May 25th, GDPR goes into effect. This is the European Unions (EU) new super strict customer data transparency regulations.
So what? Who cares?
That GDPR is all about Europe, and doesn’t apply to me and my business here in Kansas City.
You can rest assured that the first lawsuits are coming by American Consumers against local Kansas City companies who don’t follow the spirit of what the GDPR is attempting to accomplish for “All” Website consumers.
The Spirit of GDPR is all about #1, letting people know the specific way that data is being collected about them while they surf the Internet.
Spirit #1 – Are you collecting “any” information about your Website visitors?
- If you are using Google Analytics on your Website. The answer is yes you are collecting data about them.
- If you have an eMail sign up form. The answer is yes you are collecting data about them.
- If you have a contact us form. The answer is yes you are collecting data about them.
- Do you have white paper downloads that requires an eMail address. The answer is yes you are collecting data about them.
- If you have an eCommerce site. The answer is yes you are collecting data about them.
- If you have survey questions on your site. The answer is yes you are collecting data about them.
- Do you have anything on your Website that collects any type of data. The answer is yes you are collecting data about them.
Seems kind of dumb that you have to spell it out, but think about the fact that McDonald’s has to put “This cup contains hot liquid” on their coffee cups.
Spirit #2 – Permission
Did you ask permission to collect their information?
When customers fill out the eMail sign up form, or contact us form, or other data collection points on your Website, does it remind them that you are collecting their information? Again, seems kind of dumb, but you need to get their permission before collecting any information.
Spirit #3 – Transparency Communications
So if you answered yes to any of the questions in #1, then customers, at any time can contact your company and ask you to provide them with details of the information you collected about them. They have the right to contact you, ask what you are collecting, and then as much as possible they need control of removing that data from you if they desire. (This one is very hard BTW)
Spirit #4 – Data Reuse
Spirit #5 – Data Security
So you have their data, what are you specifically doing to protect their data? Do you have it in Excel spreadsheets? Did you copy it into another program, like Mail Chimp? Are these 3rd party locations protecting the data. How are they protecting the data? You need to tell people exactly what you are doing to protect their data.
Think about this folks. Do you have your client’s information in the contact list on your phone? Do you have a password on your phone?
What do you do first?
Answer these questions.
- Are using Google Analytics on your Website?
- Do you have an eMail sign up form on your Website?
- Do you have a contact us form on your Website?
- Do you have white paper downloads that requires an eMail address?
- Do you have an eCommerce site? Can people pay money to you on your Website?
- Do you have survey questions on your Website?
- Do you have anything on your Website that collects any type of data?
If you are dealing with EU customers, you need to be working on 1 thru 5 above starting months ago. Don’t wait any longer.
If you are not dealing with EU customers, start working now on steps 1 thru 5 above now. Get ahead of the lawsuit potential data security, privacy fines that are coming.
Please contact us at email@example.com or call us at (913) 489-7866 if you need help with your Website Privacy Policies.