Important: GDPR and how it affects you?
I have had over 40 emails in my inbox in the last month from companies like Houzz, Xero, Plex, eBay, Google and Indegogo updating their Website Privacy Policies to be compliant with the new GDPR rules, and I imagine you’ve had your fair share too.
Have you looked into the GDPR and what it means to your business?
Don’t blame you if you haven’t, it’s not the most exciting topic.
I’ve spent many hours researching it myself and so here’s a very brief outline of the exciting world of data capture and processing - even if you operate your business in New Zealand, it’s a law that will effect you if you have a website, any type of database, do any retargeting advertising or even use Google Analytics… so listen up folks.
What you need to do to be GDPR compliant:
If you have people on your database who are from the EU (European Union) or that might be (or you don’t know and therefore you need to treat them as if they could be from the EU) and you can’t prove how they opted in to be on your database with explicit consent, then you need to permanently delete them or go back and gain consent from them now (e.g. send them an email to opt-in to your database).
Make sure you take reasonable steps to ensure the safety of data (e.g. email subscribers, customer files) like using a SSL certificate and keeping your databases behind a secured wall.
Consult your lawyer if you target EU folks or are concerned in any way (and because I am not a lawyer and therefore can’t give legal advice) - this is a purely a brief guide for those who are interested in knowing more.
GDPR in a nutshell:
The GDPR stands for General Data Protection Regulation
It came into force 25th May, 2018 which means people can get hefty fines if the do not comply, but I am told that this is their last defence - which means you might get a strongly worded letter first, who know’s?
It covers residents of the EU (European Union) but it effects all of us unless you can make sure no one visits your website who is in the EU or from the EU and you don’t collect data from anyone in the EU
It covers the point of anything you do with data (collect, storing or using data)
It refers to data that can identify a person (e.g. name, email, address, IP address etc)
Your requirements under the GDPR:
You can’t collect data without explaining how you are going to use it
You can only collect data for legitimate reasons
You may only collect the minimum amount of data for the purpose you need it for
You need to gain explicit consent e.g. not just load every business card into your database or have a free webinar and then use the email addresses to market to
You can only use the data for the purpose you intended it for e.g. if a customer in the EU gave you their email address during an online purchase, you can only use that email address to communicate to them about their sale, not send them a newsletter
You can’t keep data forever (it shouldn’t be kept for longer than necessary)
You should take reasonable steps to protect the data you collect
This applies to all data, even if it was collected before 25th May, 2018
A few examples of data you could be collecting:
Contact info in a Contact Us form
Name and email address in a Subscribe to our newsletter/database form
Personal information for a membership signup
Contact info from customers or clients (online and offline)
Facebook audiences (where you load email addresses into Facebook so Facebook can retarget them or create audiences similar to these people)
Google analytics capturing IP addresses and processing information based on demographics etc
I’m no expert so I’ve looked to those who are. If you feel like you need to explore this further, here’s some great articles that might help:
Listen to Amy Porterfield’s podcast on the subject (or read the transcript) - great info on email subscriptions
Jeffalytics article on GDPR Compliance with Google Analytics - Do you need cookie concept?
Social Media Examiner’s Article for Social Media Marketers - lots of info on cookies, Facebook pixel, retargeting and Google Analytics implications
Check out Bobby Klink’s Free training for Online Entrepreneurs - he's a trained lawyer
This has been a very brief explanation, good luck with your own investigations!