If the thousands of emails you have received prompting you to agree to new privacy terms wasn’t a tip-off, there’s a NEW global privacy initiative rolling out today. GDPR, or Global Data Protection Regulations, took affect on May 25th. It’s an attempt to protect the online data of individuals. Over the past couple of weeks, I’ve gotten lots of emails and phone calls in various states of panic. So I decided to give you a recap of what it is and how it affects your marketing efforts.
What Is GDPR? – The GDPR is an European Union policy regulation aimed at protecting the privacy of individuals. It’s goal is to of your website control of their personal data that you capture. Personal data can be anything from name, address, e-mail address, to credit card information and other data. The regulations require that any data captured must be done with affirmative consent and with a defined, specific purpose. Affirmative consent means the user opted in to your offer. A pre-checked tick box already populated with a “Yes” option does not meet the affirmative consent requirement. A specific, defined purpose means you clearly tell users how and where the data will be used. If you are using data for more than one purpose, each purpose must be outlined separately.
How Does This Affect U.S. Businesses? – Since we live in and operate in a global community, our websites are accessible to anyone in the world. If you’re an e-commerce business, you may have customers in the EU. If you’re building an e-mail list, you may have subscribers outside the US. While the overall impact of the GDPR will be on large businesses and social networks, ensuring your compliance will eliminate any potential risks to your business. In addition, as more and more users are becoming aware of privacy and data protection, showing that your site is attempting to protect their privacy will have a positive affect on your traffic.
Major Areas of Compliance for Small Businesses – There are several major areas that many small businesses are incorporating within their business websites. Following are some of the areas.
- Your Website – If you are using WordPress (which is the platform I recommend), the latest release of WP has added privacy and data control elements. They have a Privacy Policy generator that makes easy work of creating that policy. Another important addition is the ability to export and erase data of users. There are also some plugins that help make implementing the privacy within various application easier.
- Google Analytics – If you are using Google Analytics to monitor traffic or in conjunction with your Google Adwords, it’s important that you adjust your Google Adwords account so that the data collected is anonymous. That is one of the options in the GA and their site is already prompting you to accept the modified terms of compliance. Within WP, one of the more popular Analytics plugins is MonsterInsights which automates the compliance process for you.
- Email Marketing – One of the most common actions performed on your website is capturing emails for newsletters and ongoing, drip marketing. Floating signups, popups and other forms used to entice visitors to give up their email address. The bottom line is that users must be giving you explicit consent before adding them to your list. There are 2 methods you can use:
- Adding a checkbox that users have to click before opting in. (Make sure this checkbox isn’t pre-checked with a “Yes” option. )
- Use a double optin for your email list.
The question arises about collecting emails from other sources that you then add to your email list. Collecting business cards at a networking event, using a “Drop Your Card for a Free Gift, or even a signup form are not acceptable consent methods. To be safe and compliant, entering the email addresses in your email software with a optin form that sends an email that the individual must confirm before being added to your list.
- Ecommerce – If you’re selling anything on line through your website, there’s a good chance you are capturing some personal data. Credit card info is normally safe, as long as you’re using a 3rd party, like PayPal, Stripe or Authorize.net. All these store the credit card info off your site so they maintain the data security. If you happen to be using a system that does store credit cards, I strongly advise you to change systems. Not only is there privacy issues, but if credit card data is stolen from your site, you are liable for all those charge. Most carts store the customer data for remarketing purposes. Many of the carts are modifying their data storage options so check with your ecommerce software provider.
- Facebook Ads – Another concern is with Facebook ads custom audience feature. By uploading your email list, Facebook will create an audience you can use for advertising purposes. In accordance with the GDPR, this would be a violation unless you are giving them the option to opt-out of your advertising offers. The safest way around that would be to add another check box that says they give permission for their email to be used for advertising purposes. That doesn’t sound like an appealing option. You definitely want to spell that out in your privacy policy. Facebook also will create a look-alike list from your custom audience. Since Facebook is the manager of that data, those email addresses should be exempt from the privacy rules.
If you are 100% sure you will not be appealing to users in the EU, then you can ignore these regulations, at least for now. However, by complying with the GDPR standards, you will gain an advantage with your customers/clients, both in the US and overseas, by letting them know you’re committed to their data privacy. (If you have questions about the legal ramifications of Cyber Security, attorney Kathy WInger – www.kdwinger.com specializes in cyber security for businesses.)
That’s the GDPR in a nutshell. For the most part, GDPR will have little or no impact to small businesses in the US. It will be interesting to see if our government follows suit with comparable legislation in the future, now that Pandora has been let out of the box.
Gary Wagnon is the owner of 800biz Ninja Marketing and the creator of the Ninja Marketing Dojo, both of which focus on helping businesses improve their search engine ranking, increase their brand awareness and convert more browsers to buyers.