The GDPR For Non-EU Companies
Over time, the internet (and how people use it) has evolved. With this evolution has come new legislation that attempts to safeguard citizens and businesses. The European Union has taken such action with what is known as the GDPR.
For entrepreneurs that are looking to do business in the EU—or that currently do business in the EU—it is extremely important to understand what this legislation is, and how to stay compliant.
I am going to go over some general information about the GDPR, but it’s still very important to research the actual legislation to make sure fines and penalties are avoided.
The best place to get started with regards to this legislation is a very basic question…
What is the GDPR?
The GDPR (General Data Protection Regulation) is a form of regulation intended to protect the personal data of internet users.
This allows for internet users in the EU to use the internet without fears of companies collecting their data without their permission.
Essentially, the GDPR helps to establish data privacy for citizens of the EU.
So, what data is considered “personal data?”
Personal data refers to:
- Contact Information (Phone Number, Address, email, etc.)
- Personal Information
- Bank Details
- Online Behavior
- Physical and Health Information
- Credit Card Information
- Insurance Information
- Just About Every Piece of Data for an Individual
This piece of legislation is intended to be extremely thorough. The EU wants to make sure their citizens are protected from any form of misuse or abuse of the data of their citizens.
One of the main things that the EU is looking for from companies is transparency.
This isn’t to say companies can no longer collect any data at all. It just means consent needs to be given from the customer. And no—there is no way to sneak around this!
The consent needs to be obviously presented and honestly given by the internet user.
GDPR For Non-EU Companies
Entrepreneurs that do business in the EU have been left with a massive question that they need answered:
“Does this affect MY business?”
The answer is—if you do any sort of business or data collection in the EU—YES. It affects YOUR business.
It doesn’t matter if the business is focused on personal development or gardening. If the company decides they want to collect any form of data from their visitors, they need the consent of those internet users.
This means entrepreneurs need to learn more about compliance, and what needs to be done to stay within compliance.
Before we get to that, I wanted to remind everyone that businesses outside of the EU STILL need to obtain consent. This means, if you are located in the United States, you still need consent from an internet user in the EU.
The new regulation went into place May 25th, 2018.
For entrepreneurs that haven’t made these changes already, it’s time to do so!
Compliance (and How to Keep Collecting Data)
Although the GDPR makes it a little more difficult for businesses to collect data, this legislation in no way makes it illegal to do so. For businesses that do collect data and use it for different purposes, this doesn’t mean the end of this practice.
What it does mean is staying compliant.
Compliance will be key to keeping out of hot water with the EU, and providing a great experience for customers in the EU.
Actually, the GDPR can be advantageous to companies that do business in the EU. By being transparent, companies are able to build trust with their customers. This beats trying to collect data behind their backs.
So, What Does Compliance Look Like?
To be compliant with the GDPR, businesses need to allow customers to agree to the collection and use of their data. This may mean having customers click on a box that agrees to terms of service that allow for the collection of data.
If there is an opt-in for a newsletter, the marketer still needs to ensure consent of the customer to receive emails. This means outlining what will be done with their email address, and what kinds of emails they can expect to receive.
To take it a step further, make it easy for customers to manage and delete their data. This will move an entrepreneur closer to achieving full compliance.
It’s important to understand that this regulation isn’t a “good faith” agreement. If a company is in breech of this regulation, they can be subject to fines and penalties. The actual fines and penalties are multi-faceted and depend on a variety of factors.
Here is a link outlining the penalties: GDPR Penalties for Non-Compliance
Not only do entrepreneurs need to read the legislation so they can stay compliant, but they should also read the penalties.
It's important to understand the severity of punishment for non-compliance.
Making Compliance Look Good
Just because customers need to “opt in” for the use of their personal data, doesn’t mean it has to be scary for them. Keep in mind, the more a company tries to hide and cover up consent, the worse the company will look.
Instead, be transparent. Allow customers to make an informed decision.
This will not only ensure compliance, but it will also build trust. Because internet users in the EU know they are now protected by the GDPR, they expect companies to ask for their consent.
By providing them with a simple option for consent, they will know that the company they are doing business with is trustworthy. The company will also know they are protected from penalties and fines.
Complying with the GDPR is a win-win for both customers and the companies!