Are you based in the US or Canada? Are you wondering what’s up with all this buzz about GD… what? I’m a solopreneur miles away from Europe. Do I need to know about this? Is it going to effect me?
Yes, as non-EU (European Union) online entrepreneurs, we are all in the same predicament, or scramble to become GDPR compliant.
How does the GDPR (General Data Protection Regulation) affect you as a solopreneur or small business located outside of Europe?
These personal data privacy laws are for the protection of the people of the 28 European states belonging to the European Union, like France, Germany, Belgium, Italy, Greece, to name a few.
But being online has no borders. From San Francisco to Singapore, Scottsdale, AZ, to Shaka’s Rock, ZA, we are all going to be affected in a major way, hopefully for the better (when we’ve got our ducks on row).
There’s panic in private Facebook groups. There’s a lot of muttering. The ship is setting sail for new unchartered waters. How is this going to play out? It’s time to jump aboard as we all figure out… the big question…
What do we need to do to be compliant?
GDPR applies to every aspect and process point of personal data, from collection to deletion, that you have for anyone situated in the EU.
What are the European regulations defining as “personal data”?
If the data you have can identity a person, that’s considered personal. From names, email addresses, postal addresses to IP addresses, locations, financial information and more.
The non-compliance fines are severe: for serious breaches they could be up to 4% of a company’s annual global turnover or €20 million, whichever is greater.
The regulation’s main objectives are to protect EU residents from privacy and personal data breaches, reinforce the rights of its citizens to control and protect their personal data and bring conformity to the data privacy laws of all the member states of the EU.
It’s reported that when Great Britain leaves the EU, it too will enforce similar privacy protections for its citizens.
Will non-EU businesses be compliant by May 25?
GDPR comes into effect on May 25, 2018, yet the consensus is that very few large and small non-EU businesses will be compliant by this date.
WordPress is only scheduled to officially release its first attempt at user privacy tools on May 17, 2018, in WordPress 4.9.6.
This has a knock-on affect as other service providers have only been able to test their themes and plugins since May 11 when the beta version was released by WordPress.
Savvy theme and plugin developers have planned to integrate with WordPress’ privacy tools so all users’ personal data is found in one place.
So end users, like us online entrepreneurs, are further down the chain reaction of implementing our compliance.
However, there’s a multitude of information and guidance that’s freely available to study in the meantime.
GPDR compliance is going to be an ongoing process as the Wild West days online are over, thank goodness.
Key Principles of GDPR personal data processing:
- The data is sourced and processed “lawfully, fairly, and in a transparent manner.”
- The information is “collected for specified, explicit and legitimate purposes.”
- The data is used only for the purpose it was given to you.
- The amount of data requested is restrained so sufficient for the purpose.
- The info is kept accurate and up-dated.
- Kept safe and secure.
- Is kept no longer than necessary.
- When requested, a person will be given a copy of their personal data.
Does GDPR apply to EU subscribers on your current mailing list/s?
Yes, you need to get your GDPR compliant consent before May 25. Anyone located in the EU who doesn’t give you this consent before May 24 needs to be deleted from your list.
List building for your EU prospects after May 25
You cannot automatically add opt-ins to your free lead generation to any other segment of your mailing list. You need to ask again for your EU subscriber’s consent so it’s very clear he or she is being added to another segment or mailing list.
The next update of WordPress 4.9.6 will include:
- Personal data export and removal tools and
- Comment cookie notification and opt-in.
Check with your email service provider as many are providing helpful tools and information.
GDPR Info and Resources:
There are many more aspects to consider depending on your business and the personal data you collect. Hope this helps get you up to speed if you’ve been putting this off, like so many of us.
Note: This post is intended to be a collated summary for your general information, and to create awareness. It doesn’t contain any legal advice so please consult your legal counsel to determine how the GDPR will apply to you.