If you own a website with subscribers or purchasers who live within the EU, you should know about the GDPR, even if you and your business are situated outside the EU.
What is the GDPR?
GDPR stands for General Data Protection Regulation. Although it is in force only within the European Union, many other countries are adopting similar legislation to protect the privacy of their citizens. It deals with the personal data that we reveal to entities all over the world as we sign up for newsletters, purchase items online, take part in surveys, engage with social media platforms, and other online activities. The Regulation was proposed in 2012, to replace laws in individual countries. One reason for the proposal was to standardize regulations in an increasingly connected world, another was to address different rules and communication issues between EU member states.
The GDPR document was issued in April 2016, to take effect more than two years later on 25th May, 2018. The long lead-in time was to give stakeholders time to implement the requirements.
The GDPR is still being fine-tuned (a living document). The wording may change as different scenarios appear and court decisions are made in the future.
Changed Processes
You may have noticed that when you sign up for a subscription or to buy something online, you now usually have to click a box to receive marketing emails. Previously, boxes were automatically ticked and you had to un-tick or “opt out” to stop receiving these. Now, it is more often an “opt-in” process, introduced by the GDPR.
Another change wrought by the GDPR is around Privacy policies. If you own a website that collects personal data of any kind, you need a privacy policy. You can use a generic one available on various sites, but it helps to understand the requirements.
Other provisions of the GDPR include making sure data entrusted to you is secure at all times. There have been instances of lists of people’s personal details (including bank or credit card numbers) being lost in transit, stored on devices that were stolen, or on removable memory sticks that fell out of bags. The GDPR also tells us what our obligations are if data entrusted to us is compromised.
You can read the GDPR here or here, but taking a course or two will help you make sense of the 99 articles in this 88 page document. Reading legal documents has never been a favourite activity for me.
Courses About the GDPR
I recently took two short FutureLearn courses to learn more about the GDPR: Introduction to GDPR by UCL (University College London) and Understanding the GDPR by the University of Groningen in the Netherlands.
They each approach the GDPR somewhat differently, but both mention case studies of real situations, implications of the GDPR and what can happen if breaches occur.
If you like reading legal documents and glossaries of terms such as “natural person”, “data subject”, “supervising authority”, and “data controller”, you might enjoy these courses. I had trouble staying focused as I ploughed through the coursework, but I’m glad I did.
When I took the first course, I thought it was useful, but felt I needed a more in-depth look at the requirements. The second course was longer (4 weeks instead of 3) and delved into legal aspects and penalties for non-compliance. Even after doing both courses, I thought that some website owners could struggle with the exact requirements to make sure they were GDPR compliant.
Having taken both courses, I was sorry to lose access to them. Current FutureLearn policy gives learners free access to courses for the length of the course plus two weeks. In other words, you have five weeks to look at the course materials of a three-week course. If you want continued access, you need to pay for an upgrade and fulfil the requirements for a certificate, including gaining 70% in the tests that are only visible after you pay. After your certificate is issued, the course remains available indefinitely on your learning/courses page, unless it is later removed from the FutureLearn site.
FutureLearn Unlimited
Enter FutureLearn Unlimited. This is a single payment that lasts for 12 months. It costs around the same amount as three or four single course upgrades. With Unlimited, learners can access almost every FutureLearn course and keep access to the course after earning the certificate. Although I rarely pay for certificates, in this case Unlimited has been useful. I can now revisit the GDPR regulations at any time without having to plough ineptly through those 88 pages. Knowledge of the GDPR also helps with my Class Central role. And being able to earn certificates in many FutureLearn courses is also a great advantage.
A Final Thought
Taking two courses twice about GDPR might seem like overkill, but I learned more each time I visited the topic. Perhaps it just took a while for the legalese to seep into my brain.
By Pat Bowden, published December 10, 2019.