Belize Business With EU Customers – Important To Understand New GDPR Law!
As you may know, the EU implemented a new law that started May 25 – the General Data Protection Regulation or GDPR. In short, the EU’s law states that organizations and businesses that collect data on people who live in the EU, regardless of where the business is located (including Belize), that now laws apply about how information is collected and used – and based on current understand of the law it applies even to data that was collected before the law was implemented! One of the reasons it is important to understand and deal with these laws is that the penalty for not addressing them can be very steep – penalties in the millions of dollars or upward of 4% of a companies’ global income.
We, along with the rest of the world, are trying to figure out what this means for businesses that serve EU residents – which would potentially include almost all Belize businesses that deal with customers outside of Belize such as exporters, offshore services, real estate and especially resorts and tourist related businesses just to name a few. The intent of this email is not to go into full detail of the law here (details can be found in Wikipedia) but more to point out some of the things that we can or are offering to do to address this law now:
1. Updating all contact forms so there are no pre-filled options on the form.
2. Looking at the settings of the contact forms so that they collect less information – in particular the IP address of the person filling out the form
3. Deleting all old contact information from our server (the contact information will still reside in newsletter systems like Constant Contact)
4. Ensure that there is an easy way to unsubscribe from all contact list
5. Further formalize the steps that we take to maintain data internally
6. Create template wording for privacy policies that can be then used on your site
In addition to the above, there is one other thing that is outlined in the law but we would like to talk to you before actually updating your site. The law requires that all EU visitors to your site be notified that if a site uses cookies – and virtually all sites do including yours for things like Google Analytics that are used to track statistics. This can be handle in two ways:
1. Make clear how cookies (files put on a website visitors computer to either collect information or help the site work better) are used on your site in the privacy policy which visitors can read when they visit the site
2. The approach more in line with the dictates of the GDPR law, would be to put up a warning sign as done on this site that require someone to accept the use of cookies to browse the site. This approach is more clear about the use of cookies but also is more intrusive as well.
In any case, if you want to implement this for your site let’s talk about how you would like it done.
There is much about this law that is still being discussed in terms of the best ways to implement it; however, if you think this applies to your business please contact us so that we can talk to you about the best steps to take moving forward.