What you don’t know will hurt you – GDPR and your website

It’s been said that what you don’t know won’t hurt you. NOT TRUE. It certainly will affect you. On May 25, 2018, to be exact.

“You” being anyone who owns a website. And emails people. There, that covers a lot of us. It especially covers those of us with websites and email lists, doing online marketing. Selling goods or services online.

GDPR stands for General Data Protection Regulation and is hailed as the most important change in data privacy regulation in 20 years in Europe.

Oh, I’m not in Europe. So that doesn’t apply to me. You had me worried for a moment.

Yeah, not so fast there. It most certainly applies if you process data about individuals in the context of selling goods or services to citizens of the European Union (or monitor the behavior of said subjects). (Official website for GDPR here.)

Here’s the rub: If you have a website and market online (including an email list with freebie offers), that’s certainly visible to people in the EU and they can sign up for that email list or buy from you. So you have to comply with GDPR. No matter if you’re in Kansas, Australia, Antarctica or any other place on Earth.

That has some online marketers wish this law had never been passed. They see that we all will have to change how we do things. Some a little. Some a lot.

However, a marketer I spoke with today commented that ultimately this law is only about making sure personal data is handled they way it should have been handled all along. Because we all know the horror stories of personal data ending up where it definitely shouldn’t. Cambridge Analytica, anyone?

The EU is not an outlier. Canada will probably follow soon. And California now has a method for regular folks like you and me to report websites that fail to have a proper website privacy policy that meets California law. This is way closer to home than you might think.

Back to GDPR. I plan for all my websites to be fully compliant ahead of the May 25 deadline. I’m reviewing how personal data is used on each site and the compliance status of my email list service providers.

Since I’m not a lawyer and don’t play one on TV, I’m going to refer you to the best source for straight talk on GDPR. Amy Porterfield is on top of everything that affects online business and covers GDPR in this episode of her podcast. She goes into great detail of just what GDPR is and what it means for us all doing business online. Her guest is Bobby Klinck, entrepreneur and intellectual property lawyer.

Start with Amy’s podcast to get the skinny on GDPR in plain English and then dive deeper with Bobby’s free GDPR course.

So far, I see 3 key things to focus on:

• On all websites required documentation must show up in the right places. That’s terms & conditions, privacy policy and disclaimer.
• Segment email lists to know who is from the European Union, who is definitely not and who we don’t know where in the world they are located (in which case we have to assume they could be in the EU). For the first and last groups, we need to ensure that we have compliant email list signup info and if we don’t, they need to be removed from the list prior to May 25.
• Have procedures in place on email list signups to ensure full compliance with GDPR going forward.

There’s more to it than that, but this is a starting place. Ultimately, you need to review and understand how GDPR affects your particular website/email list/business and create a plan that is right for you.

GDPR is a big change, and it will take some effort to understand how each particular website or business is affected, but ultimately it is about protecting our customers’ privacy and we should all be fully behind that, no matter where that customer lives. Because our commitment to protecting our customers’ privacy helps build their trust in us.

So go check out Amy’s podcast GDPR For Entrepreneurs: What You Need to Know and take action now. You’ll be glad you did.