GDPR Regulations and 2018 Policy Notices

Jun 8, 2018 | E-Commerce

The European Union issued new internet privacy regulations which has spurred the recent onslaught of Privacy Policy Notices. All businesses should be aware of the regulations even if they do not do business in the EU.

GDPR Regulation Updates

On May 25, 2018, new requirements went into effect in the European Union (EU) to strengthen data protection for its citizens. This has spurred a flurry of activity to ensure that companies are in compliance with the latest regulation updates. Below you will find a quick breakdown of how this affects businesses in the US.

What is GDPR?

GDPR stands for the General Data Protection Regulation. It is a series of rules that companies are required to follow that are designed to give individuals in the European Union more control over their personal data and to simplify international regulations. The regulations cover the

  • Type of data that is collected
  • Purpose of the data collection
  • Security methods used to protect that data
  • Length of time that the information is stored.

The data referred to is any personal data including, name, address, localization, online identifiers, health information, income, cultural profiles, etc. 

Who does it affect?

The nature of these requirements reach beyond the borders of the EU. As an example, say you are a retail business with an e-commerce website that only serves the United States. If you are running an affiliate marketing campaign, the affiliate platforms are designed to track information on individuals to ensure accurate sales and commissions.

In an increasingly global economy, there are innumerable scenarios on how individuals from the EU could be accessing websites for US companies. The simplest answer is that the requirements affect any business with a website could be affected, don't assume that this doesn't apply to your business.

What should business owners do?

Step One: Education

The first step to any compliance is education. The European Commission put together interactive infographics and resources including a 7 Steps for Businesses guide. To access their website and material, go to the European Commission Website.

Step Two: Data Inventory

Take time to review your business' marketing efforts and data collection practices. Some examples of marketing efforts include email marketing, search engine marketing, affiliate marketing, etc.

Step Three: Plan

This is a perfect time to work with your legal team to update your privacy policy and determine what areas need to be addressed to ensure compliance. These steps may include appointing a Data Protection Officer, excluding GDPR affected countries from email marketing campaigns, or blocking IPs from affected countries.


With over 20 years of experience with All Things Internet, Informatics is positioned to help you with all your website needs. Contact us for more information about our services.