Your Small Business and GDPR in 2018
By now you should have received new privacy policies and terms and conditions for many of your tools and apps. In case you have been living under a rock for the past week or so you should have heard about the new GDPR regulations that go into effect on May 25, 2018. If not, here’s a quick rundown of the new GDPR regulation.
What is GDPR?
The general data protection regulation is a regulation in EU law on data protection and privacy for all individuals within the European Union. It addresses the export of personal data outside the EU.
The general goal of the GDPR is to protect EU citizens personal data. This is more about transparency between businesses and customers.
[bctt tweet="In case you have been living under a rock for the past week or so you should have heard about the new GDPR regulations that go into effect on May 25, 2018. If not, here’s a quick rundown of the new GDPR regulation." username="jesstechpreneur"]
How the GDPR applies to US businesses
Anyone who collects personal information from EU residents must comply with the GDPR regulations.
Personal information includes:
Other Contact information
Credit card details
Geo Location Data
Google Analytics Information
Even if you have one customer that is within the EU you will need to make sure that you are compliant with the GDPR.
[bctt tweet="Even if you have one customer that is within the EU you will need to make sure that you are compliant with the GDPR." username="jesstechpreneur"]
What’s affected by the GDPR?
There are four main areas of the GDPR that will affect U.S. businesses: Email Opt-in forms, Email marketing, privacy policies and website consent. The new regulations make gathering consent and informing the person a top priority. It not only protects the people but the businesses also.
Now before we dive into the next section, I must say that these recommendations are based on the research that I completed and I recommend you complete further research or consult with a lawyer to ensure your business is compliant.
Email + Website Sign up Forms
On your website signup forms and email signup forms, you must have a checkbox unchecked so that the user can click to give you consent to contact them. The GDPR states they have to give information freely, specific and informed consent, meaning you have to be very transparent in what they are consenting to.
Even if a user goes to your blog, downloads a freebie and you email them with the download, that’s ok. But it does not give you consent to add them to your email list and send regular email campaigns, you will need to ask and receive consent by the user checking a checkbox that tells them exactly what they are consenting to.
Third party apps/ plugins / Tools
GDPR regulations shouldn’t be taken lightly, you never know when an EU individual may come to your site and purchase something or subscribe to your email list. It’s better to be prepared in case then to think it doesn’t apply to you and end up with a fine.
In all transparency, I feel the GDPR regulation is great for EU and US individuals. It doesn’t hurt to tell your visitors what information you are collecting and what you're using it for.