2 min read

GDPR: What It Means For Your Business

GDPR Website

Security is key 🔑

When was the last time you ordered a product online? Or sent an email to a colleague with information about a company project with private data? These actions all require a level of trust with the website you use. Composed of 11 chapters and 91 articles, GDPR compliance was put in place to give users control over their personal information and provide a sense of security as they interact with websites.

What is GDPR?

GDPR stands for General Data Protection Regulation and ensures the security of users’ personal and private information as it is collected, processed, stored, and destroyed. Established in April 2016 by the European Council and Parliament, this regulation means that any site collecting information from users is now required to be more transparent and give its users more control over how their data is handled. 

GDPR applies to any personal information that could be used to identify a person. This protects a variety of information such as… 

  • Basic identity information such as name, address, and ID numbers
  • Web data such as location, IP address, cookie data, and RFID tags
  • Health and genetic data
  • Biometric data
  • Racial or ethnic data
  • Political opinions
  • Sexual orientation

GDPR applies to any company that processes information about EU citizens, even if the organization is not based out of Europe. The specific regulations apply to companies that… 

  • Have a presence in an EU country
  • Process personal data of European residents
  • Have more than 250 employees
  • Have fewer than 250 employees but “its data-processing impacts the rights and freedoms of data subjects is not occasional, or includes certain types of sensitive personal data” 

What does GDPR mean?

Similar to ADA compliance, the requirements for GDPR compliance are not black and white. Companies must “provide a reasonable level of protection for personal data.” Following GDPR is not a simple job that can be passed to the IT team and forgotten. In addition to their own products, companies are responsible for ensuring that the third parties they use are compliant with GDPR.

Although there are no exact guidelines, a few key components of the regulation require organizations to: 

  • Alert users if a data breach occurs (within 72 hours)
  • Be cautious while transferring personal data
  • Keep collected data anonymous
  • Assess and review their site consistently to discover potential risks

GDPR gives users the right to a variety of actions such as stopping their data from being collected, allowing them to transfer it to a different provider, accessing their data upon request, and much more. The users are now in the driver’s seat, with the ability and knowledge to make these decisions for themselves.


An important factor of GDPR is not just what happens to data but how an organization responds. Companies need to be proactive and understand their current safety measures and what steps are needed in case of a breach. 

  • Do you have steps in place if something goes wrong? 
  • Do you have a team set up with clear roles and responsibilities? 
  • How will you communicate to the affected parties? 

Everyone on your team should be confident with your organization’s GDPR process and the current regulations that are in place. You must know what data you have in order to know how to protect it. Keep a thorough and organized record of this information so your team knows how to stay compliant and has easy access to the data in case of an audit. You should have a process in place for deleting personal data that a user may want erased. We also recommend running an audit of your site or using a GDPR checklist to see ensure your site is currently compliant.

Final Thoughts

Not complying with GDPR costs you the trust of users and could mean large penalties and fines. With all of the personal information circulating the web, security is more important than ever. Don’t get stuck playing catch up, but take control of the information you have and give your users peace of mind.

Get Started



Related Posts

4 min read

Agile or Waterfall? Which Development Approach is Best for Your Goals?

This Agile vs. Waterfall decision boils down to whether you know exactly what your end goal is, or if you are open to lots of collaboration and adaptation. So, why not just use both? If only it were...
5 min read

Hosting & Maintenance 101: Managed Hosting vs. Self Service Hosting

Have you ever done a search for self-service cloud based web hosting options (or something similar) to see if you can get your site up and running on your own? Trying to research and evaluate all of...
2 min read

Website Usability: Solutions or More Problems?

Oh, if we only knew more about our users! It's a lament that we commonly hear among website owners. There are numerous ways to learn more about your users (analytics software, user surveys, focus...
3 min read

How is Building a Steam Engine Similar to Building a Website?

What is it like to ask a developer a question? Prepare for a long answer. We recently asked a couple of questions of our Director of Development to help flesh out our website. We expected a simple...