Like it or not, when GDPR becomes law on May 25, it will affect your business, even if you’re not based in Europe. Even if you only have one solitary EU citizen as a customer or a client, it matters – and the fines of €20m or 4% of your business’ annual turnover, whichever is greater, per incident of non-compliance is certainly a great motivator for getting your business GDPR compliant.
Just in case you’ve been living under a rock and the GDPR for business conversation has sailed by you, it’s essentially new legislation which covers the entire European Union. It explicitly concerns the rights of individual’s data rights and privacy, and if you can’t demonstrate that your business is compliant, then those fines will not be far behind.
Of course, it’s a little more nuanced than this: it depends what rule your organization broke, and what the appropriate penalty will be for a business under GDPR. However, the fees are still sky high, making this one fine that nobody wants landing on their desk.
Now, I’m not a lawyer, so you should definitely be consulting with one rather than taking everything I say as gospel – but I do want to offer you some tips because this legislation affects all of us with an online business. Ultimately, we all want to retain our sales and customer base – there’s just now that new, added challenge of GDPR for business.
So, let’s rise to that challenge!
Get Unambiguous Consent From Your Email List
Up until GDPR, collecting emails was simply a matter of getting them to opt-in – preferably after an attractive promotional offer, lead magnet, or whatever strategy you typically use. Once you’ve got that, you can continue to send them other promotions, right?
Sorry, not anymore. GDPR business rules take the position that just because someone opted in to one thing, it doesn’t mean they want all the other things. For example, they might just want that special report – and not the ongoing email newsletter that you also offer.
This is why you’ve been getting so many emails from everyone asking you to opt back into their email list. Business GDPR requires unambiguous and explicit consent to receiving the materials you will send. The easiest way to do this is simply to add a tick-box that agrees to accept this additional material – say a monthly newsletter full of tips. This goes for any additional materials, including your advertisements, and so on. Make sure people know exactly what you’re going to send, and give them that choice.
It’s not ideal, but if you do business in the EU, then this is going to be mandatory and enforced by crippling fines.
Make Sure Your EU Visitors Love Cookies
This is a relatively minor tweak, but it is one that will show authorities that you are taking relevant steps to compliance, which they have noted is important: nobody expects overnight change, and demonstrating good faith will go a long way here.
- Tracking solutions and third-party services in use
- How long your cookies last
- How they can delete their data
- How they can opt out of various services you offer
Make Your Business GDPR Data Policies Crystal Clear
The main focus of GDPR for business is really on the right of EU citizens to data privacy and protection. Therefore, the onus is now on you as a business to make it incredibly clear what your data policies are. That means what you do when someone wants their information deleted, how will you delete it, how will you document it, what procedures you will use, and how your team is trained to delete this data.
Yes, it’s pretty thorough!
You need to document this, so people know what you will do. This new openness is causing a lot of headaches for businesses around the world, but ultimately, it’s not a bad thing. With Facebook suffering privacy scandals every other week and consumers growing increasingly concerned about their data and how it’s used, it’s a step forward for consumers.
Conclusion: Business GDPR Doesn’t Have to Be Taxing
These four tips will help you to go a long way toward being data compliant and getting your business GDPR ready. I realize that a lot of you simply don’t want to do this. It’s tedious; you think it might affect your business – all these tick boxes for your email list! – and just a huge encroachment of state upon your liberties.
I understand that, I really do, but I urge you to look at the bigger picture – ignore the fines for now – consumers want more data protection and privacy, and not just in the EU. You don’t need to segment your EU customers off into a GDPR-walled garden. Why not make this a global change to how you do business online?
That’s right – go completely GDPR for your business, even if you don’t have EU consumers. It is highly likely that other nations will follow suit soon, and if you take heed today and become compliant, you’re ahead of tomorrow’s headache. You’re also doing what’s best for consumers by putting them first – not a bad thing in business. Your customers will be happier, and you’ll be able to relax knowing that you’re covered both today – and in the future.