.
But in any case this contradicts to what Dom wrote yesterday (see Labman's blog). So the bottom line is we have no clear answer.
I can be travelling the world and still be residing in the EU.
But in any case this contradicts to what Dom wrote yesterday (see Labman's blog). So the bottom line is we have no clear answer.
StefanC
Premium
MarionBlack
Premium
StefanC
Premium
Got it! Yeah, they are using the easy approach of blocking EU ips, but that doesn't make them compliant. Now, if you are successful suing them is another story. I don't think a business outside Europe will ever be sued for this. Very complicated Jovo! I think not even the legislators know what to do. Only time will tell
jvranjes
Premium
You are right Marion. One of them is Backcountry-com, the second largest US outdoor retailer. Very surprising what they are doing. Have seen several in my niche. It is becoming annoying.
StefanC
Premium
Hi Marion, I think the price to pay is disproportionate compared to real benefits for individuals. Instead, They are making the process of doing business harder for individuals.
The time you are wasting to research how to block cookies could be used to increase production. It's waste of capital, now I have another price to pay for specific services because I am not a lawyer nor a web developer.
It makes user experience rubbish... It makes Google Analytics tracking useless For EU residents. It creates fear and a false perception that websites are trying to get secret data to spy people's lives.
The time you are wasting to research how to block cookies could be used to increase production. It's waste of capital, now I have another price to pay for specific services because I am not a lawyer nor a web developer.
It makes user experience rubbish... It makes Google Analytics tracking useless For EU residents. It creates fear and a false perception that websites are trying to get secret data to spy people's lives.
MarionBlack
Premium
There are some companies that are doing just that, Stefan. Without naming names some very big companies are tracking people's online movements and serving up ads based on their browsing history.
And there's this:
https://www.news.com.au/technology/online/social/wow-thats-disgustingly-devious-facebook-accused-of-cheap-trick-in-new-privacy-policy/news-story/21213d8ff52fbc3b431c6b6062bf1c26
https://noyb.eu/wp-content/uploads/2018/05/complaint-facebook.pdf
And there's this:
https://www.news.com.au/technology/online/social/wow-thats-disgustingly-devious-facebook-accused-of-cheap-trick-in-new-privacy-policy/news-story/21213d8ff52fbc3b431c6b6062bf1c26
https://noyb.eu/wp-content/uploads/2018/05/complaint-facebook.pdf
StefanC
Premium
Hmm, people are not forced to use the website if they don't want to share their data. If they are so concerned about it, them simply don't use the website! Go back to the caves
Now, companies are forced to provide not only free service but also accept getting nothing in return? Would this be a business or charity?
Now, companies are forced to provide not only free service but also accept getting nothing in return? Would this be a business or charity?
