GDPR, the General Data Protection Regulation, was instituted in May 2018 to protect the privacy of the people of the EU countries. This presentation explains the penalties of failing to comply with the GDPR, why the GDPR potentially affects websites of US based businesses and possible remedies.
We are not lawyers and do not pretend to offer legal advice, but merely highlight the major points of the GDPR and why US based companies/businesses/medical practices need to know their potential responsibilities.
Randall Wong
Medical Marketing Enterprises
Sunrise Hosting Services
www.MedicalMarketingEnterprises.com
www.SunriseHostingServices.com
What is Google Search Console and What is it provide?
GDPR | New Policy Regs that Affect Your Website
1. ONLINE PRIVACY REGS
DO THEY AFFECT YOU?
AAO 2018, Tech Pav
Sunday, October 28, 2018
Randall Wong, M.D.
2. Financial Disclosure
• I have the following financial interests or relationships to
disclose:
• Co-Founder:
• Medical Marketing Enterprises, LLC
• Sunrise Hosting Services, LLC
• RussandRandy.com
3. Randall Wong, M.D.
• Ophthalmologist
• Online Marketing
• Medical Marketing Enterprises, LLC
• Healthcare & Medical Internet Marketing
• SEO
• Reputation Management
• Sunrise Hosting Services, LLC
• Managed website hosting (virtual IT)
4. GDPR – General Data Protection Reg
• May 25, 2018
• Applies to any organization that collects and stores
personal data on European (EU) users on websites.
• Aimed at protecting personal data of EU residents
• 4% of global revenue
• $ 24 million
• € 20 million
6. GDPR
Data can not be stored on publicly accessible spreadsheets
or unprotected documents.
Data can no longer be collected without explicit permission.
Data can no longer be collected with a detailed description
of how and what it will be used.
Users must have an easy way to withdraw consent and
have their data erased.
Organizations must have clear processes to
detect, report and investigate data breaches.
7. Does Your Website
• Collect personal data
• Attract visitors from EU?
• Examples:
• Comments
• Contact Forms
• Opt In
• Analytics
• Security Tools/Plugins
8. Privacy - Data
• Name
• Phone
• Address
• IP address
• Cookie History
• Health/Mental Data
• Racial/Cultural/Ethnic
• Political Opinions
• Sexual Orientation
9. Checklist
• HTTPS
• Create cookie policy
• Privacy policy – how do you collect and protect user data
• Prove consent from users – keep records
• Avoid pre-ticked boxes on sign-up forms
• Opt-in vs. opt-out
• Easy option to withdraw consent and remove data
10. Checklist
• Website content and inquiry forms must use SSL
• Analytics must be GDPR compliant
• Pseudonymization/anonymization - Database must store
information by account name only and not by account
information
• This list is not complete nor necessarily accurate
11. What Can You Do?
• All forms and website requests opt-in
• Easy opt out with instructions
• Cookie alert banner
• Update privacy policy and terms of use to use GDPR
terminology
• Block EU traffic?
12. Cookie Alert Banner
• This site uses cookies to analyze traffic and for ad
measurement purposes
13. Cookies
• Tiny files sent to your browser to allow a website to
remember your preferences to present you with
customized web pages.
• Examples
• Shopping preferences
14. HTTPS
• HyperText Transfer Protocol Secure
• Created due to lack of Security
• Insures security between website (server) and browser
• Data/Communications are encrypted
• Prevents “Man-in-the-Middle” Attacks
• HTTPS – Deals only with communications between your
computer and a website.
18. SSL – Secure Socket Layer
• A certificate issued to allow the HTTPS designation to
your URL
• SSL allows HTTP -- HTTPS
19. Why Need SSL
• Protect privacy
• Credit Card information
• Websites with eCommerce
• Personal information
• Shopping history
• Browsing history
• Information you receive is as intended
• SEO – without HTTPS you don’t rank as well
20. #1 Reason you need HTTPS
• Chrome 62 - SEO
• Websites without HTTPS are going to be flagged as “Not
Secure”
21. Site is Not Secure
• Not Trusted
• Affects Your Brand
• Outdated
• Website not trusted
• Business not trusted
• Hosting Company
• Purchase SSL
• Renewable
• Free
Medical Marketing Enterprises, LLC was started to teach and consult for Healthcare and Medical Internet Marketing. RussandRandy.com is a podcast focused on Healthcare and Medical Internet Marketing.
I am a retina specialist practicing in Fairfax, Virginia.