The New Data Protection Law: What to Do about GDPR
This post was last updated on May 9, 2018.
GDPR (General Data Protection Regulation) is a law that will go into effect on May 25, 2018. GDPR has to do with security of personal data. GDPR covers all companies in the European Union (EU) as well as companies that collect data from people in the EU. If your company is in the United States, but if you have even one person on your email list who resides in the EU, this law applies to you. If your company is in the United States but people from the EU might visit your website, this law applies to you. Best practice is to become compliant today so that you don’t have to deal with the ramifications tomorrow.
I am not a lawyer. I have not read the GDPR. I have been paying attention, and I want to bring you the most relevant resources I have found to date. If you store, process, or use personal data in any way, listen up about GDPR. Here is a list of resources to help you become compliant with this new law.
GDPR Resources
1. Amy Porterfield's Interview with Bobby Klinck
If you only do one thing on this list, start with Amy Porterfield's podcast. It is a 1-hour show with an attorney. It breaks down what you need to do for your website, lead capture forms, and emails. Must listen.
2. Free Video Training with Attorney Bobby Klinck
This is the guy that Amy Porterfield interviewed. He has a more comprehensive training to get you up to speed and compliant with GDPR.
3. Checklist and Interview on DigitalMarketer.com
This is another interview between a digital marketing agency and an attorney. It is not quite as actionable as Amy Porterfield's podcast, but chock full of good information still. This interview also links to additional resources from Suzanne Dibble, who is well known as an attorney in the digital marketing space.
Suzanne Dibble on the DigitalMarketer
4. What You Need to Know from Social Media Examiner
Rather just read a quick blog post? This post lays out the details of GDPR as they relate to any company or business that has a website and presence online. The article links to additional resources and tools at the end.
5. GDPR-Compliant Privacy Policy and Other Website Legal Forms
Without the lawyer fees, you can get templates for the legal documents you need on your site right here. Again, these come from Bobby Klinck, who is mentioned above.
What to Do About GDPR
I cannot give you specific legal advice. I do want to share with you some of the key points I have taken away from all of the GDPR information as it unfolds. Here are the things I plan to do for my own business and for my digital marketing clients:
- Purchase an updated privacy policy.
- Display the privacy policy on my site and in any third-party apps (like LeadPages) where I collect personal data.
- Segment my email list to identify subscribers in the EU (or those who I cannot identify location). Email those subscribers to ask them to opt in for emails. If they do not opt in by May 25th, delete them from my list.
- Revise my process of collecting email addresses going forward. Things to consider when it comes to subscribers in the EU: we can only add new EU subscribers with their explicit and granular consent; we cannot require they join our email list as a condition of receiving a free download; and we cannot have boxes with default check marks to opt them into our list. We can still offer lead magnets, but we need to revise and refine our process to be GDPR-compliant.
GDPR is not something to fear. It is updating old laws that deserve to be updated. GDPR is being put in place to protect common people like you and I. The goal of the law is to protect the security and privacy of personal information. For your own reputation and the reputation of your business, it is in your best interest to take GDPR seriously.