Everything You Need to Know About GDPR Compliance

gdpr small business

Upcoming changes to regulations have many brands concerned about GDPR compliance.

But what even is GDPR? And does it affect you? This post will cover just about everything you need to know about the regulatory updates and what you need to do to keep your business compliant.

What is GDPR?

GDPR stands for General Data Protection Regulation. It went into effect on Friday, May 25, 2018. This was created for European Union member states to help secure their personal privacy, actions and data. Basically, it requires businesses to protect the data and privacy of EU peoples for transactions that occur within EU member states. It’s in place so they will have an advantage in the digital economy.

  • There are 8 rights that people have under GDPR:
    1. The right to access
    2. The right to be forgotten
    3. The right to data portability
    4. The right to be informed
    5. The right to have information corrected
    6. The right to restrict processing
    7. The right to object
    8. The right to be notified
  • 7 types of privacy data GDPR protects:
    1. Personal information such as your identity
    2. Web data
    3. Health information
    4. Biometric data
    5. Racial/ethnic information
    6. Political opinions
    7. Sexual orientation

What businesses does this effect?

GDPR has already started to affect two major corporations, Google and Facebook. The two currently have lawsuits filed against them, and if found guilty, it could cost them over $7 billion. This affects both small and large businesses worldwide. Companies that don’t comply with the standard of GDPR may see harsh penalties in the future, resulting in large amounts of money to be paid.

There are also 4 big marketing changes that we expect companies to start making:

  1. Relying more on their current fans to generate new fans. Encouraging a healthy community helps you avoid tactics that are no longer GDPR compliant.
  2. More reliance on the ability to go viral. If everyone has found your post organically through viral sharing, you don’t need to push out your content for people to see.
  3. There will be more demand for micro-influencers. The more niche, the more engaged the audience, the better!
  4. There will be more benefits for media such as newspapers, magazines, television, and radio because traditional media doesn’t need an opt-in like digital media.

How do you stay compliant?

May 25, 2018 was the official start date at which all businesses must be officially compliant with GDPR. Staying compliant is going to be an ongoing process.

  • 8 ways to stay compliant:
    1. Make your data privacy policy is easy to work with and understand.
    2. Make sure all of your consumers are aware of where their privacy rights stand. An easy to access and visible privacy policy is a must!
    3. Make sure you broadcast your GDPR compliance. This can be done with a notification on your website.
    4. To get user consent, you must implement tools. You must make sure that every user can opt-in and consent before you can track, retarget (remarket) or mail those users. You also need to make sure that users can revoke their consent, and know what their data is being used for.
    5. Make sure to regularly inspect your user lists and discard data that is not needed.
    6. Keep the focus on your customers and their concerns.
    7. Make sure all your staff is informed of GDPR regulations and their role in ensuring you stay compliant.
    8. Update your design to contain compliance checkpoints.

Steps moving forward

If your business does not meet all the GDPR guidelines, here are the top priorities when it comes to GDPR:

  • Make sure you ask customer’s permission before receiving and sharing their personal information.
  • Once confirmed, personal data must be portable for other businesses to share it with another business.
  • If a customer requests for the personal data to be completely removed, the business must do as asked.
  • If there are any data breaches, supervised authorities must know within a 72-hour block since the time it happened.
  • Customers need to be aware of their rights under GDPR.
  • The business needs to be sure to identify when there is an error or not sufficient work in their business and take aim to fix the problem.

Get Online NOLA is a small business, so we know how stressful regulatory changes can be. Let’s chat all about it in a free strategy session.

Leave a Reply

Your email address will not be published. Required fields are marked *