Your Small Business and GDPR in 2018

May 22, 2018 E-Commerce,Website Help

By now you should have received new privacy policies and terms and conditions for many of your tools and apps. In case you have been living under a rock for the past week or so you should have heard about the new GDPR regulations that go into effect on May 25, 2018. If not, here’s a quick rundown of the new GDPR regulation.

What is GDPR?

The general data protection regulation is a regulation in EU law on data protection and privacy for all individuals within the European Union. It addresses the export of personal data outside the EU.

The general goal of the GDPR is to protect EU citizens personal data. This is more about transparency between businesses and customers.

In case you have been living under a rock for the past week or so you should have heard about the new GDPR regulations that go into effect on May 25, 2018. If not, here’s a quick rundown of the new GDPR regulation. Click To Tweet

How the GDPR applies to US businesses

Anyone who collects personal information from EU residents must comply with the GDPR regulations.

Personal information includes:

  • Name
  • Email Address
  • Address
  • Phone
  • Other Contact information
  • Credit card details
  • Bank details
  • Geo Location Data
  • IP Address
  • Google Analytics Information

Even if you have one customer that is within the EU you will need to make sure that you are compliant with the GDPR.

Even if you have one customer that is within the EU you will need to make sure that you are compliant with the GDPR. Click To Tweet

What’s affected by the GDPR?

There are four main areas of the GDPR that will affect U.S. businesses: Email Opt-in forms, Email marketing, privacy policies and website consent. The new regulations make gathering consent and informing the person a top priority. It not only protects the people but the businesses also.

Now before we dive into the next section, I must say that these recommendations are based on the research that I completed and I recommend you complete further research or consult with a lawyer to ensure your business is compliant.

Now…

Privacy Policies

YOUR PRIVACY POLICY TELLS YOUR VISITORS THAT YOU ARE COLLECTING INFORMATION FROM THEM VIA COOKIES OR ANALYTICS TRACKING. IT ALSO NOTIFIES THEM HOW THE INFORMATION IS COLLECTED, WHAT IS BEING COLLECTED AND IF IT IS BEING STORED. (THIS IS A MUST FOR ANY WEBSITE)

One of the GDPR requirements is to make sure your privacy policy is clear, easy to read and understand. It needs to outline how you use a visitors data, why you need it and how they can revoke consent at any time.

Email + Website Sign up Forms

On your website signup forms and email signup forms, you must have a checkbox unchecked so that the user can click to give you consent to contact them. The GDPR states they have to give information freely, specific and informed consent, meaning you have to be very transparent in what they are consenting to.

Even if a user goes to your blog, downloads a freebie and you email them with the download, that’s ok. But it does not give you consent to add them to your email list and send regular email campaigns, you will need to ask and receive consent by the user checking a checkbox that tells them exactly what they are consenting to.

Easy Opt-Out

Opting out of a list should not be difficult, if you have a subscriber that no longer wants to follow you, they should be able to easily remove themselves from your list easily. You should inform your subscribers how to unsubscribe from your list with each email to ensure they know they have the option to leave at any time. To ensure this you can easily add a link to the footer of your website, inside your privacy policy and in the footer of your email campaigns.

Cookies

Cookies are data packs that are stored in your computer’s browser directory, they are used by websites to keep track of your movements through that particular website. It lets you pick up where you left off on that site, remember logins, and other customization functions on different websites. Cookies do not store any information that could expose your personal information, just enough to enhance and customize your experience. Each website that uses cookies has to inform you that cookies are being used, document what information they are using and how they are using it.

Using cookies on your website needs to be outlined in your privacy policy and on your website, you must also make it clear how to opt out of cookie tracking in their browser settings.

Third party apps/ plugins / Tools

Every apps/plugin/tool that holds user’s personal information needs to be GDPR compliant by May 25th. Even though this is one of the aspects you don’t have control over, you must protect your business. If you haven’t received an updated privacy policy or notice, you should reach out and see if they plan on becoming GDPR compliant before the deadline.

GDPR regulations shouldn’t be taken lightly, you never know when an EU individual may come to your site and purchase something or subscribe to your email list. It’s better to be prepared in case then to think it doesn’t apply to you and end up with a fine.

In all transparency, I feel the GDPR regulation is great for EU and US individuals. It doesn’t hurt to tell your visitors what information you are collecting and what you’re using it for.


Also published on Medium.