Editor’s note: In addition to GDPR compliance, Lucky Orange has released a new data management tool that puts data control in the hands of visitors. Click here to learn more about the tool or here to see it in action.
On May 25, 2018, the EU’s General Data Protection Regulation (GDPR) will go into effect.
This legislation, replacing the 1995 Data Protective Directive, impacts businesses and organizations that process, control, or hold data of EU citizens. It’s been called the “most important change in data privacy regulation in 20 years.”
The EU isn’t messing around. Violating GDPR has the potential of some major penalties.
Maximum fines could cost violators “up to 4% of annual global turnover for breaching GDPR or €20 Million [$24.58 Million],” according to the EU’s GDPR FAQ.
Now that we have your attention, we need to explain one very, very important fact: this article is not legal advice and should not be used in lieu of an attorney.
Back to GDPR
In a nutshell, GDPR regulates how businesses or organizations, regardless of whether having physical or legal presence in the EU, use personal data of EU residents.
What does that mean?
It means, if someone from the EU visits your website, even if it’s for a free service or product, you may have to comply with the GDPR. It doesn’t matter if you’re business or organization is based in Atlanta, Ga., or Mumbai, India.
What does “personal data” mean? Good question.
The EU defines personal data as “any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person.”
This information can include a name, photo, email address, bank details, social media posts, medical information, and IP addresses.
In addition, GDPR requires businesses and organizations to report data breaches to data protection authorities and customers under certain circumstances. It also requires certain businesses and organizations to implement appropriate policies and security protocols, conduct privacy impact assessments, keep detailed records on data activities, and enter into written agreements with vendors.
TL;DR: GDPR is holding businesses and organizations across the globe to a higher standard to protect visitor privacy by requiring businesses or organizations to protect the personal data of EU citizens.
What is Lucky Orange doing?
Lucky Orange has always led the industry by proactively prioritizing the protection of data security and visitor privacy, even before GDPR was approved and adopted by the EU parliament in 2016.
For example, unlike similar services, Lucky Orange anonymizes keystroke data “out of the box.” Every character from every field on every page is replaced with an asterisk before data is even recorded. This is just one of the many protections we have maintained since day one of Lucky Orange.
Needless to say, we remain fully committed to protecting visitor privacy. Lucky Orange has been working with a team of attorneys since 2017 to update our practices, where necessary, to comply with the GDPR prior to the date it goes into effect – May 25, 2018.
This process includes:
- Updated Terms of Service, effective April 23, 2018. Click here to see them.
- Privacy Shield certification
- Enhanced visitor anonymity or de-identification, including encrypted IP addresses
What do Lucky Orange users need to do?
As we mentioned earlier, we can’t stress enough that you should consult an attorney for legal advice pertaining to your unique situation.
For our users, there are two things to do in regards to using Lucky Orange and keeping in compliance with GDPR:
- View our updated Terms of Service, which went into effect on April 23, 2018. You can see them here. If you continue using Lucky Orange on or after April 23, you are agreeing to our updated terms. If you do not agree, you can choose to discontinue using Lucky Orange and close your account before these terms become effective.
Please reach out to our team at Privacy@LuckyOrange.com with any questions or concerns.
Disclaimer: This article is not legal advice for your business to use in complying with GDPR and other data privacy laws. This article provides information to help you understand GDPR and what Lucky Orange has done to ensure we are in compliance with GDPR. We highly suggest you consult an attorney for advice on your specific circumstance.