The General Data Protection Regulation (GDPR) is a new framework governing how the data of EU citizens is processed. The regulation goes into effect on May 25, 2018, replacing the previous Data Protection Directive adopted in 1995. GDPR introduces more stringent rules around data privacy and the handling of personal information (defined as anything that can be used to identify a person).
Organizations will need to take steps to show how they are being GDPR-compliant or risk facing large fines.
Who will GDPR affect?
GDPR has a global reach, not just within the EU. The regulation applies to all businesses and organizations within the EU, as well as businesses outside of the EU that:
- offer goods or services to EU citizens on whom personal data is held (a "data subject") or,
- monitor the behavior of EU data subjects (i.e. gathering data about individuals and automatically processing it to make predictions about their preferences, attitudes, or behavior).
GDPR will apply equally across all sectors, to everyone from small businesses to multinational conglomerates.
This means that companies that were not previously legally bound by the EU Data Protection Directive might now find themselves burdened with complying with new data protection measures.
Businesses in the US, Canada, and Australia may be affected by GDPR even if they don't have any operations in the EU. Likewise, Brexit or not, the UK government has confirmed that GDPR will be incorporated into UK law before it leaves the EU.
How can Siteimprove help?
Siteimprove’s GDPR module supports organizations meet requirements concerning the EU General Data Protection Regulation (GDPR). The initial version of the Siteimprove GDPR module consists of the following features:
- Personal Data Inventory: Siteimprove GDPR inventory checks for email addresses, phone numbers, names, and potential identification numbers detected on crawled websites.
- Domain/IP Map: The GDPR module provides an inventory of domains, sub-domains, and IP addresses that may belong to an organization, along with further information such as who registered the domain, when it expires, etc.
- GDPR Policies: Policies that highlight security and data privacy issues on websites crawled within the Content Suite.