Should You Be Getting Ready For GDPR?
Have you seen the movie “Dunkirk?” Starting on May 26, 1940 and continuing for eight days, 338,226 troops from France, Britain and Belgium were evacuated across the channel to England. It was a dramatic, heroic, miraculous escape and rescue, facilitated by not just military vessels, but also hundreds and hundreds of civilian boats and ferries.
Trapped by the advancing German army (shaded in pink above), these troops raced to the nearest port - Dunkirk - and began to evacuate France as General Viscount Gort, Commander of the British forces, saw no hope for repelling three panzer corps. Why was there no hope? Because they never anticipated this would happen.
The French had invested over 3 billion French francs, and nine years, constructing a series of fortifications along the German border, intended to stop, slow, repel and redirect any invasion from the Nazis.
While a decoy army sat across from the wall further south, German forces raced through the Ardenne forrest and difficult terrain in Belgium and passed easily through the northern, weaker, areas of the “wall.” This wall, which completely failed to deter a German invasion, is referred to as the Maginot Line after the French Minister of War André Maginot. The term Maginot Line has since become a metaphor for expensive efforts that offer a false sense of security.
Are the new privacy regulations out of the European Union similarly misleading? Will these EU laws really have an impact globally? And of more immediate concern, do you, as a business owner, really need to adhere to these new rules?
In short, yes.
This article is going to explore some of ways and reasons why, with a more detailed look at everything GDPR here. Then on Thursday, MAY 24 at 5pm ET, you’ll have an opportunity to tune in as Stephanie Liu and I talk about what we’re really supposed to do with and about GDPR.
GDPR: What is it and how does it affect my small business?
Listen, the deadline for GDPR compliance is coming up fast. Are you ready? Or have you been hoping to avoid the whole thing as much as "Yanny or Laurel?" (it's obviously Laurel). Well, sadly, #GDPR isn't going away, and there are steps you absolutely have to take to be compliant and avoid potentially devastating fines and unhappy customers. The good news is, we've got you covered! Today Mike Allton from The Social Media Hat and I are wading into the deep waters and sharing everything we know about GDPR and what it means to you, particularly for marketers and online businesses. IN THIS EPISODE YOU'LL LEARN: ▸ How Email Marketing and Subscriber Management is Changing ▸ How to Collect Emails And Still Be Compliant ▸ Tips to Re-Engage Existing EU Subscribers ▸ What Needs to Change On Your Website ▸ What Businesses With Employees Should Be Thinking About ▸ And more! RESOURCES: ▸ GDPR - What You Need to Know For May 25th: http://bit.ly/2GLcZyR ▸ Get your employeees trained on how to handle customer data: https://privacyskills.com ▸ Join the Social Media Strategist FB Group: https://facebook.com/groups/smstrategist UPCOMING EVENTS: ▸ 6/29: Social Media Day San Diego 2018: https://socialmediadaysandiego.com/ (Promo: HeyStephanie20) MUSIC: ▸ No Worries featuring Dyalla by Joakim KarudPosted by Stephanie Liu on Thursday, May 24, 2018
WHAT IS GDPR?
GDPR stands for General Data Protection Regulation and it is a set of laws passed by the European Union (EU). Unlike traditional laws which only apply to people within a particular country, this regulation is designed to protect the data and privacy of EU citizens, from the rest of the world.
Which means any company that does business with, in, or for people who live in any country in Europe must be aware of the regulation stipulations and comply, or risk being assessed tremendous fines.
“Does business with” may be too broad a definition though, so let’s hone that down further to: “collects personal information from, including names and email addresses.” Which means that even if you aren’t selling products, but you are allowing site visitors to subscribe or have an offer emailed to them, you’re collecting personal data, and the GDPR applies to you.
What’s confounding some businesses is the realization that the regulations cover not just how data is collected and used, but how it’s stored as well. This means that any business that uses one or more of their own servers to store customer or subscriber data must now take that server’s environment into consideration. Who has access to the server, and therefore access to the data? What is the possibility for an error on the part of an employee which might accidentally expose that data?
Training employees to create a “Human Firewall” is something that every large business needs to consider, according to training firm Privacy Awareness Academy. That means teaching them how to handle personal data, as well as how to keep the technology surrounding that data secure.
