GDPR?! What the Heck is It and What Does It Mean?!

Alrighty lets start out with the basics. It stands for “General Data Protection Regulation” and the GDPR comes into effect on May 25, 2018. That said, many of us online entrepreneurs need to be ready for it and what it may mean for our business. First of all, don’t freak out! This isn’t going to be too complicated. The goal of the European Union when implementing this regulation was to give control of personal data back to consumers. I mean, we all want to be in control of our personal data, right?!?! And, with all the data breaches lately around the world, this is honestly a really good law. But, please know that while this is obviously geared toward companies within the EU, it may have implications on US companies. Here’s who it pertains to:

• Any company with presence in an EU country.
• No presence in the EU, but your company processes personal data of EU residents. (Thus, if you sell to EU residents or market to EU residents, you’ve got to comply!)

Okay, so, basically that means all companies that advertise to an EU country’s residents and may have an EU person’s data. But, how do you conform if you’re just a solo entrepreneur?! Whelp, its pretty easy! The basic premise is that you will not be able to use vague or confusing statements to get others to agree to give you their personal data (names, email addresses, phone numbers, etc). However, you’re probably already doing this, so don’t fret! I doubt you’re being super sneaky to get people’s data. Thus, just to be sure, I suggest following these steps to comply:

1. For your Opt-ins:
   1. Have a very clear “consent” clause that indicates that the individual agrees to give you their data. (I.E. “You are opting in to receive communications from The Legal Paige. Do you consent to the collection of your name and email for these communications?”)
   2. Indicate that you WILL NOT share their data with any outside third-party without their consent
   3. Make it easy for them to withdraw their personal data or unsubscribe
   4. Indicate that “For children under 16, a person holding ‘parental responsibility’ must agree to data collection on their behalf.”
2. Put all this in a “GDPR” website privacy policy (At the bottom of your website! Or on your privacy policy page!)
3. Have an EU cookie permission up for EU residents that allows them to “accept”! (You can do this just for EU customers!)

Also, most everyone is freaking out because they’re worried about what will happen if they don’t comply. Well, don’t freak out, PLEASE! Because you’re a little fish in a big sea. The controllers of GDPR will likely go after the big companies like Google, Yahoo, Facebook, etc. first if they don’t comply. But, because you know about it, you SHOULD comply. I mean, you’ve read this blog post, so now you’re not ignorant to the GDPR. ;) Hence, just try your best to follow the steps I indicated above. The GDPR controllers say that you could be fined up to 20 million Euro. But, the chances of you getting fined that much are seriously slim-to-none. I would guess that if you’re not complying, you may get kicked out of your account. Which would SUCK! So, comply friends.