GDPR Is Here! Resources For The Shakeup

The European Union’s GDPR (General Data Protection Regulation) went into effect May 24th. Its aim is to protect the personal data of European Citizens using the Western world’s biggest websites and apps. These are obviously Facebook, Google, and any services that piggyback on them.

CNN reports that less than a day into the law’s enforcement, multiple tech giants have been sued by government agencies:

The complaint against Facebook was filed with Austrian data regulators, Google with French regulators, WhatsApp with German regulators and Instagram with Belgian regulators as soon as the law went into effect at midnight.

http://money.cnn.com/2018/05/25/technology/gdpr-compliance-facebook-google/index.html

From Friday, European data regulators can impose fines of up to 4% of global annual sales each time the companies run afoul of the new law.

http://money.cnn.com/2018/05/25/technology/gdpr-compliance-facebook-google/index.html

It’s tempting to think these governments are trying to cash in, but rumors of clandestine data harvesting go back to the early days of the Obama presidency. It goes that Google, Facebook, et al, collect metadata about their users through their websites and apps. They then sell it to politicians and corporations for targeted marketing.

Ostensibly, small to medium-sized businesses have little reason to fear GDPR, but it doesn’t hurt to be ready. A great, snarky post in thedesignspace.co blog lists the ways to be fined under the law. They amount to common sense, good business practices to ignore (or follow- the post is being funny.)

First, to avoid getting in trouble, don’t spam or annoy your contacts. 2nd, allow them to unsubscribe from your email marketing. 3rd, make sure you have a privacy policy on your site or app. (I made my own through this service: www.freeprivacypolicy.com.)

4th, 5th, and 6th, if you annoy them enough with your spam, they users can ask you directly to stop. If you ignore this for 30 days, they can report you to their country’s ICO. The 7th, 8th, 9th, and 10th steps to getting fined amount to the ignoring the ICO’s requests for you to stop. Governments make huge tech companies their first priority, so if you’re a smaller business, you have a longer grace period.

The best advice I can give is to be respectful of your customers and sales leads. This is good customer service in any case. Next, if you utilize any online services including web hosting and email marketing, look up their blogs for any GDPR news. They should be up front in how they protect their clients. It’s sad that it’s come to government legislation being necessary, but honesty is the best route to sustainability in business.