This article does not constitute legal advice. This article is for informational purposes only, and we strongly encourage you to seek independent legal counsel to understand how your business needs to comply with the GDPR.
The new General European (EU) Data Protection Regulations, better known as GDPR, goes into full effect May 25th. What does this mean to everyone who collects other people’s information, especially online? This means that even if you are located outside of Europe you need to make it blatantly clear that you are collecting information and what you intend to do with said information (storing it, protecting it, sharing, it, etc.).
The basic design of GDPR is to set new, clear standards on allowing EU citizens more control over the information they share with companies.
It’s common sense that people want to know where their information is going and who has it. Don’t you wonder that same thing every time you fill out a form on various websites you visit? Regardless of what is being asked?
What does GDPR compliance mean?
Information is a valuable commodity that can devastate the information provider if abused.
Think of all the data breaches we have been hearing more and more about and how annoyed and betrayed users feel when they discover that companies have waited months and even years before reporting the breach.
With GDPR in place not only do companies have to confirm that all personal information collected is protected, but also gathered legally and under the strictest conditions. Also those entrusted to collect the information and manage it must ensure that while protecting it, they will not allow it to be misused or exploited and the information owners’ rights will be respected. If not, penalties will be issued to those who ignore these regulations.
Who is GDPR aiming for?
As a Solopreneur the last thing I wanted to deal with was fines from a foreign entity that might claim that I’m handling information management on my websites improperly. The good thing was that they seem to mainly be after large conglomerates like Facebook, Instagram, Google, etc. who make a living off collecting and sharing their users’ information.
That being said, this doesn’t not mean that myself or other Solopreneurs should ignore handling our smaller amount of clients with any less severance or responsibility. Because we are not as large as Google or Facebook doesn’t mean that we get a pass for being slack and lazy with our users and customers information.
What is personal information?
Anything that can identify your users is considered personal information: names, photos, addresses, IP addresses, email addresses, biometric, GPS, and genetic information are all included. Think of your Fitbits, Apple watches, and Waze apps all collecting your information.
What Does This Mean For Solopreneurs?
GDPR is meant to help simplify things across the continent of the EU and create a single set of rules on how to do business with EU citizens. This means that the law extends the reach of Europe and all countries that work with EU citizens should operate under the same rules. This means by having a website you automatically are expected to comply.
I have seen many business owners come up with reasons why they shouldn’t have to comply with the GDPR with claims that include: “they created their businesses for Americans,” “they are an American local company,” “they don’t intend to sell overseas,” “they are American made,” etc. they fail to realize that unless you block foreign IPs you are still part of the World Wide Web (WWW). Anyone can find your website and visit it and any tools you have on there to track visitors makes you liable for data collection.
Another thing to note is that companies are being encouraged to implement a new way of masking our users using ‘pseudonymization’ or ‘anonymization’ techniques and other such methods so we can benefit from the information we collect while allowing our users to remain as anonymous as possible to protect their privacy.
Not everything we do on the Internet requires our fingerprints and DNA to be revealed, let’s just keep it real.
What Does GDPR Mean For My Users/Customers?
As stated earlier, because of so many data breaches that have occurred throughout the years it has become more important than ever that users understand and know what is happening with their information. The Dark Web has been privy to a large amount of user data in the past few years and this is alarming to many Internet users and leaving us vulnerable.
In an effort to do better in the business community, we are being required to informing our users if and when their information has been hacked into and we at Bklyn Custom Designs are committing to do so within 48 hours that we notice this issue on our websites. In addition to that, the appropriate national authorities are to be notified of the breach according the to GDPR so EU citizens can take the appropriate measures to prevent information abuse – I put the same emphasis for U.S. citizens.
Through GDPR customers also get early access to their information, meaning users will be given details on how their information will be processed in clear laymen, non-technical and lawyer speak. The consumer must understand everything you are telling them without needing an attorney to interpret.
We as Solopreneurs must make it easy for our users to modify the information they share with us, remove it completely, and review it. They also must be given an easy method of opting out of sharing their information. We cannot and should never have opt-in boxes automatically checked, unclear information on opt-in forms, or force our used to have to opt-out of services they never opted in for willingly.
This all means that our customers’ rights must take precedence as we work on building our businesses.
Transparency Is Back At The Forefront
As of May 25th, it will become the responsibility of all business owners, Solopreneurs included, to report certain information breaches to our uses and the appropriate authorities. We have to send Breach Notifications directly and promptly to those affected. No longer will it be acceptable to only notify the victims of an information breach through social media, press releases, or a simple posting on your company website(s). As part of the new responsibilities of a business owner, we all must now contact our users through one-on-one correspondences (email might be best).
How Much Time Do We Have To Make Notifications Regarding A Breach?
GDPR makes it clear that businesses have to report breaches to the relevant people within 72 hours of when we first become aware of the breach. If the breach is serious enough for user and public notification, GDPR states that that users must be made responsible without ‘undue delay.’
I Heard There Were ‘Fines,’ Is This True?
If you are not completely compliant by May 25th, fines will not be immediately charged to you or your company. Instead, you will receive warnings and there will be various steps taken to notify you of your non-compliance before fines become part of the conversation.
The GDPR Rundown: What Next?
Now is the time to make sure your website is compliant to the new GDPR laws or at least getting there. Your job is to provide simple, easy ways for your users to control their information on your website and servers. Here are some things you should have in place:
- Check and update your opt-in forms and lead generation landing pages and sales pages on (and off) your website.
- Be clear which forms or landing pages your visitors are opting to receive emails from you. If combined with offers, clarity your intent.
- Add check boxes to your option forms if you want, but they just be clear of your intent and what your visitor should expect. Avoid adding too many and further confusing your users.
- Make your privacy policies, terms & conditions, and/or disclaimers all easy to find on your website. The links are normally placed in the footer or copyright lines of websites, but just make sure your users can find and understand them.
- Check to ensure that your emails all contain a link to unsubscribe and a link to modify a user’s subscription. The modification would be great especially if you intend to add your users to 10 different email lists at once or over time or have a variety of frequencies when sending out emails.
The sooner you get these updates done (or have someone do them for you) the sooner you can refocus you energy on building & nurturing relationships for your brand.