Jun 14, 2018
How to Easily Comply with GDPR
Learn how to easily comply with the European Union (EU) new GDPR law. Just 4 precautionary steps can make you comply with GDPR. But, first a little background.
How GDPR Changed Global Sites’ Privacy Policy
Notice how many “Updates to our Privacy Policy” notices you received over the past few months? Everyone from Google, Facebook, Microsoft, Twitter, Yahoo, and every other large company website around the world recently updated their Privacy Policy.
Wonder why so many of them started updating their Privacy Policy around the same time?
It’s because of the European Union (EU) new law (regulation) called the General Data Protection Regulation (GDPR). This new law provides EU residents protection over the collection, usage, sharing, and storage of their personal information (data) from business blogs and websites around the world.
In the past, when other countries like the U.S. and Canada enacted laws protecting their citizens from personal data abuse they forgot to put some teeth into the law. By teeth, I mean penalties which would scare the heck out of violators. As a result, big companies like the ones named above often ignored these laws or provided minimal compliance.
The EU, in their great wisdom, decided to include huge penalties in the GDPR for worldwide violators up to 20 million Euro (around $25 million U.S. dollars). That scared the heck out of the big websites! So, now we have a flurry of updated Privacy Policy notices coming into our email boxes every week for months (or it seems).
If you have a business blog or website located and operated outside of the EU countries, you still may have to comply with GDPR after it went into effect last May 25.
Exception: Now, if your business blogs and websites only cater to non-EU residents with no chance of any EU residents wandering onto your sites; you can stop reading this and go back to the more fun things you were doing.
But, if by some catastrophic event just one EU resident visits your sites and provides any type of personal data; GDPR may apply. For example, your sites contain links, banners, or buttons asking for visitors to “Click Here” or to fill out an online form asking for any personal data and a EU resident does, GDPR may apply. This includes offers to receive discounts, coupons, promotions, emails, newsletters, webinar invitations, or any other future communications.
The e-mail newsletter sign up ad below is a good example of how sites collect visitors’ personal data:
An Important Definition
Before I explain the 4 Ways to Comply with GDPR, you need to understand one term.
Personal Data
The GDPR defines “personal data” as any information which can identify someone whether directly or indirectly. This includes a person’s name, email address, IP number, geographic location, and many other ways to know someone.
Simply asking a EU resident for his/her name, address, phone number, cellular number, email address, or geographical location constitutes collection of personal data if the EU resident supplies one of them. The cookies your site may be using to track a user’s web surfing and likes and shopping habits also collect their personal data.
The 4 Ways to Comply with GDPR
1. Update your blog and website’s Privacy Policy
Make sure it covers collecting, using, sharing, and storing visitors’ personal data. Yes, everyone, not just EU residents. Since you are updating your Privacy Policy, it might as well cover the other international laws concerning their citizens’ personal data. Just in case they increase their fines for violators after seeing how the EU does collecting fines from global violators.
Don’t forget to include the user’s Right to Erasure which is also known as the Right to be Forgotten. This allows EU residents the right to demand that all of their personal data to be removed. A system must be set up to quickly delete all personal data after a EU resident demands it.
Where to find a GDPR Privacy Policy? I recently published an article comparing the leading GDPR Privacy Policy online offers and found one far better than the rest prepared by EU and American lawyers. It also shows you how to avoid online Scams regarding the so-called “Free” GDPR Privacy Policy offers.
CLICK HERE to read the article. Prices range from $200 for the best one to other EU law firms selling for $600 up to $2,000.
2. Add a Disclaimer to Lead Capture Forms
A lead capture form appears on a landing page your site directs a user to who clicks on a link. The form allows you to collect a “lead” (contact information) from whatever your site is offering and cultivates them into your marketing funnel leading to a sale.
Collecting an email address and other contact information is what a lead capture form accomplishes.
Your disclaimer can be just a one liner linking to your Privacy Policy. For example, “For more information, click here” which links to your Privacy Policy.
3. Update Google’s Analytics Data Retention Settings
Google Analytics now allows its users to individually set the length of time for “user level” and “event level” data storage. Once the limit is reached, the data is automatically deleted. Some experts suggest 50 months to give you plenty of time to use the data.
Google Analytics Dashboards will not be affected by these settings. Only features such as “Custom Segments” which rely on cookies, user ID, etc. for advertising purposes will be affected.
4. Use a Pop-Up on Your Site Requiring Affirmative User Consent
The GDPR requires “affirmative consent” by EU residents as to how a site collects, uses, shares, and stores their personal data. The best method according to experts is the “Opt-In” method. Pop-Up ads are the best way to attract attention on a site. You’ve seen how those annoying pop-up ads jump onto the screen.
Here’s an example Google Privacy Notice
See how a Google Pop-Up asks for affirmative consent to its hyperlinked Terms of Service and Privacy Policy. In addition, it asks for the user’s location to know which ones are EU residents. They also include consent to use account information for ads on non-Google websites. Finally, after putting a check mark onto each box, the user is directed to a “Next Step”.
Conclusion
How to easily comply with GDPR involves 4 steps:
1. Update your blog and website’s Privacy Policy
2. Add a Disclaimer to Lead Capture Forms
3. Update Google’s Analytics Data Retention Settings
4. Use a Pop-Up on Your Site Requiring Affirmative User Consent
Follow these recommendations and purchase a good GDPR Privacy Policy from EU lawyers as shown in the hyperlink to a GDPR Privacy Policy products review above.
Copyright © 2018 — Steven Rich, MBA
