Data protection (GDPR)
In May 2018 Europe upgraded to the General Data Protection Regulation (GDPR), the biggest overhaul of data protection and privacy since 1995.
Why you need to know
If you do business in or with Europe, GDPR applies to you, even if you are not located within Europe. It will also apply to UK businesses trading within Europe regardless of Brexit. The rules apply to the data you collect and use within your business as well as the data you collect and use in your web sites and apps.
A healthy approach to data protection and privacy will protect your business as well as your users in these politically uncertain times.
What will it mean for you
GDPR is a refresh and modernisation of the 1995 privacy rules. It upgrades the requirements and safeguards for anyone collecting, processing, storing, and sharing personal data on persons within Europe. The amount of work you will have to do to come into healthy compliance will depend on how familiar you were with the existing data protection and privacy rules. These rules, both old and new, are about everyday business processes, not tick boxes or legal statements.
What about after Brexit?
The UK has enacted GDPR regardless of Brexit. The stringency of the UK’s commitment to a healthy standard of privacy remains uncertain.
- By me:
- My guide to compliance for designers and developers
- My guide to compliance for small businesses and startups (Business Gateway)
- Me and Dan Barker’s guide to compliance for e-commerce businesses
- How GDPR will change the way you develop (Smashing Magazine)
- Intro to the Privacy by Design framework (Smashing Magazine)
- Afterbrexit.tech side blog where I monitor EU tech policy through the Brexit process
- All blog posts on data protection
- WordPress.org core-privacy team:
I am a component maintainer on this team – get in touch during office hours.
- Official EU links:
- National data protection authorities: