No need to freak out, but, yes, you need to understand what’s going on and make some changes to your website, so here I will give you an easy-to-understand overview of what GDPR is all about, and you can sign up to get a checklist of the changes you need to make on your website:
Disclaimer:
The following is an informative article in which I share with you what I have gathered from my research on the GDPR topic. It is not to be considered legal advice, so if you want to make 100% sure that your website and business is compliant, I recommend you work with a local lawyer to ensure you have your documents and registrations in place.
Please note that the information is adapted to the kind of business that my typical clients has, which is a small service-based businesses offering coaching or consultancy services.
If this is you, you probably have one or more of the following functions in place on your website:
- Sign-up forms for your freebie and newsletter
- Contact form
- Online scheduler to book consultations with you
- Payment collection for any online digital product(s)
Let’s get to what this is all about…
What is GDPR?
It stands for General Data Protection Regulation.
One of the main points of the GDPR: To make it easier for people to understand what happens to their data when they browse websites and submits information through various kinds of forms (subscription forms, contact forms, purchase forms etc.)
Lots of these rules were already in place, but the new thing is that they are now unified across Europe, hence the frenzy and the deadline.
The focus is on the rights that EU citizens have under this regulation:
- The right to know exactly what’s going to happen with the data they submit
- E.g. you can’t say “sign up to my freebie”, without informing them that they will also be getting newsletters, promotions etc.
- The right to know what kind of data is being collected, why it’s being collected, and how it’s going to be used
- E.g. website cookies (you can read about what they are in my own website’s cookie policy)
- The right to modify or completely delete the data you have collected
- E.g. they need to easily find out how to contact you to have their data modified or deleted, and your emails should always offer a link for them to update their subscription preferences.
Who needs to comply with the GDPR?
Although the regulation is focused on data protection and privacy for all individuals within the European Union, even if you’re outside the EU, you need to comply with GDPR if you process personal data of EU citizens. E.g. if your business is based in the US, but you have people in the EU filling out any kind of forms on your website (contact form, sign-up form, online scheduler), you have to comply.
What is considered personal data?
The obvious is names and email addresses, but it also includes IP addresses, location data, and any additional data you may collect in your forms like phone number, physical address, credit card details etc.
Will I get fined if I don’t comply?
This is the part of GDPR that freaks us all out, right? But the law is not out to get you, waiting around the corner of 25 May to search your website with a magnifying glass for GDPR mistakes. It’s rather mega big companies, the kind who benefit economically from collecting and using personal data, that should bite nails more than us.
From what I’ve understood, and I believe this is true from a common-sense point of view, this is the situation:
If you collect someone’s data, and they file a complaint against you, there would typically be a series of notifications and warnings in place before fines are issued. Usually what happens if someone is unhappy, is that they first send a request to you directly to delete or modify the data you have on them. If you ignore them, yes, you risk that they report you (so don’t make enemies until you have your GDPR stuff in place).
This doesn’t mean you shouldn’t take steps to comply. The risk, even if it may be small, is really not worth it. Then fines are issued according to the gravity of your infringement and your profit.
What do I need to do with my current subscribers?
Unless your website was already asking for proper consent under the GDPR rules (most of us surely didn’t do that…), you need to ask them to resubscribe before 25 May 2018.
What does it mean to get “proper consent” under the GDPR?
Send an email to your current subscribers that asks them to take action to confirm that they want to stay, that they explicitly agree with the kind of emails you want to send them, and that they accept your GDPR compliant privacy policy. It’s not enough to just remind them that they can unsubscribe.
Important: Your sign-up process and privacy policy have to be compliant before you ask them to re-subscribe. Understand that the whole point of asking them to resubscribe is that they agree to your new or updated policy and to the kind of emails that will be sent to them. So you need to make sure your sign-up process and website is compliant before you send that email, ok?
For details on what you need to change on your website, sign up for my checklist:
Summa Summarum
GDPR is about being transparent with your website visitors. Tell them:
- What information about them is being collected when they visit your website
- Let them know your website uses cookies (almost all websites do) and provide details of the purpose of each specific cookie.
- What will happen after they to submit their data in forms
- Let them know what to expect before submitting + provide a link to your Privacy Policy.
Sign up for my GDPR Website Checklists to understand which parts of your website you need to adapt:
Leave a Reply