If you regularly use the internet, chances are you have heard about The General Data Protection Regulation (GDPR). Over the past month, the GDPR has caused some confusion and fear for a lot of business owners here in the United States. How do you know if the GDPR affects your business? The E.U. law was put in place to protect residents of member countries. If your business sells online to E.U. consumers or targets E.U. clients, your business must comply with the GDPR. If not, the GDPR should not affect your business.
E.U. Sales & Targeting
Two of the areas where the law is least ambiguous, as it relates to U.S. business activities, include sales and targeting. If your company sells physical or online products to E.U. customers, you must comply with the GDPR. Similarly, any targeting that explicitly uses language geared towards E.U. countries or is considered as marketing to customers or users in those countries will require you to adjust how you gather data. Websites that accept E.U. currency, allow customers to book U.S. hotel and hospitality services, or provides digital download products to customers worldwide, all fall within this bracket.
Data Collection
How your business collects E.U. customer data is, perhaps, the most important aspect of GDPR. Direct, rather than implied consent is needed โ which means your website cannot contain prefilled checkboxes for information such as email capture, if the law applies. It is also crucial to note that the type of data being collected and how you intend to use it will dictate how consent is requested. If an email is used for both a newsletter subscription and 3rd party offers, for instance, separate records of consent must be obtained from the E.U. customer.
Google Analytics
One of the risks that may prove difficult to navigate for small-to-medium business owners affected by GDPR is the continued use of services, such as Google Analytics. As Google offers this service for free, the company will seek to implement controls that protect against receiving fines due to the actions โ or inactions โ data controllers that use their platform. That means you could lose the right to use the service and, by extension, tools you have come to rely on when it comes to running marketing campaigns or hosting ads on your site.
While the GDPR is not intended to punish companies that have taken every step to comply with the law, there are fines associated with the mishandling or breach of E.U. customer data. If you are unsure about the steps you need to take to comply with the GDPR, reach out to Skol Marketing today for a consultation.