1. Those who got right on it updated their policies and sent out emails to their followers
2. Those who stuck their fingers firmly in their ears and went ‘La la la, I CAN’T HEAR YOU!!!’
If you fall into the former category, well done. You’re very excellent.
Why do you even need to know about this? Well, it’s all about consent and users of the internet being protected online. The GDPR (General Data Protection Regulation) is just making sure that when you use a website, you are protected against the website owner stealing your identity, clearing your bank accounts and heading off to early retirement in the Caribbean. Actually, it’s more about stopping the website from selling your identity so someone else can clear your bank accounts and head off to early retirement in the Caribbean.
This mostly applies to the big players who have a presence in Europe – Google, Apple – all those big guns. However, if you’re a small business you still need to find a way to comply, so you don’t get slapped with fines.
Sorry, can you explain to me what the GDPR is again?
It’s basically about user rights. The GDPR gives users of any website the following good stuff…
– the right to know what data a company has about you and what it’s used for
– the right to know if they’re sharing (or selling) this valuable data and whom they’re sharing (or selling it) to
– the right to access your data
– the right to (within reason) have your data removed or erased from their control
So if you’re a small business (or a huge business!), you need to get this stuff sorted ASAP. Or like, yesterday.
I don’t live in Europe. Does this still apply to my business?
Yes. If you have customers that reside in Europe (which you probably do if you run an online store because the internet is global), then you must comply for those customers even if you live in the US or Australia. Technically you don’t need to comply for customers who don’t live in Europe, but that’s just a logistical nightmare. Applying the GDPR policies to all your customer relations, regardless of location is the way to go.
So… how do I comply?
It all seems very complicated and scary but the main thing is that is that you have to be very transparent and ethical with any personal data you process. It’s like when you find out your neighbour is pregnant and her husband isn’t the father – it’s not cool to pop that info on Facebook is it? The same thing applies with your customer data. Here are some things you need to consider.
– Firstly, understand what data you’re collecting. Are you collecting names, email addresses, banking details? Is that information considered sensitive, like are you asking for a person’s health history? Learn about your data sources, where and how long it is stored, and how it is used.
– Get yourself a consent policy. You can use services like IUBENDA that will generate a policy specifically for you, or you can use a free template available here if your business is fairly basic with its data collection.
– Review and update your security processes. If you use reputable, well-known programs to collect payments and information from your clients, MOST of these are covered under the GDPR but check to make sure you’re using compliant software.
– Don’t be dodgy. When asking your clients or customers for information about themselves, be SUPER clear on what you’re going to use it for.