Implemented in May 2018, the General Data Protection Regulation (GDPR) applies to more than just websites operating in the European Union (EU) — it also concerns any business that reaches people in the affected countries under the GDPR. Even if your business’ headquarters are in the United States, if your company has an online presence, the GDPR likely impacts you.
If you aren’t already compliant, now is the time to ensure your site has clearly listed privacy policies and a plan for handling information gathered from users. GDPR will continue affecting the web into 2019 in a variety of ways, including these seven.
1. Updated Privacy Policies
In the past, businesses often didn’t even have a privacy policy in place. The consumer hoped their personal information was protected but had no way of knowing for companies. The sites with privacy policies tucked them into out of the way places and failed to update them for years on end. GDPR changed that, with even small businesses scrambling to update their policies and make sure they were GDPR compliant.
Sites now have the privacy policy link on the home page — typically in the footer — or have a popup informing site visitors of the policy’s location.
2. Plans for Storing Information
GDPR insists companies have a strategy for how they store the personal information collected from users. Sites should only obtain the information they need to do business and have a plan in place to protect that information. If sharing the info with any third parties, this must be disclosed upfront to the user. It must be easy for the user to opt out and upon request any data on file immediately destroyed.
3. Altered Search Process
In Frank v. Gaos class action lawsuit, the plaintiffs claim Google gave the search terms users placed into the search box to third parties without the permission of those users. Google settled the case for $8.5 million.
Business owners took notice and adjusted the information their cookies tracked. You’ve likely seen cookie notification popups informing you of sites tracking your actions and details on exactly what info they’re collecting and why.
4. Different Design
To educate customers about their privacy policies, companies are interacting with consumers more than ever before. Part of the GDPR states companies must notify users of any changes to their privacy policies, any data breaches and any other privacy concerns. Sharing information opens up the lines of communication between users and website owners.
More transparency allows consumers to build a deeper level of trust with businesses. Consumers no longer have to worry about what is done with their personal information, because companies now state upfront who sees the info and why.
Designers must also look at the way data collection systems work for the consumer. Is it clear what you’ll do with the information? How is the form protected as the user submits that info? The GDPR forces designers to think through security issues more than ever before.
5. Better Brand Loyalty
You have just a few milliseconds to make a great first impression on your audience. As mentioned above, making your policies clear creates transparency. Once you build trust with your customers, you’ve built in some brand loyalty. They now know they can trust you to be upfront.
In 2019, expect to see privacy policies on just about any site you visit, as well as, a stronger focus on clear, streamlined design. Part of the GDPR states that the policies must be in a language easily understandable by users. This concept translates into a clear navigation structure and uncluttered pages, as well.
6. Stifling Innovation
While the GDPR has led to some positive changes, it has had a few adverse effects, as well. For many years, there’s been a basic understanding between consumers and online businesses that you could trade your personal information — email, address, phone number, etc. — and get great content for free.
When you think of places like Google Drive, Google Classroom and other free services along those lines, the agreement was that you shared info with them — which they sold to advertisers — and you got great services for free.
The GDPR means companies are less inclined to come up with similar models, where they offer a fantastic free service in exchange for information. After all, the information isn’t something they can easily share now.
7. Added Focus on Site Security
The GDPR expects businesses to take measures and protect people’s data. For larger companies, this isn’t a big deal, but for small companies or little blogs, the costs quickly add up.
At a minimum, business owners need to think about where they store the information collected — and for how long — and institute Secure Socket Layers (SSL) so the information sent over their forms is encrypted.
The Good and the Bad
The new regulation is making some positive changes in the way companies protect consumer data, but it is also putting some limitations on small business owners who don’t even live in Europe. Business owners may worry whether they’re in full compliance, as most smaller companies couldn’t afford one of the hefty fines laid out in the new law.
It’s essential to better protect consumer information and work against the numerous data breaches occurring on a regular basis. However, there must be a balance between the freedom online businesses have always enjoyed and protecting users. It will be interesting to see where the GDPR takes us in the next five to 10 years and what other regulations get added to the way we do business online.