UPDATED: What is the GDPR/California "Shine the Light" Law? [FREE DOWNLOAD]
GDPR was introduced by the European Union, but it applies to businesses all over the world, especially if you could potentially collect personal data from a person residing within the EU. We feel, as a business, it’s important to safeguard personal data of your prospects and customers, and we think the GDPR is a big step in the right direction to provide transparency and understanding to your users. We've also made some updates to this blog post and the corresponding free download to cover California Civil Code Section 1798.83, also known as California's "Shine the Light" or "Your California Privacy Rights" law.
The Basics of the GDPR
The key elements of the GDPR are the following:
- You must process personal data in a way that is lawful, fair, and transparent.
- You must only use personal data for the specific purpose that you have declared.
- You must collect only the minimum amount of personal data required to achieve your stated objective(s).
- You must take all reasonable steps to ensure that any data you collect is accurate and kept up-to-date.
- You may only hold personal data for as long as it is required to achieve the stated objective(s).
- You must process personal data in a way that ensures appropriate security.
There is a lot to the GDPR (it’s over 255 pages long), but we’ve found a lot of the concepts make sense. Chances are, if you are handling your marketing and the data you collect as white-hat as possible, you are already mostly there.
A few big things to look out for:
Automatic Opt-Ins are Not Okay
If you have a Newsletter or ‘More Information’ checkboxes pre-ticked on forms, that is not enough to be considered an opt-in.
If your website doesn’t have SSL, reach out to us and we’ll provide you with a free one under your hosting agreement. You can also purchase one, but for non-ecommerce sites, the free SSL is a good alternative.
Check Your Lists
It never hurts to run the occasional re-opt-in campaign to ensure you aren’t sending unsolicited emails.
Document Any Extra Tracking/Analytics
Check With Your Host
If you host the website yourself or use a third-party besides us, you’ll need to make sure they are GDPR compliant.
It Doesn’t Stop There
Be sure to review the GDPR to determine if you are within its scope and to ensure that your business is compliant. This will involve reaching out to any vendors that you might share or transfer data to and reviewing their policies, and making sure you are protecting any personal information you collect.
California's "Shine the Light" Law
The California "Shine the Light" Law applies to:
- Businesses who have any customers who are residents of California
- Businesses with 20 or more employees
- Businesses who have shared personal information from any of your customers with a third-party for the purpose of marketing.
How to comply with the "Shine the Light" law
Transparency is key here. If you share any information with a third-party for marketing, including personal information, name, address, email, any information about children, or any financial information, you need to disclose it clearly.
- Disclose what information you collect.
- Disclose the name and address of any third-parties that you have shared that information with.
- Designate a mailing address, email address, or telephone number in which customers may make requests for this information.
- Educate your employees/managers to be able to respond appropriately to these requests.
- Any requests from customers need to be replied to within 30 days.
- You are only required to disclose this information to customers who ask for it once per the calendar year.
You can learn more about the GDPR by checking out the official site: https://www.eugdpr.org/
You can also read the original regulation here: http://eur-lex.europa.eu/eli/reg/2016/679/oj
There is also a great breakdown of the GDPR here: https://gdpr-info.eu/
The California Civil Code Section 1798.83 "Shine the Light" Law can be read here: http://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=CIV§ionNum=1798.83
Disclaimer: We’re Not Your Lawyer