Have you heard of the GDPR? If not, or if you don’t know much about it, this content is extremely important. If you don’t update your business practices to come in line with this new regulation you could face harsh fines. Action needs to be taken prior to the 25th May 2018 to be compliant so please don’t delay to get your business practices in order.
Even if you have only ONE European resident as a customer or email subscriber, the GDPR applies to you…and failing to comply by the 25th May 2018 could cost you BIG TIME!
PLEASE NOTE, I am not an expert in this area and the content contained herein is purely from the research I have undertaken and is in no way legal advice to you. If you are unsure of the requirements, please seek legal advice where to get professional advice on how this effects you and your business.
What is GDPR?
GDPR stands for “The General Data Protection Regulation” a privacy law from the European Union (EU) that comes into effect on 25th May 2018. GDPR is designed to give greater protection to an individual’s personal information and how it’s collected, stored, and used. There are strict requirements placed on companies that possess the personal data of people located in the EU.
Does the GDPR apply to your business?
A financial transaction isn’t necessary for the GDPR to apply. A non-EU-based business must comply with the GDPR if it collects or processes personal data of any EU resident (EU citizenship is not required).
The GDPR applies to the data processing activities of businesses, regardless of size, that either:
- Conduct business from the EU
- Offer goods or services to individuals in the EU (irrespective of whether a payment is required or not)
- Whose website targets EU customers
- Whose website mentions customers or users in the EU
- Whose business tracks individuals in the EU on the internet
Under GDPR, this personal data can include a number of different types of data including:
- Email addresses
- Names
- Photos
- Bank info
- Social media posts
- Medical information
- Computer IP addresses
Even though this regulation doesn’t come into effect until May 25, it applies retroactively – meaning it also applies to anyone from the EU who joined your list in the past (and who is still on your list).
The consequences for not being compliant aren’t small either, with fines of up to €20 million or up to 4% of annual global turnover depending on the severity of the breach.
What is required under GDPR?
These impending changes will apply largely to the way you do email marketing and retargeting your website visitors, for example via Google and Facebook Ads.
Here is a summary I have compiled of what you need to do in order to comply with the new regulations.
-
- Identify what subscribers on your existing email database are EU residents. You need to either obtain explicit permission from all EU residents to remain on your main database or delete them from your database before 25th May 2018.
- Ensure you have a fully compliant Privacy Policy on your website on a specific page and link to this from every page of your website and any landing pages you have.
- Moving forward, you need to make it very clear what people are signing up for. Separate consent must be obtained for each purpose. For example, you can’t obtain an email address in return for sending the subscriber an ebook and also add that subscriber to your main email database. You must receive separate permission from each. It’s no longer okay to simply include a pre-checked box – the one that requires the person to UNCHECK it in order NOT to be sent emails! Instead, your subscribers will need to consciously, clearly and intentionally request to join your list and receive emails from you.
- Don’t ask for more information than you actually need when collecting data
- Make it easy for subscribers to change or delete their information at any time. Ensure all emails you send have a clear and working “Unsubscribe” and “Edit your preferences” options in each email. Once they unsubscribe, it’s also important that their info is removed from any third party vendors you use (e.g. Stripe) OR, that you clearly state that you’re not responsible for what happens after people leave your site in your privacy policy.
- Never email people once they have unsubscribed from your list. Make sure to also delete those people from your list all together.
- Keep records of people’s consent. If you’re using a double optin process to collect emails this will assist you in this regard.
- Ensure your website is https secure. While this is important for SEO and user security, you now need this to comply with GDPR for data security.
- Make sure the email marketing service you are using is GDPR compliant and that they have a compliant data processing agreement in place. Also ensure you are able to add a check box or drop-down selection list on your optin forms.
- Here are some of their articles to help you determine how the different services are ensuring they will be compliant.
-
-
- MailChimp – New MailChimp Tools to Help with the GDPR
- InfusionSoft – You Need to Know This: An Overview to the New GDPR
- Ontraport – GDPR, Privacy Shield and Ontraport
- ConvertKit – Features + Support for the General Data Protection Regulation (GDPR)
-
I hope this information has assisted you with an overview of the new regulations and how it will affect your business. As I have mentioned, you need to take action now because if you don’t have express permission from EU residents and they remain on your list and their data isn’t deleted than you will be in breach when it comes into effect on the 25th May 2018.
Here are some links with further information for you around the GDPR:
GDPR: https://www.eugdpr.org/
Facebook: https://www.facebook.com/business/gdpr
Australian Government (OAIC): https://www.oaic.gov.au/agencies-and-organisations/business-resources/privacy-business-resource-21-australian-businesses-and-the-eu-general-data-protection-regulation
Amy Porterfield: http://www.amyporterfield.com/2018/04/gdpr/
Social Media Examiner: https://www.socialmediaexaminer.com/how-gdpr-impacts-marketers
I would love to hear your thoughts...