Unless you’ve been living under a rock, you will undoubtedly have heard of the imminent change (on 25th May to be precise) in the EU data protection laws – the dreaded GDPR (General Data Protection Regulation)!
The way we shop, sell and generally communicate with each other has changed drastically since the 1998 Data Protection Act came into force. Daily and without taking much consideration, we are giving people our personal information and handling other people’s personal data. The new regulations are to help those people in the EU have better control over their personal data, access to it and what companies do with it.
So what is meant by personal data?
This is any information that directly or indirectly could identify a person (for example a name, address, email address, phone number, IP addresses). As a small business any personal information you collect, use or store on your customers and clients will fall under the new GDPR.
As more and more business is conducted online, it is increasingly important to know who you are giving your personal data to and what they are doing with it, hence the introduction of GDPR.
Before I go any further, I am NOT legal expert and the content of this post is a summary of articles I have read and my own observations. If you want legal advice then this lady, Suzanne Dibble knows her stuff and does a great GDPR pack for small businesses which you can buy. She also has a Facebook group full of great advice.
So how does this effect my business?
I have seen all kinds of posts in Facebook groups and blog posts comments with people freaking out about getting their business and website/blog GDPR compliant. Don’t panic!
Essentially what it means for your business is that you need to know and inform your clients/customers and even just visitors to your website:
1) What information you hold
2) Where you hold it
3) Why you hold it
4) How you got consent for that information
5) How they can access it
Read/download this guide from the ICO (Information Commissioner’s Office) on 12 steps you can take now to prepare for GDPR.
Not only do you have to ensure that you’re GDPR compliant as a business, you also have to ensure that all your third party service providers, who process personal data for you and are referred to in the new regulations as “processors”, are GDPR compliant too!
This is a great blog post on ensuring your processors are GDPR compliant: https://suzannedibble.com/5-simple-steps-to-check-your-service-provider-is-gdpr-compliant/
Can I still send promotions, service updates, new event information to my email list?
When GDPR comes into effect next week it will become a legal obligation to get explicit and clear consent from a person to collect their data. This should mean a world free of spam, yay!
It will be no longer acceptable and non compliant to email people information about your business or services without their prior consent. In addition, once you have their details from a newsletter sign up you can only email them information they consented to. If they signed up for your free recipe download, you cannot start emailing them about your food coaching business
It is essential that you leave any opt in boxes unchecked, so that by ticking the box the user is giving their consent. You cannot assume consent and the user has to opt out. Also use double opt in when using a email sign up/lead magnet. This can be easily set up through your provider – Mailchimp and ConvertKit guides about being GDPR compliant are linked at the end of this post.
What do I need to do to make my website compliant?
In the event of a hack or security breach, you are responsible for letting your users know about it.
Overall I would suggest collecting no user information by default and take as little information as possible when you do get explicit consent!
Are you making the most of your website?
If you are wanting to breathe some life into your current website or to start getting more traffic to your shiny new website, my free SEO beginners Guide is a great place to start.