Liz discusses the European Union’s all-important General Data Protection Regulations that will be enforced as of May 25, 2018. We also share how it may affect your business.
Liz refers to a webinar she learned a lot from which you can find here.
Episode 0288
GDPR & Your Small Business
Sandro: [00:00:03] Welcome back to Liz & Sandro’s Marketing Podcast! We’re the podcast that helps your small business stay on top of what’s going on in the world of digital marketing including things like SEO, reputation management, social media, and so much more. Today Liz is talking about the very important GDPR.
Liz: [00:00:22] Yes, we mentioned this in an episode a couple of weeks ago. I know Sandro and I have both been doing a lot more research on this topic so we could speak intelligently about it and make some good recommendations for you. So GDPR stands for General Data Protection Regulation. Just a quick recap. This is European Union regulation that affects what companies can and can’t do with people’s data. As a consumer this is going to give you more control over how your data is collected and used. Yes this is European Union regulation but it will affect businesses outside of the EU. That’s because many businesses collect information about EU residents. I think if you were to dig into some of your own data you may find that you have some some foreign or European Union residents on your list so definitely check that out. But like I said Sandro and I have been doing a little bit more research so we can provide some good recommendations to you. Actually one interesting thing that Sandro confirmed was the date that this regulation took effect and when it’s actually being enforced.
Sandro: [00:01:34] CORRECT THE DATE THIS WENT INTO LAW IS APRIL 14, 2016. So, a little over two years ago. But it’s being enforced here in the next day or so: May 25th 2018.
Liz: [00:01:47] So yeah this has been in place for a while and it’s kind of crazy that we’re only hearing about this for the first time you know in the last month, month and a half. Before I get into some of the nitty gritty. I do want to preface all of this by reminding our listeners that we are not attorneys and you should definitely speak to a trusted attorney as it relates specifically to your business.
Liz: [00:02:17] I listened to a webinar last week that was presented by two attorneys. They did a fantastic job of breaking it all down and giving two very simple yet concrete suggestions. And I wanted to share those with you today. I will also link their website in the show notes for you. So there’s the first step. Step one was to update your privacy policy. And from what I understand this is not as simple as dropping an extra paragraph into your existing privacy policy. There is some G.D.P.R. compliant language that you need to incorporate again talk to an expert. I can’t speak to that specifically but the very simple and concrete action step for you to take is to update your privacy policy.
Liz: [00:02:47] Step two is to update how you get consent from people who join your mailing list or request a piece of content from you. So essentially what this means is in the past I think we’ve all generally operated under this idea of implied consent you know that that checkbox that invisible checkbox was selected and if you know if you signed up for anything suddenly you were on the master mailing list getting any and all pieces of content from a company. Well with GDPR, that’s no longer allowable.
Liz: [00:03:23] Again I want to say if you look through your list and you say you know what I’m not dealing with anybody from the EU you can probably ignore all of this but if you’re unsure or you find some individuals who are residents of the EU these will be important steps to take. Again I will link to the two attorneys that I mentioned. I’ll link to their webinars. It was fantastic. They actually walked the webinar attendees through a full example of what that looks like. You know if somebody signs up for a piece of content that extra check box of “yes I want to get all your other content too” that, that is a new checkbox that needs to be added. You can’t just simply add them. Again there’s no more of this implied consent so .
Sandro: [00:04:08] And it Can’t be PreChecked either. .
Liz: [00:04:10] Correct. Yeah. Yeah the user the consumer physically has to check that box. So this is it’s interesting. Sandro and I as we were chatting about this episode I mean it really kind of throws a wrench into the whole HubSpot inbound marketing approach to marketing that’s become so popular lately it’ll be really interesting to see how this applies .
Sandro: [00:04:33] Correct. And three other ways I wanted to reference that this may affect you. Again this is only if you’re doing business in the European Union or with European Union people or you have a lot of European Union clients if you’re a mom and pop pizza shop in Detroit you really don’t worry too much about this at this point.
Sandro: [00:04:51] But three other ways that this could affect you if you do referral deals or if you refer a friend type of deal to get a discount. Well can’t just get all your friends information anywhere without their consent. So I would just avoid all that. Second marketing automation. So if you use automation to reengage people if they’ve been inactive for you for a while you should look to get permission from them once more to begin marketing to them instead of just you know automatically starting to market to them if you haven’t heard from them in like a year. So for a good amount of time.
Sandro: [00:05:21] And finally gated content. Liz mentions HubSpot. Basically the GDPR does not allow you to block content on your site. If a person does not want to give you information so I’m going to quote the Moz article I got this from it said, “while the GDPR doesn’t completely eliminate the possibility of gated content there are now higher standards for collecting user information. If you have gated content you need to be able to prove that the information you collect is necessary for you to provide the deliverable.” So for example if you have a webinar you need their email address to send them a link. That’s fine but if you want to show them a white paper or a piece of research but only if they give you their email address. That is not allowed because you can just show them a PDF without collecting their email address. This is going to affect a lot of companies like HubSpot. Like some shadier people who try to collect email addresses in shady ways or are buying email lists things like that are just not going to be happening anymore.
Liz: [00:06:22] And what I think is interesting. I can’t remember where I heard this but I know that there are people that make the argument of saying, “just put your best content out there just publish it.”.
Sandro: [00:06:33] For free? Without. . . .
Liz: [00:06:33] Yeah Don’t don’t gate it. Just put it out there. Yeah just put your best content out there publish it. Skip the gated content piece. People are still going to subscribe to a mailing list and they’re still going to want to hire you. So it’s it’s an interesting approach. And one that that may become more popular now that GDPR is taking effect or about to be enforced. .
Sandro: [00:06:54] So While I’d like to say this is our last episode on GDPR chances are it’s not. I’m sure we’ll find out how this shakes out and basically we as marketers. There are so many shady things going on out there. Some people are saying we deserve this because there’s just so much spam email and shady practices for marketing going on .
Liz: [00:07:15] So much. Yeah we’ve all experienced some shady marketing tactics. I know my email address has ended up on lists and I have no idea how it how it ended up there so yeah maybe we do have this coming. .
Liz: [00:07:26] The Other thing we should point out is that there are going to be penalties financial financial penalties. What are those going to be again? .
Sandro: [00:07:33] I Read somewhere that they could be as high as 4 billion euros which is a lot of money for violating these penalties. There’s a lot of stiff financial penalties for this .
Liz: [00:07:43] And obviously the regulating agencies are going to go after the companies with deep pockets. Facebook, Apple, Google those companies. Do I think you know to your point that the mom and pop pizza shop in Detroit that isn’t following this..? No I don’t think they’re going to face penalties. But still better to be safe than sorry. Put these new privacy precautions in place and just go ahead and get compliant. .
Sandro: [00:08:09] And be aware because they may be, those rules may be coming to the United States. You never know. Thank you for joining us. Make sure you speak to an attorney he think you have any questions. Because we definitely do not know everything. We’re just going on what we read & we are definitely as Liz said, not attorneys. Thank you again for joining us. You can find us on Facebook, Instagram, Twitter and we have an email address with a newish website. If you have any questions if they’re about GDPR, talk to your lawyer. If they’re about other things digital marketing, you can send them to us. Thanks again for joining us. We’ll see you next time.