The General Data Protection Regulation (GDPR) is a new law in the European Union (EU) that goes into effect May 25th, 2018.
It regulates how any organization that is subject to the regulation treats or uses the personal data of PEOPLE LOCATED IN THE EU.
In other words, if you get inquiries from people in the EU, or might get inquiries from people in the EU, those inquiries and data from those inquiries is subject to the GDPR law.
Personal data is defined as any piece of data that, used alone or with other data, could identify a person. If you collect, change, transmit, erase, or otherwise use or store THE PERSONAL DATA OF ANY EU CITIZEN, you are subject to compliance with the GDPR.
The GDPR says that you must obtain SPECIFIC OPT-IN CONSENT from your EU contacts and clearly explain how you will use, or plan to use, their personal data. Simply filling out your inquiry form is not specific consent. Someone from the EU has to check a box and specifically “opt-in.”
So what should you do?
That said, yes you need to comply with this law if you get, or might get, inquiries via your website from citizens of the EU.
What should you do?
Add a checkbox at the bottom of your inquiry form that people from the EU would check before submitting their inquiry.
It might say:
“Couples from the European Union (EU) please confirm you want information from us (opt-in) as required by the EU-GDPR.”
Finally, keep all of your inquiry forms, both as digital copies and hard copies, which you should be doing already for data analysis and website performance analysis.