This legal stuff is pretty boring, so I'm going to make this as simple as I can so you don't fall asleep on me!
I've gotten a lot of questions about who needs to be compliant, and while I don't have all the answers (I'm certainly not an attorney, so I'm not giving you legal advice here), I do have some helpful info, suggestions, and resources to share with you that will help you figure it out.
On that note, here are 5 things you need to know about the General Data Protection Regulation that went into effect on May 25, 2018.
5 things you should know about GDPR + tips to become compliant
1. WHO DOES IT EFFECT?
If you collect information on people that live in or are visiting the European Union, then this new law probably effects you or your business.
You or your website may be collecting this information without even realizing it. You can figure this out by looking at your analytics (for your website or shop, your marketing apps or software, etc.).
To start, look for which countries your viewers are coming from, or sort your customers by address and see if any of those people live in or visited your site from another country.
Squarespace makes this super easy! You can take a look while logged into your account, by going to the Home menu, click Analytics < Geography. Scroll down past the map, and look at the listed countries below.
For example, I live in the U.S., but I do have some people on my email list who live in the EU, and some have purchased from my shop who live in neighboring countries.
Since I want to continue to expand my reach, grow my audience & be able to work with people both in & outside of the U.S., I decided it was absolutely necessary for me to become compliant.
Not to mention, I appreciate the new regulations for data protection and would want to be protected on sites & shops I visit, especially when I'm giving them information (knowingly or unknowingly). Since I want those features myself, I'm inclined to provide that same experience for people that know/like/trust me too.
After all, my intention here has always been to help you and grow a community of people like you, who are looking to me for help, whether with design, motivation, or information. So I'm not trying to hide how I do things, or keep you out of the loop. Having your trust is a big deal to me; it's something I both value and appreciate!
2. WHAT KIND OF INFORMATION COLLECTION ARE WE TALKING ABOUT?
This includes (but is not limited to) information collection via:
- cookies that web browsers collect on viewers of your site, in order to provide a better viewing experience & faster load times for re-visits;
- Google Analytics (& other analytics-data-collectors like it);
- Facebook pixel information collection;
- other companies that collect info for marketing purposes (AddThis, SumoMe, HotJar, Dubsado, MailerLite, ConvertKit, MailChimp, ConstantContact, Zapier, etc.);
- anything someone submits in a form on your website (including info submitted during checkout, account creation, or even a plain contact or sign-up form);
- and more.
3. WHAT ARE THE PENALTIES FOR NONCOMPLIANCE?
There are fines associated with noncompliance that can be steep, and there are real people (Data Protection Officers) who will be looking for noncompliant companies.
For more information on fines and penalties for GDPR infringement, you can take a look here.
4. BUT IF THIS DOESN'T EFFECT ME RIGHT NOW, SHOULD I STILL MAKE AN EFFORT TO COMPLY?
The short answer is yes. I think it's a good idea to comply even if you aren't required to. While it might not be required for you right now, it could be sooner than you may expect. Why?
With so much of our information floating around the internet in waves these days, it's only a matter of time before more countries/regions/governments will develop their own version of the European Union's GDPR.
If you make an effort to do it now, it'll be less stress on you down the road, when you're inevitably required to follow similar rules & regulations regarding data collection, enforced by officials in your area of the world. You'll be less stressed with most of this stuff already in place.
Your viewers/fans/customers will likely also appreciate the transparency and the added ability to control what information of theirs you're using.
5. OK, HOW CAN I BECOME COMPLIANT?
This is where my friend Christina Scalera at The Contract Shop* comes in. She has easy to edit, attorney approved templates ready to go, and if you get one during her Semi-Annual Sale you'll snag them at 40% OFF (May 23-28, 2018).
If you want a little more information than that, you can purchase her GDPReady course*, which walks you through the basics of what you need to become compliant. She breaks everything down into bite size information you can handle, making the process less daunting, plus the course includes the contract templates, canned emails, and snippets of legal language you'll need in order to become compliant!
There's also some great information from Hogan Injury's blog post here.