Author: Deborah Dapson

On May 25th, 2018 enforcement of a new regulation in the EU called the General Data Protection Regulation (GDPR) began. In case you haven’t heard about it, this new regulation, which is meant to enhance an earlier data security regulation established in 1995, expanding the previous requirements to further protect users, specifically European Union members. The GDPR aims to prevent data breaches and protect the security of private data. The 1995 regulation (Data Protection Directive) assures privacy through a set of common sense rules (giving notice, using data only for the purpose stated, user consent, data encryption/security, disclosure of who is collecting user data, user access to their data and data collector accountability) the GDPR added

Unlike The EU, The USA Does Not Have A Formal Centralized Data Protection Regulation or Act; So, If That’s the Case Do We Need To Be Concerned?

The short answer is yes.

The expanded regulation has pushed the scope of their regulations to anyone who collects data on EU citizens regardless of their home country, meaning if you have a call to action or offer on your website that requires a user enter data about themselves, even if it is just an email address and because anyone in the world can enter their data to get your offer you are subject to the regulation. Additionally, there doesn’t have to be a financial transaction involved.

So, What Do We Need to Know If We Have A Globally Reaching Website?

If you are going to be gathering data for business or non-profit transactions, you will need to follow the regulations that I listed above, and the following other changes the GDPR brought about. These include tighter controls on how consent is given—small print and/or legalese is not allowed; data breaches must be reported within 72 hours; even more access for users, who must be told whether their data is begin used, where and why and must be given an electronic copy of the data being used; the user has the right to ask for their information to be erased—” the right to be forgotten.;” the users’ right to move the data from one data collector to another, in other words, once your data has been used to set up an account, you can get an electronic copy ( say a spreadsheet or csv file) and send it to another company; those who want to collect data must design their software such that it collects only the data needed to do what is needed and to only allow those who need the data the right to view it and finally there must be a(n) officers in the company collecting data who can report to the regulation office.

All Right, I May Process Data from EU Citizens, What Do I Need to Do?

The simple answer is that you’ll need to make sure that you follow the rules above, but I’ve only given you a thumbnail. The process to compliance is relatively complex, you must access all your data and be able to say where it is stored, you must ensure that it’s encrypted, that your request for consent is clear and specific, that you’re carrying an SSL certificate on your site, that you have your policies written on your site and they are clear and specific, that you report any data breach within 72 hours. Be ready to access data to give to a user at any time and create ‘fair processing notices’ describing exactly what, where and how you’re using the collected data.

Final Thoughts

As a website designer this is something that I must pay close attention to, particularly with sales and coaching sites, where data collection is a requirement for business to occur. Nearly every other day, it seems, we hear of yet another big data breach—causing us to run to our device and begin changing passwords, while fretting over possible identity theft.

If you’re concerned (and you should be) that you may not be compliant, please contact me, I can help you, especially if you are using WordPress as your platform.


Deborah Dapson has been working in marketing and communications for over 15 years and working in website and graphic design for the last 7 years. Her passion is to help small business and non-profits.

Connie Knudson Photo

Deborah Dapson
Marketing and Communications Specialist


Balanced Scorecards – Measuring to Understand MORE

Most small businesses start out relying on intuition.  Their gut told them to do this thing they love for a living.  Their passion circumvented the risks and challenges.  They checked the bank account balance every day to be sure they have enough...

Typology and your business

Author: Victoria Silva Wilger Typology is the study of systematic classification of types that have characteristics or traits in common. Typology can be used across all industries and disciplines including theology, anthropology, psychology, politics, education,...

What to look for in your Mentor

As a long time mentor, please allow me to share some thoughts on mentoring. I have loved living my life as a serious, successful, and serial entrepreneur. I have been fortunate in finding the perfect mentor at the most needed time. I was willing to watch, listen and learn.

How to make an impact

Alice Waters, the founder of Chez Panisse restaurant in Berkeley, California, didn’t plan to revolutionize the way people cook, eat, and think about food. But in 1965, when she returned to the U.S. from France, she did know what she wanted. She wanted food that was fresh and that tasted good—like the food she had eaten in France.

How to choose the best health mentor

Medicine as a path to health has changed over time, and in recent years we have come to understand that traditional medicine is not getting us the results we want. Everywhere we look these days we are told, “Call your doctor, call your doctor . .