So are you as tired as I am at getting all those updated Terms of Use and Privacy Policies emails to clutter up your inbox? Well, it’s all related to the GDPR. Which stands for General Data Protection Regulation. You may be up to speed by now, but in case you’re not, I wanted to give you a quick overview and remind you that you have until May 25th (That’s Friday) to get compliant.

So what is GDPR anyway?

GDPR is a new regulation out of Europe that applies to anyone who markets to EU (European Union) Data Subjects. In plain English, this means if your site collects names and emails, surveys, quizzes, even information collected via Google Analytics, etc. (AKA personal information) from people it pertains to you.

Do I have to comply?

You do if you fit into any of these four categories:

1. Marketing in an EU-based language
2. Marketing using domains that end in EU-based abbreviations (e.g., domain.es for Spain, domain.uk for the UK)
3. Marketing that targets the users of an EU-country (this includes the UK)
4. Accepting payment in Euros

So what do I need to do?

(I’m not an attorney so I borrowed this language from one)

There are seven main steps you need to take to get compliant by the deadline.

1. Include Terms & Conditions and a Privacy Policy. You need a Terms & Conditions + Privacy Policy that for all your basic compliance, legal and contact information. This is a good idea even if the GDPR doesn’t apply to you, because it informs users what they can and cannot do on your site, what information you can collect and what you will do with their information. It’s also a helpful place to house any refund or payment information if you sell products or sell services directly through your website. If you don’t want to DIY, you can get an easy-to-fill blanks template* to copy and pasted into a new page on your website.
2. Obtain consent. Your existing Privacy Policy is no longer enough when it comes to informing visitors about what you do with their information. The big change with the GDPR is the mandatory and affirmative consent you must obtain at the point of opt-in (on your form). Once the GDPR goes into effect on Friday, there must be some kind of statement as to what information is collected and what the marketer (aka, you) will do with that info as well as some kind of consent via a checkbox or dropdown menu stating as much.
3. Prepare to provide data. The final crucial feature of the GDPR, and difference from what exists now is the ability of the “data subject” to request their data back at any time. Site users will be able to not only request to be unsubscribed, but they can also request their customer records and other marketing information that has been compiled on them. Think of it like your permanent, and now, people on your email list can request these permanent records back or delete entirely. Remember this is for European subjects only at this time.
4. Let your subscribers know how long you will keep their data. You should not be storing data on your clients forever if there is no reason to do so.
5. Secure the data you are collecting. If you haven’t done so already, get an SSL for your website. You should be able to get one from your hosting company. Make sure you are taking measures to secure any data you store using password protection.
6. Make sure everyone on your list gave explicit consent to be added. If they haven’t then they must be deleted before May 25th.
7. Segment your list and put customers or clients inside the EU on a separate list. Non-EU clients can be stored on a separate list to avoid any confusion about who this affects.

*Denotes that I am an affiliate of The Contract Shop.

What if I don’t comply?

Well, the fines are stiff but they won’t likely enforce them on small businesses like yours or mine. Where you might feel it is from companies like your service providers; Mailchimp, ConvertKit, AWeber, etc. as they work to get all of their users compliant who use their platforms. They could kick you off their platforms if you fail to become compliant.

So that’s all I got for ya. I know it’s a bit of a pain, but in a few days it will all be behind us and we can move onto more pressing matters like where to go for summer vacation.