What in the world is the GDPR?
The General Data Protection Regulation is a law passed by the European Union in 2016 that is being applied as of May 25, 2018, in the EU. The EU is a group of 28 countries in Europe, including Germany, Spain, France, Italy and others.
This new law, which often is referred to as the GDPR, is designed to protect people’s personal data and to give individuals the means of controlling personal information about them. This information can include such things as name, photo, date of birth, religious views, IP address and so on. Essentially, any data that can be used to directly or indirectly identify a person is subject to this law. The law doesn’t refer only to data that’s held online; the GDPR also covers offline personal data.
One way that the GDPR is changing the way data is collected and stored is by tightening the rules of consent. Organizations must use clear, unambiguous methods for getting people’s approval to collect their data, and they must similarly give them clear means of opting out of data collection.
The GDPR also gives people the right to have their information erased, corrected or sent back to them, among other rights.
Why am I receiving GDPR notifications if my business is not in the EU?
There are two main reasons why your Whatcom County small business might be getting notified about the new law. The first is that the services you use are letting you know about their compliance with the GDPR. The second is that, as a business, you might also need to be in compliance with the GDPR. A brief explanation of each: