How will the GDPR affect you?

General Data Protection Regulation

How the GDPR will affect you and your business? By now, you’ve probably heard of GDPR, General Data Protection Regulation and you might have some questions about it. Here’s a quick overview of what you need to consider in the future and how you can comply.

This article is provided as a resource, not legal advice. I encourage you to speak to a legal counsel. The main source of this information is "Legal Guides for New and Growing Online Business Owners" by Automn Witt Boyd.

Even if your business is in the U.S., the European Union’s GDPR will have a direct impact on the way you may collect and use people’s data in the future.

Here are some steps you should take so that you comply with the new GDPR requirements starting May 25, 2018. If you fail to comply with GDPR, you could potentially risk penalties against you and your business.

The new rules obviously depend on the size and the kind of business you are running, what tools you use in your business and how you process or store people’s data. For some, the first step might be a tech audit to see how your business is using data, so you can figure out what you need to do.

New Consent Rules

You need to change your website forms for email marketing. As soon as you have any forms on your website, landing pages, or you have a checkout that collects e-mail addresses or other data, you must tell visitors exactly what you will do with their data AND get their affirmative consent. Here are some of the actions you can take

  • create a checkbox (not pre-checked!) so they agree to receive a newsletter, marketing emails, or any other way you will use their email address; or
  • have a clear notice their email address will be added to your newsletter list (or marketing list, etc.); or
  • send a double opt-in through your email marketing provider, confirming they would like to receive your newsletter, or marketing emails, etc.

You should also link to your new updated privacy policy (see below) on or very near the form collecting data.

Set up a cookie opt-in on your website

If you use cookies at all in your business – Facebook ad pixel and Google analytics fall into that category – you need to get affirmative consent from visitors. This can’t be hidden in your privacy policy or terms of use.

  • Tell people you use cookies and how you’ll use their information (with link to privacy policy); or
  • Click on an “I agree” button: set up a cookie Opt-In on your website

Update your Privacy Policy

As soon as you collect personal information through your website, even just an e-mail address through an opt-in form, from anyone in the EU or UK, you are required by U.S. laws and GDPR to post a policy on your website telling your users what you will do with this information. Here are some important items to include, depending on your business:

  • 1
    List of the data you collect, why you collect it, how you’ll use it
  • 2
    List of the third parties with whom you share individuals’ data
  • 3
    How the visitor can request their data, review and request corrections to their data, or ask that you erase their data
  • 4
    How the visitor can withdraw consent for you to use or store their data
  • 5
    How you notify visitors of changes to your privacy policy
  • 6
    Choices a consumer has regarding the collection, use and sharing of his or her personal information.
  • 7
    The effective date of the privacy policy.
  • 8
    Whom to contact with questions about the privacy policy
  • 9
    Disclose visitors’ rights under GDPR, including the right to lodge complaints

You might need to form an LLC or corporation

Penalties can be very serious, up to 20 million euros or 4% of a business’ gross annual worldwide income, whichever is higher.

Store people’s data securely

Do your best to store data in a secure way; how you do this will depend on your business and the amount and nature of the data you collect. It’s best to limit access to other people’s data only to those who really need it.

Report Data breaches

If you discover a data breach, you must report it within 72 hours, no exceptions.

Make sure your vendors are GDPR-Compliant

You can be held responsible if you store other people’s data with a vendor that’s not GDPR compliant. Vet your vendors (e-mail, apps, and anyone else that handles data that’s not yours) carefully and include terms in your contracts that they bear any liability for non-compliance with the law.

If you want to be that course author,
sign up below and get started. 

We will have our course up and running by mid-March 2019.

By signing up for free you will get a starter kit, your first 3 steps, and

 you will get valuable information in your inbox once a week, on Fridays. 

Please follow and like us:

Leave a Reply

Your email address will not be published. Required fields are marked *