If you are not investing in your business how do you expect it to grow?
GDPR for American Businesses

GDPR for American Businesses

 Sunday, May 27, 2018 |  Views:644 |  Posted by: John Marx |  Reading Time: 4 Minutes, 53 Seconds |  Article Tags: 

The first thing to cover is this is not legal advice. This is a culmination of over thirty blog articles and our take on GDPR from our friends at the European Union (EU). First, let’s cover what GDPR stands for. GDPR stands for General Data Protection Regulation and ultimately is designed to protect consumers. Personally, I feel this is a very good thing and if the United States legislature get’s it right they will copy it as it’s forcing businesses to be more transparent, honest (our rule #1), and helps make the internet a place people will want to be. In American we might think that these rules might not apply to us. We would be completely wrong with the age of the internet. The internet makes even a brand new, just opened today, one man/woman shop into an international business whether intended or not. Let’s look at what businesses need to do at a high-level to comply with GDPR.

Article 3 of the GDPR clearly states that if you collect personal data or behavioral information from someone in an EU country, your company is subject to the requirements and rules of GDPR. If someone provides information and is a resident of the EU at the time of collection. This means that if they currently reside in the EU this applies to your data collection efforts. The second part of this article is that money doesn’t have to transfer hands. This means collecting information for a mailing list (electronic or snail mail) or identifies a consumer in any way that is personally identifiable information (PII). This could be part of a marketing survey, then the data would have to be protected GDPR-style.

With GDPR being a hot topic and coming with huge fines that could put a business, even a large business, out of business for non-compliance making certain that you comply is important. Below are the high-level items we have implemented over the last 24 months for our clients and are not in any order other than these are the items we have implemented.

  • Create an implementation team – this is the team that will be responsible for making certain your organization stays in compliance with the latest laws. This would be for GDPR as well as any future laws in this manner.
  • Locate and understand your data – You need to understand your data and how it relates to your consumers. As part of this law you need to be able to effectively handle notification of any data breaches (in as littles as 72 hours of being breached).
  • Training – Educating and training your staff on what GDPR is, how it effects your company, and what you need to do for compliance. Understanding what information is collected, how it is used, and why you have that information.
  • Personal data is not all the same. You need to be able to inform the consumer, if requested, what information you have on them. This covers not only their name and email, but physical address information, personal identifiable information (sexual orientation, sex life, jobs, job titles, etc.). Although the law went into effect on May 25, 2018 it applies to all data you have ever collected regarding the consumer.
  • It is your job to make certain your information is protected. If you use a cloud provider, you cannot “assume” you are safe. Yes, you might pay to protect your data with a firewall, etc. but you are ultimately the one responsible for the data you collect and save.
  • Ask for permission for everything you do on your site. This is registering for a mailing list, collecting information, etc. It is no longer pre-checked boxes that say “yes I agree” but boxes that are unchecked where the person needs to opt-in. If there is information you don’t need don’t ask for it. Keep yourself protected by only getting what you need.
  • Be prepared to provide consumers that ask for information of what you have on them in a quick and timely manner. If you are asked you need to provide everything that you have from cookies, to their information, to order history, etc. This would be in both the real and virtual world as well. Providing this information requires, in most cases, to be done in less than a month.
  • If you have a physical store and nothing online this still applies to you if you take credit cards from someone that lives in the virtual world.
  • Review your current privacy notices of what you collect and keep. Be as clear as possible and do not use any legalese when writing your privacy policies. All too often we see lawyers adding so much lawyer mumble-jumbo it would take a team of lawyers to guess what you are implying. Keeping it as simple, and short, as possible is a requirement of GDPR.
  • If you have a age requirement make certain your system is as foolproof as possible.
  • Have a secure way, outside of email, for people to provide you anything that they feel is sensitive. A good way would be on your website that accepts the information, does NOT then forward it via email but kept securely on your website, your website having SSL (green pad lock) on every page, and you make all appropriate steps to limit who has access to information.

When it comes to complying with GDPR you need to take on full responsibility for making certain your company is in compliance. GDPR is something that will not only protect the consumers you do business with but in the long run will make your business ready to grow and comply with the latest laws. We know the United States will start with the current GDPR and will look for ways to extend it as that’s what governmental units do.

 

Blog Tags

<a href='mailto:john@jm2marketing.com'>John Marx</a>

CEO / Code Ninja
 Send an email

John Marx

John has been an entrepreneur and pusher of all things “normal”. He was brought up where a handshake is as good as any word and even more important than any legal speak. John believes in giving back and giving people more than they expect. This is the foundation and basis of JM2 Webdesigners & Marketing. The prices will shock you, the amount you get will shock you even more, and the skills his entire team brings will completely amaze. He has built a team of experts that are talented, young, and efficient. Each one has the characteristics of the company in wanting to see a small business grow and each one goes above, and beyond which makes John beyond proud of them.

So why is John considered the “Code Ninja”. It’s isn’t because people fear ninja’s (they should). They will fight until their last breath defending, achieving the mission, and helping (in this case small businesses). John believes in very surgical strikes to help a business grow using agile methods that change rapidly, in ways people don’t expect, and with a relentless passion to achieve greatness.

Blog article comments

No blog comments have been submitted yet. Be the first to leave a comment!

 

 

Comment on blog article

Your Name:
Email Address:
  • Show/Hide Border
  • Table Properties
  • Delete Table
  • Row
    • Insert Row Above
    • Insert Row Below
    • Delete Row
  • Column
    • Insert Column to the Left
    • Insert Column to the Right
    • Delete Column
  • Cell
    • Merge Cells Horizontally
    • Merge Cells Vertically
    • Split Cell Horizontally
    • Split Cell Vertically
    • Delete Cell
  • Cell Properties
  • Table Properties
  • Properties...
  • Image Map Editor
  • Properties...
  • OpenLink
  • Remove Link
  • Insert Select
  • Cut
  • Copy
  • Paste
  • Paste from Word
  • Paste Plain Text
  • Paste As Html
  • Paste Html
  •