The GDPR and what it means for your business

Have you noticed that you’re starting to be inundated with emails, messages or notifications saying “We are GDPR compliant” or “Check to see if you’re GDPR compliant”? And you click through to the links and think “What does this have to do with me?”

Well let’s start with what GDPR stands for – General Data Protection Regulation. In simple terms it’s around Data Protection and Consumer rights. This has been a hot topic particularly in Europe, where the GDPR comes in to affect on the 25 May 2018. You can read more about it here

What is personal data? Anything that identifies a natural person – this can include IP addresses, names, email addresses which is gained from email newsletter sign ups, cookies, Google Tracking, Facebook pixels etc.

You’re probably thinking now, “what does this have to do with me? I operate in New Zealand and/or Australia only”
Well, while the GDPR may not directly affect New Zealand and Australia, it does impact on a consumer’s view on privacy and their data.

What does this mean for you and your business?
You need to check that you have a Privacy Policy in place on your website and that it covers what data you are collecting and what you are using it for e.g. if you are using cookies, a google tracking link or Facebook pixels.

What does this mean in regards to your marketing and advertising strategy for your business?
If you are using a pop up on your website to collect email addresses, you need to have a check box for people to click saying that they are happy to receive newsletter updates from you in accordance to your privacy policy, with a link to the policy on your website. Only collect the minimal amount of data that you require to do what you want to do e.g. if you’re looking to sign people up to your newsletters you are likely to only require a person’s name and email address.

If you’re retargeting people with advertising, this also needs to be clearly stated on your privacy policy on your website. Data processors such as Facebook and Google will have their own privacy policies in place if you are using any of their features.

Why does this matter to you?
As people are becoming more and more aware of their rights to their data, they are becoming more educated on what businesses might be using their data for. By you having a strict privacy policy in place, you are protecting your business against the risk of any negative publicity in regards to the misuse of a person’s data.

My top tips are

  1. Use clear plain language for any form of data collection and in your privacy policy
  2. Recognise that people need to have a genuine choice of control of their data e.g. put double opt ins in place.
  3. Your privacy policy should be transparent in what you are using a person’s data for
  4. Do not make consent conditional e.g. a person has to tick a box to agree to your privacy policy before you provide them a service or good.
  5. Only ask for the minimal amount of information that you need to deliver the requirements for your business e.g. newsletter sign ups generally only need a name and email address
  6. Seek legal advice for your Privacy Policy – it’s not a good idea to copy someone else’s privacy policy.

Now I am certainly no expert in the GDPR, so I do urge you to research and look in to what this means for you and your business yourself.

Here are some helpful links for you to learn more

Australian Government – General Data Protection Regulation guidance for Australian businesses

New Zealand Privacy Commissioner

European Privacy Commission

Facebook GDPR Terms

Google’s GDPR Terms

Facebook Group – GDPR for Online Entreprenuers