What is GDPR and Why Should I Care?
You’ve probably opened your email to a bunch of subject lines like this “Updates to our Privacy Policy” and you might be wondering why. Tomorrow, May 25th marks the day everyone must be GDPR compliant. GDP what? You might be wondering What is GDPR and Why Should I Care?
So, we are going to explain all of that to you now!
What is GDPR?
Let’s start from the top, what the heck is GDPR anyways?
GDPR stands for General Data Protection Regulation. It’s basically a privacy law from the European Union that goes into effect on May 25th, 2018 pertaining to ALL entrepreneurs (whether you are big or small).
It doesn’t matter if you are just starting to sell or market online. It affects everyone that does ANY sort of business online.
Positions included (but not limited to) are:
- Bloggers
- Authors
- Advertisers
- Marketers
- App Creators
- YouTuber’s
- Anyone that participates in a MLM (LuLaRoe, Paparazzi, Mary Kay, etc.)
- Real Estate Agents
- Travel Agencies
- etc.
While this is an EU law, it pertains to ALL online entrepreneurs or marketers that not only do business IN the EU, but do business or generate leads from people within the EU.
GDPR is a new set of rules that is designed to give persons in the EU more control over their personal data… so in its raw form, it applies to the processing and handling of EU personal data. This covers everything that you do with personally identifying data that you collect from anyone in the EU… and how you handle that data. Everything from collection, to deletion of data.
You might be thinking, well, I don’t do any of that but guess what, you DO!
You know when you boost an ad on Facebook or ask someone to sign-up to receive email newsletters? That is called marketing.
Any time you are marketing through an online or digital media, you must be within GDPR compliance.
At it’s core – a person MUST know that they are giving you personal information such as their email address, mailing address, name, phone number etc. They also MUST be fully aware if you are collecting data such as their IP address, web browsing history, cookies, etc. Basically any time you ask for anything from anyone online you must disclose it and that person must be aware that it’s being done and that they can opt out at any time.
Remember that whole mess with Facebook collecting information about you and sharing it with a third-party? Well, this is basically a way to prevent that for all EU persons.
So, why should you really care if you are GPPR compliant?
The simple answer is: you don’t want to be penalized.
The financial penalties for non-compliance are higher than for the old Data Protection Act. There’s an upper limit of €20 million or 4% of your annual global turnover, whichever is greater. The authorities can also:
-
Issue warnings
-
Carry out audits
-
Demand that you fix things within a strict deadline
-
Demand you erase data
-
Stop data transfers to other countries
-
Apply these powers to data controllers and processors and data processors
“But, I only do business within the US”.
^ You might be thinking that but do you really know? The thing is, it would be really HARD to prove you only are emailing or showing ad’s to US based residents only. So, is it really worth taking the risk?
I surely don’t think so!
So, how can you be compliant?
Well, this is a bit more complicated and we ARE NOT ATTORNEY’S nor do we claim to be. So, please don’t use this post as the only representation on how to get GDPR compliant by tomorrow. We recommend consulting your own attorney to ensure you are compliant by May 25, 2018.
However, in the meantime there is a great article we found on how to get started on being GDPR compliant. It contains step-by-step instructions and can help you at least get your email subscribers under control and ready for the changes.