GDPR Compliance Information

Hey there loyal Galoreans.  We’d like to tell you how much we love you and thank you for sticking with us.  You’ve probably seen tons of these already, but since you’ve subscribed to the Drag Queens Galore blog and submitted information to us, we are required to give you information about the new regulations from GDPR (General Data Protection Regulation) that the EU is having updated.  PLEASE NOTE: Drag Queens Galore, has never, nor will we ever sell your information.  We take great pride and are extremely grateful that you’ve signed up to receive things from us and we don’t take that responsibility lightly.

Here is the notification we’re required to tell you: SOURCE WPBeginner

What is GDPR?

The General Data Protection Regulation (GDPR) is a European Union (EU) law taking effect on May 25, 2018. The goal of GDPR is to give EU citizens control over their personal data and change the data privacy approach of organizations across the world.

What is GDPR?

You’ve likely gotten dozens of emails from companies like Google and others regarding GDPR, their new privacy policy, and bunch of other legal stuff. That’s because the EU has put in hefty penalties for those who are not in compliance.

Fines

Basically after May 25th, 2018, businesses that are not in compliance with GDPR’s requirement can face large fines up to 4% of a company’s annual global revenue OR €20 million (whichever is greater). This is enough reason to cause wide-spread panic among businesses around the world.

This brings us to the big question that you might be thinking about:

What is required under GDPR?

The goal of GDPR is to protect user’s personally identifying information (PII) and hold businesses to a higher standard when it comes to how they collect, store, and use this data.

The personal data includes: name, emails, physical address, IP address, health information, income, etc.

GDPR Personal Data

While the GDPR regulation is 200 pages long, here are the most important pillars that you need to know:

Explicit Consent – when collecting personal data from an EU resident, then we must obtain explicit consent that’s specific and unambiguous. In other words, we can’t just send unsolicited emails to people who gave us their business card or filled out our website contact form because they DID NOT opt-in for our marketing newsletter.

For it to be considered explicit consent, we must require a positive opt-in (i.e no pre-ticked checkbox), contain clear wording (no legalese), and be separate from other terms & conditions.

Rights to Data – we must inform individuals where, why, and how their data is processed / stored. An individual has the right to download their personal data and an individual also has the right to be forgotten meaning they can ask for their data to be deleted.

This will make sure that when you hit Unsubscribe or ask companies to delete your profile, then they actually do that (hmm, go figure).

Breach Notification – organizations must report certain types of data breaches to relevant authorities within 72 hours, unless the breach is considered harmless and poses no risk to individual data. However if a breach is high-risk, then the company MUST also inform individuals who’re impacted right away.

We appreciate your patience with us as we make sure all the “Opt-In” and legal changes that need to be met are done so correctly.  The good news is that you’re supposed to be safer in this digital world where selling you has become the norm.

Once again, Drag Queens Galore has NEVER, nor will we EVER sell your information.  We appreciate your loyalty and would never betray your trust for a buck. (Even though we’ve not made a dime in the 4 years since our start – anyone wanna pitch in on a donation?)