On May 25, 2018, the EU’s General Data Protection Regulation (GDPR) will go into effect.
This legislation, replacing the 1995 Data Protective Directive, impacts businesses and organizations that process, control, or hold data of EU citizens. It’s been called the “most important change in data privacy regulation in 20 years.”
The EU isn’t messing around. Violating GDPR has the potential of some major penalties.
Maximum fines could cost violators “up to 4% of annual global turnover for breaching GDPR or €20 Million [$24.58 Million],” according to the EU’s GDPR FAQ.
Now that we have your attention, we need to explain one very, very important fact: this article is not legal advice and should not be used in lieu of an attorney.
What is GDPR?
In a nutshell, GDPR regulates how businesses or organizations, regardless of whether having a physical or legal presence in the EU, use the personal data of EU residents.
It means if someone from the EU visits your website, even if it’s for a free service or product, you may have to comply with the GDPR. It doesn’t matter if you’re business or organization is based in Atlanta, Ga., or Mumbai, India.
What does “personal data” mean?
The EU defines personal data as “any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person.”
This information can include a name, photo, email address, bank details, social media posts, medical information, and IP addresses.
In addition, GDPR requires businesses and organizations to report data breaches to data protection authorities and customers under certain circumstances. It also requires certain businesses and organizations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records on data activities, and enter into written agreements with vendors.
<span data-mce-type="bookmark" style="display: inline-block; width: 0px; overflow: hidden; line-height: 0;" class="mce_SELRES_start"></span>
What is Lucky Orange doing?
Lucky Orange has always led the industry by proactively prioritizing the protection of data security and visitor privacy, even before GDPR was approved and adopted by the EU parliament in 2016.
For example, unlike similar services, Lucky Orange anonymizes keystroke data “out of the box.” Every character from every field on every page is replaced with an asterisk before data is even recorded. This is just one of the many protections we have maintained since day one of Lucky Orange.
Needless to say, we remain fully committed to protecting visitor privacy. Lucky Orange has been working with a team of attorneys since 2017 to update our practices, where necessary, to comply with the GDPR prior to the date it goes into effect – May 25, 2018.
Updated Terms of Service, effective April 23, 2018. Click here to see them.
Enhanced visitor anonymity or de-identification, including encrypted IP addresses
What do Lucky Orange customers need to do?
View our updated Terms of Service, which went into effect on April 23, 2018. You can see them here. If you continue using Lucky Orange on or after April 23, you are agreeing to our updated terms. If you do not agree, you can choose to discontinue using Lucky Orange and close your account before these terms become effective.
Check out Lucky Orange's compliant conversion tools with a 7-day free trial.
Please reach out to our team at email@example.com with any questions or concerns.
Disclaimer: This article is not legal advice for your business to use in complying with GDPR and other data privacy laws. This article provides information to help you understand GDPR and what Lucky Orange has done to ensure we are in compliance with GDPR. We highly suggest you consult an attorney for advice on your specific circumstance.
Cover photo by Jason Dent on Unsplash