Have you heard of the GDPR? If not, or if you don’t know much about it, this content is extremely important. If you don’t update your business practices to come in line with this new regulation you could face harsh fines. Action needs to be taken prior to the 25th May 2018 to be compliant so please don’t delay to get your business practices in order.
Even if you have only ONE European resident as a customer or email subscriber, the GDPR applies to you…and failing to comply by the 25th May 2018 could cost you BIG TIME!
PLEASE NOTE, I am not an expert in this area and the content contained herein is purely from the research I have undertaken and is in no way legal advice to you. If you are unsure of the requirements, please seek legal advice where to get professional advice on how this effects you and your business.
What is GDPR?
GDPR stands for “The General Data Protection Regulation” a privacy law from the European Union (EU) that comes into effect on 25th May 2018. GDPR is designed to give greater protection to an individual’s personal information and how it’s collected, stored, and used. There are strict requirements placed on companies that possess the personal data of people located in the EU.
Does the GDPR apply to your business?
A financial transaction isn’t necessary for the GDPR to apply. A non-EU-based business must comply with the GDPR if it collects or processes personal data of any EU resident (EU citizenship is not required).
The GDPR applies to the data processing activities of businesses, regardless of size, that either:
- Conduct business from the EU
- Offer goods or services to individuals in the EU (irrespective of whether a payment is required or not)
- Whose website targets EU customers
- Whose website mentions customers or users in the EU
- Whose business tracks individuals in the EU on the internet
Under GDPR, this personal data can include a number of different types of data including:
- Email addresses
- Bank info
- Social media posts
- Medical information
- Computer IP addresses
Even though this regulation doesn’t come into effect until May 25, it applies retroactively – meaning it also applies to anyone from the EU who joined your list in the past (and who is still on your list).
The consequences for not being compliant aren’t small either, with fines of up to €20 million or up to 4% of annual global turnover depending on the severity of the breach.
What is required under GDPR?
These impending changes will apply largely to the way you do email marketing and retargeting your website visitors, for example via Google and Facebook Ads.
Here is a summary I have compiled of what you need to do in order to comply with the new regulations.
- Identify what subscribers on your existing email database are EU residents. You need to either obtain explicit permission from all EU residents to remain on your main database or delete them from your database before 25th May 2018.
- Moving forward, you need to make it very clear what people are signing up for. Separate consent must be obtained for each purpose. For example, you can’t obtain an email address in return for sending the subscriber an ebook and also add that subscriber to your main email database. You must receive separate permission from each. It’s no longer okay to simply include a pre-checked box – the one that requires the person to UNCHECK it in order NOT to be sent emails! Instead, your subscribers will need to consciously, clearly and intentionally request to join your list and receive emails from you.
- Don’t ask for more information than you actually need when collecting data
- Never email people once they have unsubscribed from your list. Make sure to also delete those people from your list all together.
- Keep records of people’s consent. If you’re using a double optin process to collect emails this will assist you in this regard.
- Ensure your website is https secure. While this is important for SEO and user security, you now need this to comply with GDPR for data security.
- Make sure the email marketing service you are using is GDPR compliant and that they have a compliant data processing agreement in place. Also ensure you are able to add a check box or drop-down selection list on your optin forms.
- Here are some of their articles to help you determine how the different services are ensuring they will be compliant.
- MailChimp – New MailChimp Tools to Help with the GDPR
- InfusionSoft – You Need to Know This: An Overview to the New GDPR
- Ontraport – GDPR, Privacy Shield and Ontraport
- ConvertKit – Features + Support for the General Data Protection Regulation (GDPR)
I hope this information has assisted you with an overview of the new regulations and how it will affect your business. As I have mentioned, you need to take action now because if you don’t have express permission from EU residents and they remain on your list and their data isn’t deleted than you will be in breach when it comes into effect on the 25th May 2018.
Here are some links with further information for you around the GDPR:
Australian Government (OAIC): https://www.oaic.gov.au/agencies-and-organisations/business-resources/privacy-business-resource-21-australian-businesses-and-the-eu-general-data-protection-regulation
Amy Porterfield: http://www.amyporterfield.com/2018/04/gdpr/
Social Media Examiner: https://www.socialmediaexaminer.com/how-gdpr-impacts-marketers
About Jayne Day
Jayne is an online marketing strategist and success coach for female entrepreneurs who are ready to take action for massive results in their business. She offers complete online marketing strategies and solutions to female entrepreneurs and business owners so they can be found online by their ideal clients by implementing a range of strategies that all work together and are customised for each client's business.