What you need to know about GDPR Data Protection Policy?

by | Blogging

GDPR.

What more is there to say? It’s everywhere.

We can’t ignore it. To risky.

So it’s time to put on the big girl panties and make this happen!

Here’s your guide to what you NEED to know about GDPR Data Protection Privacy

I need to state that I’m NOT a lawyer. Please be sure to have your legal team look over any changes you make on your site.  

We use affiliate links for your convenience. Please review our disclosure policy for full information.

It’s been a HOT TOPIC for everyone that works online. I’m sure you’ve heard about it and shaking your head with all the craziness.

I know I am.

I don’t always reach out, but this is something that just can’t be missed or forgotten. And I would feel terrible if you missed this important deadline and I didn’t take the opportunity to reach out and inform!

I have done a good bit research on this topic to be sure I’m ready to help clients and others who have questions. I’m here to give you some info, but I want to be sure you take the time to adjust your processes if needed to be sure you are GDPR compliant.

Let’s jump in and I’ll try to be as concise as possible so you get the info you need and start to make a change to be complaint.

First thing to know, IF you are processing anything with personal data (name and email included), you’ll need to be sure you’re being GDPR compliant.

So if you are collecting emails and names or IP address you’re going to need to pay attention. If you are tagging in your email system you’re going to need to pay attention. If you are using Google Analytics, you’re going to need to pay attention.

Is that you? Yep, me too!

The second thing you need to know is that if you are interacting or selling to ANYONE in the EU, then you need to make some adjustments to your site and email sequences.

Even if you are working with Non-EU subscribers who are traveling in or working in the EU, then you need to comply. It just seems too risky for our businesses to not make these adjustments.

What’s included?

  • Freebies or lead magnets are included
  • Products
  • Courses
  • Trainings
From what I have seen, you can say that you’re not going to work with anyone in the EU, but, again, it just seems too risky. (And personally, I’m assuming there will be some US laws going into effect in the future that cover this same kind of requirement.)

What you need to know!

In my research, I found this list of principles that will help you know the law and be sure you make the changes needed before the May 25th deadline.

The 6 principles (more info on these here):

#1: Data shall be processed “lawfully, fairly, and in a transparent manner.”
You MUST tell your viewers why you are collecting the data.
#2: Data shall be “collected for specified, explicit and legitimate purposes.”
You have to have a legit reason for collecting data and explain how you are using it.
#3: Data processing shall be “limited to what is necessary” for the purpose.
You can only collect the minimum information needed, like an email address and name. Then you can only use that information for what it’s intended to be used.
#4: Data shall be accurate, kept up to date, and corrected.
This is more for the Google and Facebooks of the world.
#5: Data shall be kept so it identifies a person “no longer than is necessary.”
You are not allowed to keep data on someone for no reason (so clean up those bounced or unengaged subscribers!)
#6: Data shall be “processed in a manner that ensures appropriate security.”
Be sure you are using a SSL certificate and storing the data on a password protected site.

So, you might have to make some changes!

Third thing to know, is that you are going to have to be given consent to add subscribers to your automations or sequences. You’ll no longer be allowed to automatically push subscribers to your welcome series after they grab a freebie.

It’s a good idea to segment your list into those who are in the EU and not in the EU. You can check with your email provider to see what they have created as a feature to help you segment your list. A lot of them have already.

Here are a couple links for popular autoresponders letting you know what they are doing to help:

IF you are not sure, just act like those people ARE in the EU. It’s the safe bet.

Of course, you won’t get 100% compliance from all EU people, so prepare yourself that you’ll be losing some of your contacts.

GDPR also applies to those who are ALREADY on your list. So be sure to make a plan to ask your current list if they WANT to stay.

How are you going to get those who WANT to to stay on your list?

It’s a good idea to create a brand new nurture sequence to engage with your subscribers.

During that sequence, you can also ask for their specific consent to stay on your list with tags indicating how much of your list is in the EU. AND be straightforward that you’ll need to delete your subscribers IF they don’t indicate they want to stay.

One more important point, deleting or segmenting your list AFTER May 25th is considered processing, so you need to make these adjustments before the deadline.

What if I have a checkbox on my pop up asking them if they would like to be added to my email list?

First, you can’t have a defaulted checkbox the viewers have to un-click.

AND you can’t force your viewers to join. You have to send the freebie opt-in EVEN IF someone chooses to NOT be on your email list.

Don’t forget your privacy policy.

I wasn’t sure where to start with a good, legal privacy policy, so I reached out to Bobby of Your Online Genius. What a relief to have that taken care of. Grab your copy here.

Privacy policy also needs to be updated. When you are collecting data, you have to update your privacy policy which includes.

  • Give contact information for everyone in your company.
  • What info are you collecting and WHY! This includes Google Analytics.
  • Also tell them what you are doing with the data. If you are going to share this info with anyone else. This includes Zapier or other 3rd party services.
  • Rights need to be listed too. There are several things you have to add.

Here’s the list of what now needs to be on your privacy policy that might not be there.

  • Business Name and Contact Details
  • Types of Personal Data You Collect
  • Why You Collect Personal Data
  • How the Data is Used
  • How You Share Data with Third Parties
  • How to Opt Out of Data Collection

If you want to read more, check out this article. AND check your email footer!

Worried about it all? I created a editable checklist to make sure you don’t miss a thing!

Your emails need to have a link to your privacy policy in your email footer as well. This should be an easy fix, but something that needs to be a standard for your emails.

WOW! This is deep, but it’s time to step up and be sure your business is covered.

PLEASE let me know if you need help looking over the system you are currently using. I’m happy to set up a phone call and be sure you know all the steps needed to be GDPR complaint. Just click reply to set up an appointment.

What’s your biggest worry about GDPR?

Submit a Comment

Your email address will not be published. Required fields are marked *