Dear Clients,

Due to changes in European Laws regarding digital data collection, Google has created new regulations for how American websites operate. Google is requesting GDPR compliance to the best of each website owner’s ability, even in Non EU regulated regions, so that Google itself can be compliant with international law.  This will matter, because Google plans to demote the search rank of any website that is not compliant with its new regulations by May 25th. Google’s GDPR compliance can be read here.

Once you are finished, I’m asking you to quickly affirm that you have read this and agree by CLICKING HERE

What this means for you directly is that you will need to add an SSL certificate, Privacy Policy, and Cookies notification to your website (you can contact me if you need assistance).

Details
Websites which are not in the EU will still need to meet certain requirements for Google. These requirements favor websites which have a clearly outlined data collection policy (click here to download an editable example) that is displayed on your website. I am including a sample (please use this only as a basis for understanding the scope of how you must share what data you collect and store with users. From there you may write your own or use a lawyer to do so.)

Security for users accessing your website must also be a priority. I am asking that my clients purchase or plan to purchase additional security through their hosting company. This additional security must include an SSL security certificate. Some hosting companies offer additional security via “Commodo” services. If you are on a service such as Flywheel or Siteground you may already have an SSL certificate. If you are on Flywheel, additional security is standard with their platform. Wordfence premium may also be purchased to enhance the security of any data that you collect or keep. Please familiarize yourself with the services your website uses and their data collection policies here: (Facebook, Instagram, Twitter, Linkedin, Mailchimp, etc.)

If you have services connected to your website (MindBody, Shopify etc) which are not listed, quickly Googling that company and the search term “GDPR or Data Collection Privacy” will usually yield the result you are looking for.

If you are not contracted with Pierce Digital Creative to maintain website updates, you are responsible for ensuring that they are run as frequently as necessary. Failure to do so may result in vulnerabilities on your website which you are responsible for. Pierce Digital Creative is not liable or responsible for the way that you collect data, the data that you keep, your data policy, adherence to GDPR standards or any compromised data for websites which do not have SSL installed or do not adhere to GDPR data standards. The best way to remain in compliance is to follow the recommendations above.

Your organization is also responsible for collecting non-disclosure agreements (or your chosen legal agreement)  from employees or contractors that have access to user data. This agreement should outline exactly who is or is not allowed to access user data, as well as exactly how, when and why they are allowed to have access. Creation of and adherence to these policies is at the sole discretion of your organization. Carrie Pierce and Pierce Digital Creative is not responsible for this, but happy to advise as necessary.

Why is this necessary?

User data has been front and center on the world stage in the last few weeks. Recently, Twitter was taken down by Russian hackers. Not long ago MindBody was attacked and taken down, and we have been witnessing data controversy regarding Facebook. It is always possible for any website to become compromised and therefore we owe it to our clients, customers, and users to tell them exactly how their data is collected, stored, accessed and disposed of, what we do to protect their data, and what we plan to do if their data is accessed by non-authorized parties.

Google requires that we adhere to these standards so that Google itself can be in compliance with New EU laws that take effect on May 25th, 2018. Non-compliance with Google’s standards may put your users at risk, open you up legally to unknown issues, or cause Google to demote your website in search rankings.

Thank you for your attention to this matter. Please feel free to contact me with any questions, or if you need assistance.