YIKES! How is GDPR going to affect my online business?
A $20-million fine? Just for not following some new EU internet rules?
Are they serious?
It’s been several years in the making and May 25, 2018 is launch date for GDPR.
But what is GDPR? And should you be worried as a small online business owner?
PROTECTING THE CONSUMER
Disclaimer: I’m not a lawyer and this post does not contain legal advice. Always work with your legal counsel to determine the right decisions to make about regulations.
Let’s take a look at the EU General Data Protection Regulation (GDPR) to get an understanding of what it is about and how it might affect you if you are an online business owner collecting people’s email addresses and names to market to.
The main point to keep in mind is that the regulations under GDPR are designed to protect people’s private data in an era where typically large companies – such as Facebook and Google – appear to be playing fast and loose with people’s private data, even to the point of monetizing it or selling it.
Maybe you have heard of some of the horror stories of people’s personal data being misused.
So although the institution of regulations and potential fines might seem like an unwelcome intrusion into your efforts to build a business online, the main thrust is aimed at protecting people’s personal data and encouraging online business owners to treat people’s private information – including names and emails – with respect.
The big fines come in for big companies that don’t play by the rules.
DO ONLINE BUSINESS OWNERS NEED TO WORRY?
Firstly, it is important to take this seriously if you are marketing to people in the European Union – and that includes the UK even when it leaves the EU as the UK looks set to retain some form of personal data protection.
NOTE – Do not rely on this one blog post. Please check out the links below in this post for more details and spend some time learning what the GDPR and what it might mean for you as a small business owner.
Secondly, don’t freak out! Seriously. There has been a fair amount of negative media coverage of the potential of fines up to $20 million. This could happen to a big company that fails to protect people’s personal data. But the approach for small business owners it to encourage them to comply with the new rules. And there would be a process in which a small business would first be contacted to ask them if they are complying with the new rules before more drastic steps are taken.
Thirdly, don’t run scared! I have seen comments from some small online business owners saying – “okay, I am not going to market to potential customers in the EU.”
Such an approach is not necessary. Plus it is hard to avoid not scooping up the emails of EU citizens in your online business process.
By and large, many internet marketers and online business owners reach out for customers worldwide and if you are collecting people’s names and emails chances are some of them will come from the UK and Europe.
SO WHAT SHOULD YOU DO?
Award-winning data protection lawyer Suzanne Dibble says those working online should consider the GDPR rules as “an opportunity” in that it protects the consumer and could help online business owners obtain more-targeted leads and customers. Maybe this can be described as an opportunity – but it does impose some extra effort on business owners in order to comply.
Ms Dibble provides free training and a paid course to help online business owners bring in the necessary changes.
See her Facebook group HERE.
In essence, there are four main steps that an online business owner needs to take to become compliant.
They are:
(1) Adjust the email optin box to collect leads to make sure the prospect understands what they are signing up for.
(2) A new privacy policy – with a link to this in the optin box and in the website footer, plus Cookie Consent, Terms & Conditions, Right to be Forgotten, Data Access etc.
(3) Make sure to include an “unsubscribe” button at the bottom of your emails and a “Modify your details” option. (Most autoresponders provide this)
(4) Make sure you protect personal data. (Hopefully your autoresponder will do this)
All this assumes and expects that you will not play fast and loose with people’s emails and details, not selling it to a third party.
And there are other rules if your online business is of a certain size and complexity, where you are dealing with more than collecting a name and an email address (such as more detailed personal information).
How should you proceed in terms of getting informed and the action steps to take?
Firstly, my suggestion would be to join Suzanne Dibble’s free Facebook group and get the details. Take some time to go through it. This provides a good overview.
Secondly, there is at least one product available that that is designed to help you become compliant “faster and easier”, namely the WP GDPR FIX for WordPress users that gives you the drafts of what you need to put on your websites. (NOTE: I am providing the affiliate link of a colleague of mine as a courtesy to him and a service for you – CHECK HERE) Please do your own due diligence and assessment as to whether this is right for you.
Thirdly, check out the advice of Shane MeLaugh at Thrivethemes.com – HERE for a rundown on how to adjust your email sign-up forms.
Mr MeLaugh provides a useful rundown on the steps to take with the optin box and your emails.
And DON’T FREAK OUT – it does not involve boxes to tick (if you have seen negative media stories and comments on this).
Mr MeLaugh suggests the following to make your email marketing compliant (see his post for details):
1. Take an index of all the opt-in forms and lead generation landing pages on your website.
2. For each opt-in offer you have, decide which of the 2 approaches is best. Will you add a checkbox to the forms or change the copy? And to what extent will you change the offer itself? (Check his post for details)
3. Update your opt-in forms and lead generation landing pages to reframe your offer and make sure visitors can clearly anticipate what’s going to happen after they sign up.
4. Make sure that your terms & conditions or privacy policy are easy to find from any page that contains an opt-in form.
5. Make sure your emails all contain an unsubscribe link and a “modify my subscription” link.
6. Get all this over with, so you can go back to focusing on more important parts of your business.
These are sensible relatively minor adjustments. Take the time to read his post carefully HERE.
Ms Dibble suggests not to copy other people’s privacy policies. She provides a privacy policy template, but that is within her comprehensive paid training course available at a reasonable price. The WordPress plugin I have suggested also contains a template – plus the other terms and conditions you need for your website.
STAY COOL AND READ UP
It can seem a hassle to have to go through this process and it might be tempting to ignore it.
Don’t.
Take time out to read up on this through the options provided in this post. Take the steps necessary to update your website(s) and your email optin process.
Most online business owners and internet marketers will need to make the changes to become GDPR compliant.
ANYTHING ELSE?
There are issues that need to be addressed such as how to handle an existing email list (is it necessary to call on your subscribers to re-opt in?), emails that are derived from you promoting an affiliate products which you then transfer to your own autoresponder account, etc.
But the main points to bear in mind are the points I have provided above. Aim to move forward to indicate to your leads, followers, customers and clients that you take their privacy and the use of their data seriously so that you are viewed as a responsible and concerned online business owner.
Take this seriously but don’t lose sleep over it.
Some months down the line you will look back and thank yourself that you made the right moves and that this hassle to get compliant is behind you.
NOTE: As noted, I am not a lawyer and this post does not contain legal advice. Always work with your legal counsel to determine the right decisions to make about regulations. Myself and my team are monitoring the use of GDPR by online businesses and hope to provide more pointers going forward.