Important: GDPR and how it affects you?

I have had over 40 emails in my inbox in the last month from companies like Houzz, Xero, Plex, eBay, Google and Indegogo updating their Website Privacy Policies to be compliant with the new GDPR rules, and I imagine you’ve had your fair share too.

Have you looked into the GDPR and what it means to your business?

Don’t blame you if you haven’t, it’s not the most exciting topic.

I’ve spent many hours researching it myself and so here’s a very brief outline of the exciting world of data capture and processing - even if you operate your business in New Zealand, it’s a law that will effect you if you have a website, any type of database, do any retargeting advertising or even use Google Analytics… so listen up folks.

What you need to do to be GDPR compliant:

  • From now on, make sure that when people are opting in to your database, they are giving clear, unambiguous consent to be emailed. This is online and offline. e.g. if they are making a booking on your website, make sure it’s clear that they are also opting in to your database and direct them to your Privacy Policy. If you have a hardcopy form people fill out at your course, make sure you get their clear and unambiguous consent that you can email them. For those in the EU, you will need to get people to clearly check a box to opt in to marketing emails. Look into the details yourself and of course, get your own legal advice.

  • If you have people on your database who are from the EU (European Union) or that might be (or you don’t know and therefore you need to treat them as if they could be from the EU) and you can’t prove how they opted in to be on your database with explicit consent, then you need to permanently delete them or go back and gain consent from them now (e.g. send them an email to opt-in to your database).

  • You need to have a Privacy Policy on your website that includes what info you collect, what you are doing with the info, how you store it, how your site uses cookies and other tracking tech (like Google Analytics) and contact details.

  • If you use Cookies on your website to track personal information (you can check this by loading your website and clicking "Secure" to the left of your browsers address bar, click on cookies and it will tell you what you are using) you need to make this clear to visitors e.g. through your privacy policy.

  • Make sure you take reasonable steps to ensure the safety of data (e.g. email subscribers, customer files) like using a SSL certificate and keeping your databases behind a secured wall.

  • Consult your lawyer if you target EU folks or are concerned in any way (and because I am not a lawyer and therefore can’t give legal advice) - this is a purely a brief guide for those who are interested in knowing more.

GDPR in a nutshell:

  • The GDPR stands for General Data Protection Regulation

  • It came into force 25th May, 2018 which means people can get hefty fines if the do not comply, but I am told that this is their last defence - which means you might get a strongly worded letter first, who know’s?

  • It covers residents of the EU (European Union) but it effects all of us unless you can make sure no one visits your website who is in the EU or from the EU and you don’t collect data from anyone in the EU

  • It covers the point of anything you do with data (collect, storing or using data)

  • It refers to data that can identify a person (e.g. name, email, address, IP address etc)

Your requirements under the GDPR:

  • You can’t collect data without explaining how you are going to use it

  • You can only collect data for legitimate reasons

  • You may only collect the minimum amount of data for the purpose you need it for

  • You need to gain explicit consent e.g. not just load every business card into your database or have a free webinar and then use the email addresses to market to

  • You can only use the data for the purpose you intended it for e.g. if a customer in the EU gave you their email address during an online purchase, you can only use that email address to communicate to them about their sale, not send them a newsletter

  • You can’t keep data forever (it shouldn’t be kept for longer than necessary)

  • You should take reasonable steps to protect the data you collect

  • This applies to all data, even if it was collected before 25th May, 2018

A few examples of data you could be collecting:

  • Contact info in a Contact Us form

  • Name and email address in a Subscribe to our newsletter/database form

  • Personal information for a membership signup

  • Contact info from customers or clients (online and offline)

  • Facebook audiences (where you load email addresses into Facebook so Facebook can retarget them or create audiences similar to these people)

  • Google analytics capturing IP addresses and processing information based on demographics etc

I’m no expert so I’ve looked to those who are. If you feel like you need to explore this further, here’s some great articles that might help:

If you're feeling overwhelmed I would start with creating or reviewing your privacy policy (check out the Wix link above for a basic guide) or google privacy policy templates. And then look into reviewing how you capture any data.

This has been a very brief explanation, good luck with your own investigations!

Keep Updated

Get our tips straight to your inbox, and become a better marketer…

Recent Articles
Search By Tags
  • Black Facebook Icon
  • Instagram
  • Black LinkedIn Icon
  • Black Pinterest Icon
Subscribe and get your...

Free Marketing Plan Template and Guide


Includes 5-page Template and 10-page Step-by-Step Guide on How to Write a Modern Marketing Plan... 


10 Powerful Ingredients for a Successful Marketing Strategy

Fill out the fields and subscribe to our emails below and you'll get links to your free guide and handy template in your inbox within a jiffy. We only email every month or so, we only ever send useful stuff and you can unsubscribe anytime.