How the GDPR will affect you and your business? By now, you’ve probably heard of GDPR, General Data Protection Regulation and you might have some questions about it. Here’s a quick overview of what you need to consider in the future and how you can comply.
This article is provided as a resource, not legal advice. I encourage you to speak to a legal counsel. The main source of this information is "Legal Guides for New and Growing Online Business Owners" by Automn Witt Boyd.
Even if your business is in the U.S., the European Union’s GDPR will have a direct impact on the way you may collect and use people’s data in the future.
Here are some steps you should take so that you comply with the new GDPR requirements starting May 25, 2018. If you fail to comply with GDPR, you could potentially risk penalties against you and your business.
The new rules obviously depend on the size and the kind of business you are running, what tools you use in your business and how you process or store people’s data. For some, the first step might be a tech audit to see how your business is using data, so you can figure out what you need to do.
New Consent Rules
You need to change your website forms for email marketing. As soon as you have any forms on your website, landing pages, or you have a checkout that collects e-mail addresses or other data, you must tell visitors exactly what you will do with their data AND get their affirmative consent. Here are some of the actions you can take
Set up a cookie opt-in on your website
As soon as you collect personal information through your website, even just an e-mail address through an opt-in form, from anyone in the EU or UK, you are required by U.S. laws and GDPR to post a policy on your website telling your users what you will do with this information. Here are some important items to include, depending on your business:
- 1List of the data you collect, why you collect it, how you’ll use it
- 2List of the third parties with whom you share individuals’ data
- 3How the visitor can request their data, review and request corrections to their data, or ask that you erase their data
- 4How the visitor can withdraw consent for you to use or store their data
- 6Choices a consumer has regarding the collection, use and sharing of his or her personal information.
- 9Disclose visitors’ rights under GDPR, including the right to lodge complaints
You might need to form an LLC or corporation
Penalties can be very serious, up to 20 million euros or 4% of a business’ gross annual worldwide income, whichever is higher.
Store people’s data securely
Do your best to store data in a secure way; how you do this will depend on your business and the amount and nature of the data you collect. It’s best to limit access to other people’s data only to those who really need it.
Report Data breaches
If you discover a data breach, you must report it within 72 hours, no exceptions.
Make sure your vendors are GDPR-Compliant
You can be held responsible if you store other people’s data with a vendor that’s not GDPR compliant. Vet your vendors (e-mail, apps, and anyone else that handles data that’s not yours) carefully and include terms in your contracts that they bear any liability for non-compliance with the law.
If you want to be that course author,
sign up below and get started.
We will have our course up and running by mid-March 2019.
By signing up for free you will get a starter kit, your first 3 steps, and
you will get valuable information in your inbox once a week, on Fridays.