Let’s talk about the big ‘ole elephant in the entrepreneurial room- GDPR. There is no avoiding it. It’s time to make sense of this new regulation and make sure we’re complying.
GDPR is the General Data Protection Regulation. It’s an EU law intended to protect the privacy of data for EU individuals, but that doesn’t mean it’s just for EU entrepreneurs.
If you’re in the EU, you’ve likely heard a ton about it and know you must comply. If you’re outside of the EU, it’s definitely worth your attention. It likely effects how you do business as well since EU individuals are probably engaging with your website, subscribing to your email list, downloading your free lead magnets, or purchasing your services.
First, I’m not a lawyer, and I don’t even play one online. I’m probably just like you- a bit overwhelmed about what this means for my business. (i.e. None of this is legal advice and you should chat with a lawyer.) I’ve been lucky to find some great resources that are helping me make sense of GDPR and want to share them with you here.
Since we’re chatting about an EU regulation, the BBC seems like a good place to start.
- Check out this quick video that offers an overview of the new policy.
- BBC local radio also offers this 10 minute Q&A with the Deputy Information Commissioner.
- The new legislation includes all organizations. Contrary to rumors that businesses under 250 people didn’t need to comply.
- It’s OK to retain information on customers that you have an existing relationship with. (This seems contradictory to “experts” that have been advocating your customers need to give consent again.)
- Yes, it includes post (i.e., snail mail) as well.
- You’ll want to consider data that you keep locally on your computers and the potential for the computer and the data to get into someone else’s hands.
- The regulation moves towards a condition of “opt-in” consent meaning that not taking action doesn’t imply consent. For example, if a company sends an email asking a subscriber to offer consent, the recipient must click to give permission. The email can’t be written in such a way that the recipient doing nothing implies consent.
Get Clear and Get Moving
with this list of the first 10 steps to building your coaching or consulting business!
Information Commissioner’s Office
- If you want a REALLY thorough understanding of GDPR, check out the Information Commissioner’s Office Website section on GDPR. One part worth checking out is the section on “consent” and specifically the checklist the offer. Note: If you’re prone to overwhelm, this site might not be for you. There is a lot of info here, and not all will pertain to your business.
- The ICO’s website also offers “12 Steps to Preparing for GDPR.”
Online Marketing Made Easy Podcast
My favorite primer for understanding and getting compliant with GDPR is Amy Porterfield’s interview with Attorney Bobby Klink. For me, this is the Goldie Locks approach to GDPR- not too much, not too little, just right for your business. GDPR is a huge regulation that encompasses both the micro-businesses and the Google’s of the world. Bobby is a lawyer turned online entrepreneur so he “gets it.” I appreciate Bobby’s layman’s terms approach to discussing GDPR and his ability to cut through this massive regulation and help you decipher what aspects are most applicable to you.
Your Online Genius
If you liked Bobby’s approach on Amy Porterfield’s website (and I think you will!), check out his free, three-part GDRP training.
Your Email Provider
Since much of how you need to comply with GDPR is related to how you gather, manage, and interact with email subscribers, your email provider is another excellent source of information. Many have adopted tools to help you comply with GDPR such an IP recognition that sorts EU and non-EU subscribers and amended opt-in forms. Comparing the different companies, you’ll see they take varying approaches to compliance. Some have clumsy workarounds, others have created intuitive systems to comply.
No matter how you slice it, complying with GDPR will likely be a bit clumsy for us all but it’s well worth our attention. While the EU is the first to establish these types of regulations, it’s foreseeable that other countries will follow suit soon.
How are you complying with GDPR? Tell us below the steps you’re taking.