What does GDPR mean for my US based business?
Our simple minded take on what seems difficult and too time consuming to learn
Short on time? Pick your poison.
Disclaimer: We are not attorneys, nor do we play one on TV. We do not claim to know the law or how to protect you from the GDPR police. So, if you really want to cover your tail, seek real professional advice from an attorney or legal professional please.
Updated: May 22, 2018
What does GDPR mean for my US based business?
The details in case you are having trouble sleeping.
GDPR means General Data Protection Regulation (GDPR), which happens to be the European Union's new privacy law, which goes into effect May 24th, 2018.
It's a cool law, in that it gives the person more control over how their personal data is used versus giving the company carte blanche to do whatever the hell they want to do with their personal data.
And you may be thinking, I don't even have clients in the EU, so why does it matter?
Well, even if you don't have paying clients in the EU, you may have someone, from non-US places, that may have interacted with you online, right?
Not only does this law apply to your business, it applies to any system you use that STORES OR TOUCHES your customers personal information too.
If the answer is yes, then please stay tuned as we try to explain what we understand can ensure make sure your business is a bit more covered.
Unless you know EXACTLY where people are based geographically, then GDPR could effect you because someone from the EU may have:
- Signed up for your lead magnet
- Subscribed to your newsletter
- Maybe sent you an email and you added them to your CRM
- You boosted a post on Facebook
- You ran a paid ad on Google
- They could even be in your Email, Survey, Appointment Scheduling, CRM or MANY other systems.
These are only the things that I think I understand out of the many data variables. In this case, I would lean towards better safe than sorry and read on.
GDPR CLIF Notes for US Business Owners
We will give you CLIF notes version of the bare minimum and then the recommended version of what could be done.
The Bare Minimum That You Should Have in Place Today:
Gold Star Activities That You Should Have in Place if You Have A Team, Time, or Money:
List of Common Software Providers
Once you are compliant, you need to make sure the software companies that you use to store or collect client's personal data are also compliant. Here's our list of the most common providers.
This is NOT everything. This is just a start to get your mental juices flowing.
When you think about GDPR, don't forget to ask yourself, "Is my customer's personal data in this system too?" This could apply to your cloud, email, CRM, appointment scheduling, or survey form software. Even for #startups & #businesses in the US, it matters.
When you look at this list, don't forget to ask yourself.
"Is my customer's data in this system?"
Website, Marketing, & Lead Generation Software
Wordpress - In depth article on Wordpress compliance
Wordpress - Readiness & Compliance
Wordpress Thrive Themes - Best Wordpress Theme EVER!
If you are our client, this is most likely your theme. Here is an update on what Thrive is doing to help keep our business' client data safe within the GDPR policy. We love, love, love Thrive!
Email Marketing Software
Don't forget about online forms, appointment schedulers, surveys, and the almighty cloud (like AWS, Dropbox, Survey Monkey, TypeForm, Calendly, etc). When we say the list goes on and on and on. We mean quite literally.
Wanna Save Time? Copy ours.
OR -Just copy the GDPR Statement below and add it to your Privacy Page.
General Data Privacy Regulation (GDPR) Practices
As a company that markets its site content, products and/or services online we do not specifically target our marketing to the EU or conduct business in or to the EU in any meaningful way. If the data that you provide to us in the course of your use of our site or services or products is governed by GDPR, we will abide by the relevant portions of the regulation. If you are a resident of the European Economic Area (EEA), or are accessing this site from within the EEA, you may have the right to request: access to, correction of, deletion of; portability of; and restriction or objection to processing, of your personal data, from us. This includes the “right to be forgotten.”
To make any of these requests, please contact our GDPR contact at gdpr@my website domain.com.
Need a bit more? Here are a couple of options for you.
If you found this useful, please share it with someone who may need help too. We gotta stick together.
If you have questions or comments, please leave them below. Be kind, we are only human and make mistakes too.