Smugmug and the new European GDPR
I don't know how many of you are aware of it, but on May 25, 2018, a new European Law is going to be established. From that day onward all European users (this translates to all users who use a website from an EU/EEA country, so a US tourist in Norway would be affected too, even a Chinese website targeting European customers, though located in China would have to obey this new law) of a website have the right to download all information that a website has stored about them. This includes all personal data that somehow can be connected to a specific person including addresses, birthdates, emails ... and they have the right to be forgotten, which means that website will have to be able to delete all that data of a specific person. The storage of such information is then restricted to what is absolutely necessary for said website to know. So for example: if someone would buy a photo from one of our websites, we would have to know the address of where to ship it to, but we would not have to know that person's license plate number.
It also targets things like people having to login using their emails/fb accounts to comment on something, as long as that login information is stored somewhere.
There is probably quite a bit more to it than I am able to explain.
The fee if sued and found guilty of breaching the law: 20M € or 4% of net income, whatever of those two is the higher amount (not super certain about the amounts, but it was way more than I will ever own.)
I am just wondering as to how far a) Smugmug is covered by it and b) if there is anything we as website owners would have to do to be covered.
http://blog.lilleulven.com - The Stories of my travels