5 Ways to Determine if the GDPR Affects You (and What to do About it)

GDPR – Whaaaaaat? If you’ve received a bunch of emails titled “URGENT, DON’T DELETE: GDPR and everything you need to know,” you’re not alone.

It’s like gibberish at this point, and I’m not surprised. If you aren’t familiar with the new GDPR rules, aka the General Data Protection Regulation from the European Union (EU), then you’re in good company!

It’s a new set of rules, and tells us what we are allowed to do with things like names, emails and personal details we collect online. It’s also more important now than ever before, with the compliance date of May 25, 2018. If you haven’t read up on what this means for you, here’s a beginners guide to the GDPR and your chance to learn everything you need to know to keep your booty cutie (and a little bit more).

WHAT IS THE GENERAL DATA PROTECTION REGULATION (GDPR)?

We’ve all heard about the big data breaches. That time a-shall-remain-nameless retailer had its credit card numbers lifted (we forgive you). The (it seems like daily) emails we get from doctors offices, software providers and online shops that email us with an, “oops! Someone hacked our system and your data may be compromised.”

The GDPR was designed to help protect us as internet users from these breaches of trust. It is designed to do that in two ways: (1) it makes consent to use your name, email and other data optional, and (2) if there is a breach, it forces the site/shop to tell you within 72 hours, not months and months after a cyber attack or hack.

5 WAYS TO TELL IF THE GDPR APPLIES TO YOUR SMALL BIZ

Even though this new General Data Protection Regulation is focused on European markets, there will be many businesses in the US who will have to comply. Here’s how you can figure out if you are one of them:

1. A reasonable amount of people who are on your email list or who visit your site are based in the EU (which includes the UK); or
2. You use EU-based languages to market your goods and services; or
3. Your domain name ends with an abbreviation that’s EU-based (e.g., .co.uk for the United Kingdom, .es for Spain); or
4. You accept payment in Euros; or

5. You target European countries for sales, including the United Kingdom.

If you fit into any of the above, it would be a great idea to keep reading.

WHAT HAPPENS IF I DON’T COMPLY?

If you don’t comply, the EU is threatening big fines, up to €20 million for businesses like us. In reality, though, this isn’t the biggest threat. It’s unknown how often or even how the EU will find businesses who choose not to comply. It’s also known that they will attempt to warn non-compliant businesses before seeking to enforce the rule.

Ladies and Gents, the biggest issue at the time of publication is the potential for getting kicked off your software and social sites.

If you woke up one day and you were frozen out of Instagram, never to get access to those followers back again, what would you do? Your email list? Facebook? YOUR WEBSITE? Okay, enough with the doomsday-ish, because this isn’t that hard to comply.

How ‘bout let’s not find out what the worst-case-scenario is and instead, use these three easy steps to wiggle our way into compliance?

HELP! HOW CAN I BECOME GDPR-COMPLIANT?

I know, it’s scary and you’re probably feeling like someone’s going to come knocking on your door, ready to arrest you. Instead of wasting your time piece-mealing a plan together based on your Google searches or attending a million pieces of training only to feel like you’re still not sure, we’ve got you. You’re likely sick of practically becoming a GDPR expert with all the conflicting and confusing info swamping your inbox, so here are three easy things to do to bring yourself into compliance faster than a sale at Sephora.

STEP 1.  ADD A PRIVACY POLICY AND TERMS & CONDITIONS TO YOUR SITE.

Terms and conditions + privacy policy is something super fun, disguised as a bore-fest. When you launch a website, you become the queen (or king) of that domain. Literally y’all, you’re queen/king of the castle now. And as the supreme ruler of your own internet parcel, you get to make the rules. Your terms and conditions tell people what is and is not allowed. For example, if you do not want people right-clicking and saving or sharing your images, that’s where this information would be housed.

A privacy policy is slightly different. It tells anyone who visits your site what information you’re collecting from them, from cookies to names and emails. It also tells your visitors what you do with this information.

The privacy policy has always been required by US law, and setting up rules for your visitors (terms and conditions) has always been a good idea. It helps you to have something to reference for FAQs, like, “what is your refund policy?” and, “can I use your images with credit?”

This step is nothing new for business owners, but having a GDPR-compliant privacy policy looks a little different than policies of yesteryear. Be wary of random templates you get from friends or Frankenstein together from the internet yourself (plus, ya know, copying is bad karma).

Consider buying this one that is GDPR-compliant and will always be up-to-date with any future legal or industry changes. Plus, Jenna is an affiliate of our shop so you’ll be supporting her and the great content she produces as well.

STEP 2. CONSENT TO OPT-IN IS NOW REQUIRED.

Unfortunately, where Step 1 (see above) used to be enough, it no longer is under the GDPR. One of the major changes is the requirement you get consent from the visitor when they opt-in for your content upgrades and freebies. This consent has to be freely given, so online shop owners (heyyy-oooo!) will need to make sure any opt-ins aren’t checked ‘yes’ by default upon purchase if the purchaser is from the EU.

I’ve gotten a lot of questions about, “well, what if someone doesn’t consent? How do they get the opt-in then?” The answer is they don’t. They have to consent to get your free or paid thing/content if they are from the EU. If they don’t agree to the rules, they don’t get to play the game.

STEP 3. KEEP LEARNING ABOUT THE GDPR.

The truth is we only know how this thing is going to look and work in theory until the EU starts enforcing it, and we don’t know when that will be. If you want to get access to all the resources mentioned here, PLUS additional fun, easy trainings that bring you into compliance, click here to use our affiliate link and buy the GDPReady™ bundle, which gives you access to a bonus check up from Christina and her team, to personally make sure you’ve implemented the bundle correctly!

Inside, there’s a list of resources you can use to make compliance and data collection painless for you, tutorials on how to install and set everything up specific to your website platform and email provider (ex: Mailchimp, Convertkit, etc.) and trainings on how to outsmart this beast and get more opt-ins despite the EU making it harder than ever to capture a lead and grow your list.

NEED MORE HELP? GRAB THE GDPREADY BUNDLE HERE