Scared Cookie! The Consequences of Ignoring GDPR: Why American Businesses Need to Pay Attention
I’ve been on the internet for a long time! The US Air Force sent me to HTML school back in 1995 so you could say I’ve been here a while. I find it irritating and almost insulting that every website I visit requires me to accept some kind of cookie policy. Of course, I accept YOUR cookie policy, because I allow my browser to accept cookies! FOR EVERYONE! I’m tempted to click “no” I don’t accept your cookies just to be difficult.
So I searched for “why are websites asking to accept cookies?”
Why websites ask you to accept cookies
Websites have become more focused on asking you to accept cookies. The reason reflects a data privacy protection law that governs online data tracking and transparency.
This data privacy law is known as the European General Data Protection Regulation (GDPR), which became enforceable in May 2018. The GDPR legislation requires all multinational companies to provide an opt-in whereby website owners receive a user’s permission to use cookies before they can be stored on a user’s web browsers. This opt-in is designed to give users greater control over their data, knowing information is being collected if they give consent to that data collection.
A website owner’s noncompliance may result in fines. This potential legal violation has led to more websites sending cookie notifications to ensure they are in compliance.
https://us.norton.com/blog/privacy/should-i-accept-cookies
So what is GDPR?
GDPR stands for General Data Protection Regulation. It is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). The GDPR came into effect on May 25, 2018, replacing the previous EU Data Protection Directive.
The purpose of the GDPR is to give individuals more control over their personal data and to ensure that organizations that collect and process personal data are transparent about how that data is used, and that they take appropriate measures to protect it.
Under the GDPR, individuals have the right to access their personal data, the right to have their data corrected, the right to have their data deleted, and the right to object to the processing of their data. Organizations must also obtain explicit consent from individuals before collecting and processing their personal data, and must notify individuals if there has been a data breach that may have compromised their personal data. Failure to comply with the GDPR can result in significant fines.
Failure to comply with the GDPR can result in significant fines.
Well crap.
Under what circumstances can I be fined for non-compliance with GDPR?
Under the GDPR, failure to comply with the regulation can result in significant fines. The size of the fine will depend on the severity of the breach and the organization’s level of non-compliance.
Organizations can face fines of up to 4% of their annual global turnover or €20 million (whichever is greater) for the most serious breaches. This includes breaches where the organization has not obtained valid consent to process personal data, has not implemented appropriate security measures, or has not notified individuals of a data breach within 72 hours.
Organizations can also face fines of up to 2% of their annual global turnover or €10 million (whichever is greater) for less severe breaches, such as failing to maintain accurate records or failing to appoint a Data Protection Officer (DPO) when required.
It’s worth noting that fines are not the only potential consequence of GDPR non-compliance. Organizations can also face legal action from individuals whose data has been mishandled, reputational damage, and loss of customer trust.
Therefore, it is important for organizations to ensure they are compliant with the GDPR, and to take the necessary steps to protect the personal data of individuals.
4% of their annual global turnover or €20 million (whichever is greater)
Wait — WHAT?
So I don’t live in Europe, I don’t even offer content or opinion about Europe. The only thing I have to do with Europe is the fact my ancestors all came from there on the Mayflower. (No really, I had 2 grandpas and 1 grandma on the Mayflower.)
So what does that mean for an American? Or a US Business?
The GDPR can affect American businesses that process personal data of individuals located in the European Union (EU) or the European Economic Area (EEA). If an American business offers goods or services to individuals located in the EU/EEA, or if it monitors the behavior of individuals in the EU/EEA, it must comply with the GDPR.
This means that American businesses must obtain valid consent from individuals before collecting and processing their personal data, and must provide individuals with the right to access, rectify, and erase their personal data upon request. They must also implement appropriate security measures to protect personal data, and must notify individuals of any data breaches that may have compromised their personal data.
In addition, American businesses must appoint a representative located in the EU/EEA if they are processing personal data of individuals located in the EU/EEA on a regular basis.
Non-compliance with the GDPR can result in significant fines and legal action, even for businesses located outside the EU/EEA. Therefore, it is important for American businesses that process personal data of individuals located in the EU/EEA to ensure they are compliant with the GDPR.
…should my website/s go viral in the UK, I’m screwed…
So basically I can ignore this and hope for the best. The only problem is, should my website/s go viral in the UK, I’m screwed because I have no idea what cookies are being used thanks to all the plugins, analytics, affiliate programs, and other tools used by WordPress and associated programs like Jetpack, Yoast, and Google and Amazon.
The Solution!
I have decided to implement my own plan to comply with laws from abroad.
I have decided to implement my own plan to comply with laws from abroad. I will use one of many available plugins to attempt to comply with the GDPR.
There are several WordPress plugins available to help website owners achieve GDPR compliance, but the “best” plugin will depend on your specific needs and requirements. Here are a few popular GDPR compliance plugins for WordPress:
- WP GDPR Compliance: This plugin is free and provides a range of tools to help website owners become GDPR compliant. It includes features such as cookie consent, data access requests, data erasure requests, and privacy policy generation.
- GDPR Cookie Consent: This plugin provides a customizable cookie consent banner that can be displayed on your website to obtain user consent for the use of cookies. It is also free and easy to use.
- WPForms: WPForms is a powerful form builder plugin that includes GDPR compliance features. You can use it to create GDPR-compliant contact forms, registration forms, and other types of forms that require user data.
- Complianz | GDPR/CCPA Cookie Consent: This plugin provides a range of features to help website owners comply with GDPR and CCPA regulations. It includes a customizable cookie consent banner, a cookie policy generator, data access requests, and data erasure requests.
- Cookiebot: Cookiebot is a paid plugin that provides a comprehensive solution for GDPR compliance. It includes features such as cookie consent, cookie scanning, and automatic cookie blocking. It is a good option for larger websites or those with complex compliance needs.
Ultimately, the best WordPress plugin for GDPR compliance will depend on your specific needs and budget. It’s important to thoroughly research your options and choose a plugin that is easy to use, effective, and tailored to your needs.
I think it’s a good plan. What do you think?