Like it or not, when GDPR becomes law on May 25, it will affect your business, even if you’re not based in Europe. Even if you only have one solitary EU citizen as a customer or a client, it matters – and the fines of €20m or 4% of your business’ annual turnover, whichever is greater, per incident of non-compliance is certainly a great motivator for getting your business GDPR compliant.

Just in case you’ve been living under a rock and the GDPR for business conversation has sailed by you, it’s essentially new legislation which covers the entire European Union. It explicitly concerns the rights of individual’s data rights and privacy, and if you can’t demonstrate that your business is compliant, then those fines will not be far behind.

Of course, it’s a little more nuanced than this: it depends what rule your organization broke, and what the appropriate penalty will be for a business under GDPR. However, the fees are still sky high, making this one fine that nobody wants landing on their desk.

Now, I’m not a lawyer, so you should definitely be consulting with one rather than taking everything I say as gospel – but I do want to offer you some tips because this legislation affects all of us with an online business. Ultimately, we all want to retain our sales and customer base – there’s just now that new, added challenge of GDPR for business.

So, let’s rise to that challenge!

Get Unambiguous Consent From Your Email List

Up until GDPR, collecting emails was simply a matter of getting them to opt-in – preferably after an attractive promotional offer, lead magnet, or whatever strategy you typically use. Once you’ve got that, you can continue to send them other promotions, right?

Sorry, not anymore. GDPR business rules take the position that just because someone opted in to one thing, it doesn’t mean they want all the other things. For example, they might just want that special report – and not the ongoing email newsletter that you also offer.

This is why you’ve been getting so many emails from everyone asking you to opt back into their email list.  Business GDPR requires unambiguous and explicit consent to receiving the materials you will send. The easiest way to do this is simply to add a tick-box that agrees to accept this additional material – say a monthly newsletter full of tips. This goes for any additional materials, including your advertisements, and so on. Make sure people know exactly what you’re going to send, and give them that choice.

It’s not ideal, but if you do business in the EU, then this is going to be mandatory and enforced by crippling fines.

Make Sure Your EU Visitors Love Cookies

Cookies are also an important component of GDPR for business. Sadly, these aren’t the delicious cookies that we all love to eat, but website cookies. Complying with this is not too difficult: you just need to have a little notice at the bottom of your website explaining how you use cookies to give users a better experience. Users can then accept this or deny it – or ‘learn more’ with a link to your privacy policy page if you’re feeling allergic to the deny button.

This is a relatively minor tweak, but it is one that will show authorities that you are taking relevant steps to compliance, which they have noted is important: nobody expects overnight change, and demonstrating good faith will go a long way here.

Make Sure Your Privacy Policy Offers Full Disclosure

You may already have a privacy policy in place – even so, it’s worth going over it again to check that it is in line with your current one. You’ll also want to disclose:

  • Tracking solutions and third-party services in use
  • How long your cookies last
  • How they can delete their data
  • How they can opt out of various services you offer

Again, this is just a broad brush stroke: every business is going to be a little different, and the best thing you can do to ensure that you’re on the right side of  the GDPR business is to hire a legal professional. Not only will this give you peace of mind, but you’ll also feel a lot more grounded knowing that your privacy policy is where it needs to be.

Make Your Business GDPR Data Policies Crystal Clear

The main focus of GDPR for business is really on the right of EU citizens to data privacy and protection. Therefore, the onus is now on you as a business to make it incredibly clear what your data policies are. That means what you do when someone wants their information deleted, how will you delete it, how will you document it, what procedures you will use, and how your team is trained to delete this data.

Yes, it’s pretty thorough!

You need to document this, so people know what you will do. This new openness is causing a lot of headaches for businesses around the world, but ultimately, it’s not a bad thing. With Facebook suffering privacy scandals every other week and consumers growing increasingly concerned about their data and how it’s used, it’s a step forward for consumers.

Conclusion: Business GDPR Doesn’t Have to Be Taxing

These four tips will help you to go a long way toward being data compliant and getting your business GDPR ready. I realize that a lot of you simply don’t want to do this. It’s tedious; you think it might affect your business – all these tick boxes for your email list! – and just a huge encroachment of state upon your liberties.

I understand that, I really do, but I urge you to look at the bigger picture – ignore the fines for now – consumers want more data protection and privacy, and not just in the EU. You don’t need to segment your EU customers off into a GDPR-walled garden. Why not make this a global change to how you do business online?

That’s right – go completely GDPR for your business, even if you don’t have EU consumers. It is highly likely that other nations will follow suit soon, and if you take heed today and become compliant, you’re ahead of tomorrow’s headache. You’re also doing what’s best for consumers by putting them first – not a bad thing in business. Your customers will be happier, and you’ll be able to relax knowing that you’re covered both today – and in the future.