This article does not constitute legal advice. This article is for informational purposes only, and we strongly encourage you to seek independent legal counsel to understand how your business needs to comply with the GDPR. The new General European (EU) Data Protection Regulations, better known as GDPR, went into full effect on May 25th. What does this mean for everyone who collects other people’s information, especially online? This means that even if you are located outside of Europe, you need to make it blatantly clear that you are collecting information and what you intend to do with said information (storing it, protecting it, sharing, it, etc.).
The basic design of GDPR is to set new, clear standards on allowing EU citizens more control over the information they share with companies. It’s common sense that people want to know where their information is going and who has it. Don’t you wonder that same thing every time you fill out a form on various websites you visit? Regardless of what is being asked?
What Does GDPR Compliance Mean?
Information is a valuable commodity that can devastate the information provider if abused.
Think of all the data breaches we have been hearing more and more about and how annoyed and betrayed users feel when they discover that companies have waited months and even years before reporting the breach.
With GDPR in place not only do companies have to confirm that all personal information collected is protected, but also gathered legally and under the strictest conditions. Also, those entrusted to collect the information and manage it must ensure that while protecting it, they will not allow it to be misused or exploited and the information owners’ rights will be respected. If not, penalties will be issued to those who ignore these regulations.
Who Is GDPR Aiming For?
As a Solopreneur the last thing I wanted to deal with was fines from a foreign entity that might claim that I’m handling information management on my websites improperly. The good thing was that they seem to mainly be after large conglomerates like Facebook, Instagram, Google, etc. who make a living off collecting and sharing their users’ information.
That being said, this doesn’t mean that I or other Solopreneurs should ignore handling our smaller number of clients with any less severance or responsibility. Because we are not as large as Google or Facebook doesn’t mean that we get a pass for being slack and lazy with our users' and customers' information.
What Is Personal information?
Anything that can identify your users is considered personal information: names, photos, addresses, IP addresses, email addresses, biometric, GPS, and genetic information are all included. Think of your Fitbits, Apple watches, and Waze apps all collecting your information.
What Does This Mean For Solopreneurs?
The new GDPR law is another reason for Solopreneurs to be extra diligent in transparency and informing their website visitors of what they should expect. This includes your opt-in forms and promotional links you might be sharing with your visitors.
Just as you would expect large companies, like Facebook, to inform you of how they will use your information you have the same obligations to your users. Don't wait until you a security breach or get fined before you take action.
What Does GDPR Mean For My Users/Clients?
As stated earlier, because of so many data breaches that have occurred throughout the years it has become more important than ever that users understand and know what is happening with their information. The Dark Web has been privy to a large amount of user data in the past few years and this is alarming to many Internet users and leaving us vulnerable.
In an effort to do better in the business community, we are required to inform our users if and when their information has been hacked into and we at Bklyn Custom Designs are committed to doing so within 48 hours that we notice this issue on our websites. In addition to that, the appropriate national authorities are to be notified of the breach, according to the GDPR, so EU citizens can take the appropriate measures to prevent information abuse. – I put the same emphasis on U.S. citizens.
Through GDPR customers also get early access to their information, meaning users will be given details on how their information will be processed in clear laymen, non-technical and lawyer-speak. The consumer must understand everything you are telling them without needing an attorney to interpret.
We as Solopreneurs must make it easy for our users to modify the information they share with us, remove it completely, and review it. They also must be given an easy method of opting out of sharing their information. We cannot and should never have opt-in boxes automatically checked, unclear information on opt-in forms, or force our users to have to opt-out of services they never opted in for willingly.
This all means that our customers’ rights must take precedence as we work on building our businesses.
Transparency Is Back In the Forefront
As of May 25th, it will become the responsibility of all business owners, Solopreneurs included, to report certain information breaches to our uses and the appropriate authorities. We have to send Breach Notifications directly and promptly to those affected. No longer will it be acceptable to only notify the victims of an information breach through social media, press releases, or a simple posting on your company website(s). As part of the new responsibilities of a business owner, we all must now contact our users through one-on-one correspondences (email might be best).
When Should We Make Notifications After A Breach?
GDPR makes it clear that businesses have to report breaches to the relevant people within 72 hours of when we first become aware of the breach. If the breach is serious enough for the user and public notification, GDPR states users must be made responsible without ‘undue delay.'
I Heard There Were ‘Fines,' Is This True?
If you are not completely compliant by May 25th, fines will not be immediately charged to you or your company. Instead, you will receive warnings and there will be various steps taken to notify you of your non-compliance before fines become part of the conversation.
The GDPR Rundown: What's Next?
Now is the time to make sure your website is compliant with the GDPR laws or at least getting there. Your job is to provide simple, easy ways for your users to control their information on your website and servers. Here are some things you should have in place:
- Check and update your opt-in forms and lead generation landing pages and sales pages on (and off) your website.
- Be clear which forms or landing pages your visitors are opting to receive emails from you. If combined with offers, clarify your intent.
- Add checkboxes to your option forms if you want, but they just are clear of your intent and what your visitor should expect. Avoid adding too many and further confusing your users.
- Make your privacy policies, terms & conditions, and/or disclaimers all easy to find on your website. The links are normally placed in the footer or copyright lines of websites, but just make sure your users can find and understand them.
- Check to ensure that your emails all contain a link to unsubscribe and a link to modify a user’s subscription. The modification would be great especially if you intend to add your users to 10 different email lists at once or over time or have a variety of frequencies when sending out emails.
The sooner you get these updates are done (or have someone do them for you) the sooner you can refocus your energy on building & nurturing relationships for your brand.
Helping You Level Up to Build Your Website Today
Get your website in shape to handle traffic and represent you to help you build your authority without you breaking a sweat. Secure your spot today, so you're creating a website that is an asset and not a liability.