While GDPR isn’t new, many small businesses hit the internet without knowing or understanding how it can impact you. Think about how much you use the internet for personal things.
Things like banking, credit applications, booking medical appointments and buying items. It’s things that we wouldn’t usually tell a person, yet we enter into the internet.
Most companies will collect this information and use it to explain that it would help you continue applications or make the shopping experience faster in the future. GDPR was the answer to the question – of how, why, and where businesses can store and use the data.
Over half of businesses know either nothing or very little about GDPR, so not only should you have a company to take care of this for you, but you also offer GDPR training for employees.
#1: What does GDPR mean?
It stands for General Data Protection Regulations and is a set of rules in place for the EU and EEA citizens and how their data is stored and used. It applies to companies globally that may sell products or offer services to the people within the EU.
They are giving people more control over their information. The person is the person, regardless of whether personal information about them is in their private, public, or professional capacities.
Here is what GDPR means for people:
- The right to be notified when there is a data breach – within 72 hours.
- The right to object to how the data is used in marketing.
- The right to restrict processing means the data can stay in place and not be used.
- The right to have the information corrected so all the data can be rectified and updated.
- The right to be informed what their data will be used for and how much is gathered is in the form of an explicit opt-in.
- Finally, the right to data portability means users can transfer their information between providers.
- The right to be forgotten, meaning that customers can withdraw their consent
- The right to access so that people can request their personal information and how it is used.
#2: What does GDPR mean for my business?
The idea that people have more control over their information means that you must comply with the rules.
What items are under GDPR compliance?
- Whether data processing occurs in the EU or not, GDPR applies to all companies and organizations with offices in the EU.
- The GDPR will apply to established entities outside of the EU as well. For example, GDPR applies to your company if it provides goods and services to EU citizens.
You must have an officer who takes care of GDPR compliance, and often it is beneficial to discuss it with an outside company. The penalties for not complying with GDPR are high, up to 20 million Euros or 4% of AGR – the greater of the two.
Two major companies have been issued GDPR fines, including British Airways, which saw a 200 million euro fine.
Engaging with customers
This meant that companies assumed constant and could use data however they wanted. Most often, there would be policies in the fine print, but most businesses know that people don’t usually read the fine print.
When collecting data, you will need an explicit opt-in and all of the implications in plain sight. This is to be able to prove, should you need to, that customers have agreed to the actions. You can’t expect a website disclaim or an opt-out option enough.
Marketing activities and sales prospects need to be handled differently. As well as having a double opt-in to be a complaint. An active tick box, where users can explicitly consent, is best.
For companies that purchase marketing lists, you will need to ensure you get permission from the people on the list.
#3: How can you prepare for GDPR compliance as a new business?
GDPR considers privacy first and ensures that all departments within a company are taking the same steps. You should consider what data you want to collect, how you will use it, and why.
Here are a couple of steps to take:
- Please note all the data within your company, where you will hold the data, the risks, and who can access it.
- What data do you need to keep?
- What security measures will you put in place to protect the data?
- Have drafts of the letter you will send, should you need to, in the case of a data breach
- Ensure all documentation meets GDPR requirements.
- What are the procedures for handling the data?
With so many small businesses, blogs, and people creating content online, it is essential to ensure that you have GDPR and other best practices. GDPR will play a key role in growing your audience.
If you intend to send newsletters or great other groups, follow the guidelines as best you can. If you’ve decided to ensure that your next year or more of your online business or blog grows well, here are a couple more tips to help: 7 Easy Ways To Make Your Blogs Infinitely More Engaging.