And while it might seem that local businesses outside of the EU who only serve their local geographic region have nothing to worry about, that may not necessarily be true. Is it possible for a citizen of the EU to be visiting your location, happen upon your business, and leave you with personally identifying information? The truth is, very few businesses have the option to ignore GDPR stipulations, but...
WHAT IF I IGNORE THE GDPR ANYWAYS?
Do you have a spare 20 million euros laying around? That’s the maximum fine that can be imposed for being found in violation of the GDPR.
There are fines, sometimes massive fines, which are tiered depending on the egregiousness of the issue. The maximum fine is 4% of annual global turnover… that’s total sales revenue, not just net profit… or 20 million euros, whichever is GREATER.
These fines can be applied both for failure to comply, as well as to breaches of data or consumer trust. A failure to properly disclose and handle a severe data breach will be treated more harshly than, say, failing to obtain explicit permission to send an email newsletter. But all it might take is a single complaint on the part of an EU citizen to one of the reporting agencies to initiate an investigation into your business and data collection practices.
Completely ignoring GDPR stipulations, ultimately, is a terrible idea. Even if you believe that you’re too small or too remote to be impacted or of interest, the fact is, GDPR is just the beginning. Anyone who thinks that the United States is indifferent to data privacy issues need only watch Mark Zuckerberg’s interview before Congress. While the U.S. Congressional body may be woefully behind in terms of their understanding and appreciation of these issues, legislation is only a matter of time.
WHAT DOES THE GDPR REQUIRE?
First, you’re likely going to have to change how you’re collecting email addresses, as well as communicate with a portion of your existing list. You see, by May 25th, any time an EU citizen signs up for something from you, you have to expressly tell them how their information will be used, and they have to expressly provide permission for that use. You cannot, for instance, offer to send them an eBook and then begin emailing them newsletters unless they specifically checked a box that permitted sending of newsletters.
What’s worse, it’s retroactive, which means every EU citizen that you have in your subscriber list needs to have granted you permission to email them by the 25th. We’ll talk about this a lot during the Facebook Live on Thursday, May 24th at 5pm ET.
Third, you will need to ensure that if you are storing personal data yourself, that storage is GDPR compliant. Otherwise, you will need to review every data processing service you are using and make sure they are GDPR compliant, and that you’ve agree to their new terms of service.
I HAVE MORE QUESTIONS. WHAT DO I DO NEXT ABOUT GDPR?
First, head over to Facebook and RSVP to Thursday’s free Facebook Live event with Stephanie Liu of Lights, Camera, Live and myself. We’re going to review some of the finer points and details of GDPR implementation, and will be taking general questions.
Second, take a look at "GDPR - What You Need To Know For May 25". Anne Popolizio has put together an amazingly thorough resource on GDPR for your reference. Between that and the Live Q&A, most of your questions will be addressed.
Click here to subscribe to updates and get that link!
We’ll be sharing additional resources and service providers during Thursday’s live broadcast, so be sure to tune in to that! It will be simulcast to Stephanie Liu and The Social Media Hat Facebook Pages.
DISCLOSURE: Many of the links in the article above, and throughout this site, are affiliate links. While there's no additional cost to you, any purchases made via those links may earn me a commission. Rest assured, only products and services which have been rigorously tried and tested are reviewed, and those reviews are always thorough and honest. If you benefited from my review and have a genuine interest in the linked product, your use of the affiliate link is appreciated and allows me to continue writing these kinds of helpful articles. Current examples include Agorapulse, Tailwind, Wishpond or SEMrush. Please also note that I am employed by SiteSell as their Chief Marketing Officer and am fully authorized to share product and company information from extensive personal experience.
By Mike Allton, Content Marketing Practitioner
Mike is a Content Marketing Practitioner - a title he invented to represent his holistic approach to content marketing that leverages blogging, social media, email marketing and SEO to drive traffic, generate leads, and convert those leads into sales. He is an award-winning Blogger, Speaker, and Author at The Social Media Hat, and Brand Evangelist at Agorapulse (formerly CMO at SiteSell).
As Brand Evangelist, Mike works directly with other social media educators, influencers, agencies and brands to explore and develop profitable relationships with Agorapulse.Follow @Mike_Allton