Format and the GDPR
The information below does not constitute legal advice. If you have concerns about the compliance of your site with the GDPR, please seek your own legal counsel.
What is the GDPR?
The General Data Protection Regulation, or GDPR, is a law on data protection and privacy for all individuals within the European Union. It is set to go into effect on May 25, 2018.
The GDPR regulates how individuals and organizations may collect, use, and retain personal data. This affects both Format and websites which run on Format’s platform.
How does the GDPR affect my Format website?
- The scope of the GDPR on “personal information” is broad: it encapsulates not only traditionally accepted forms of data such as birth dates and mailing addresses, but also digital variants such as IP addresses.
- Your website could be visited by EU citizens so any collection of personal information is within the scope of the GDPR even if you are not an EU-based citizen or organization.
- The GDPR outlines rights for individuals which you are required to comply with.
What is Format doing to ensure compliance?
- We have begun auditing our data collection processes, and are rolling out methods to comply with data subject right requests (e.g. "right to be forgotten").
- Providing training and information to Format customers with compliance for their own sites.
- To submit a rights request including those pertaining to the right to be forgotten or data portability, please email firstname.lastname@example.org.
Data collection on your Format website
Format websites do not collect any personal information unless you use:
- Format’s Contact Forms, Proofing, or Store
- These features collect personal information such as name, email, and possibly address. Under GDPR, you are responsible to uphold the data subject rights of that personal information.
- Google Analytics
- Unless you have a clear business function for collecting personally identifiable information through Google Analytics, we recommend you disable it.
- Third-party services (e.g. Google Maps, Youtube, Soundcloud) embed content into your site, with Format acting as an intermediary for the data. These services may have their own terms of service, privacy policies, and other practices which differ from Format. It is important to carefully review the policies of all services connected to your Format site.
- If your Format website does none of the above it is GDPR compliant to the best of our knowledge, as it collects no personal information
Best practices for your Format website
- Review your own data collection and tools – if you don't need to collect data for your business, we recommend you do not collect that data or use that data source.