- May 22, 2018 -
In the world of online marketing, there have been few more polarizing subjects recently than GDPR.
And believe me, I have gone back and forth in my mind as to how to approach this without making myself a target for rotten tomatoes. Lol
At the same time, you know me by now...I'm not one to pussyfoot around and sugar coat anything.
I'm not politically correct. But I do want to be a voice of reason.
So hold on to your hats, folks.
If you're not up on what the heck GPDR is, here's the Cliff Notes version:
+ GDPR stands for General Data Protection Regulation.
+ GDPR is an EU law on data protection and privacy for all individuals within the European Union.
+ It goes into effect May 25, 2018.
+ And if found not compliant, the fines are hefty.
If you are a user of apps like Infusionsoft, LeadPages, PlusThis, ScheduleOnce, you may have started to receive emails from them referencing the date May 25th or some other reference to data privacy.
But, let's cut to the chase. The only thing I'm sure you want to know is this:
That's the million dollar question.
And the million dollar answer is for me to ask you another question...
And this is where I can feel the rant building up inside my chest ready to explode...so here it comes.
(And please, please understand I am not a lawyer. What I'm about to say are my opinions for whatever they are worth. It is NOT legal advice.)
This is an EU law.
A US citizen selling to US citizens via a US company is legally responsible to follow US law.
It’s not enforceable without bringing an international suit or suing a large corporation that has a legal presence in the EU.
Wanna try to enforce EU laws on US companies?
They better be prepared to spend tens of millions in court. In other words, the EU won’t even try unless you’re a major corp with deep pockets.
For example...am I going to spend thousands of dollars taking one of my renters to court who is delinquent on their rent? NO! They have no money!!
Much to do about nothing for small US companies.
Wanna hear more? I'm just getting going so fair warning...
GDPR is far-reaching: The EU is trying to mandate worldwide law...I'm outside their jurisdiction. Leave me alone.
GDPR is vague: No one seems to be able to agree on exactly what is or what is not required. If it was not vague, you wouldn't see hundreds of attorneys all with different opinions on what is or what isn't actually necessary to do.
Between all of the different applications we use, I've seen dozens and dozens of completely conflicting interpretations of requirements — i.e. it's vague!
GDPR is about as straightforward and clear as the US tax code.
And it’s real purpose seems to be to create a bunch of EU representation and resident agent services as well as a whole new gig for lawyers to dive into and make money.
So if you've made it this far and you're not offended...I applaud you.
Offending anyone is not my intent - but I get HOT under the collar when politics (in any country) start jamming me up.
Here's the crux of the matter in my opinion...
This regulation is trying to shift the responsibility off the consumer for what is in FACT a consumer choice.
If an EU citizen is concerned about how I am using their data despite all I have mindfully and respectfully put in place over the years...then they shouldn't optin to my US-based company or purchase from me.
The EU citizen has 100% of the power of choice and 100% complete control over how their data is used by US companies - just don't opt in if you don't like our policies.
When in Rome...
In the end, it's simply a matter of supply and demand. If enough of your revenue comes from EU citizens and you feel non-compliance will cause you to lose business...absolutely go the more extreme route in implementing GDPR mandates.
I'd be irresponsible to advise any less.
What bother me most about this whole bruhaha is that no one wants to be responsible for their own actions these days.
They just want to shift blame to someone else. This is a simple consumer choice issue.
If someone from the EU is that concerned over this radical manipulation tactic...read the Terms of Service and Privacy Policies first before submitting your contact details.
And then don't do business with the company if you don't agree.
The consumer has the power of choice.
Rant over.
Very few because we're already following the proper procedures:
...encouraging double confirms
...not sending emails that subscribers haven't requested
...linking to an email subscription preferences center in EVERY SINGLE EMAIL
...making it easy to unsubscribe
...already added additional content to our website's Privacy Policy and will be linking to it from optin forms.
...will be putting procedures in place in our Infusionsoft app should someone request their data be erased.
...and considering adding check boxes to our forms. (But highly doubt I'll add them just because it seems redundant to what I'm already doing...thus not logical or a good use of my time.)
To be honest, I deplore bureaucracy that wastes people's time.
But a law suit doesn't make me giddy either (and I'm sure it doesn't you as well) so do your due diligence.
I've been preaching double optins, email preferences centers, and list hygiene forever as you know...so if those things are in place, you are already doing 90% of what is considered best practice.
To help you, here are links to a few resources...I suspect that after 10 minutes of reading any of this, you will understand why I rant:
GDPR Readiness Guide
Overview to the New GDPR
Is Your Business Ready for GDPR?
I need a drink now! Just kidding...
I'll be back tomorrow 🙂
[leadpages_leadbox leadbox_id=14555ac46639c5] [/leadpages_leadbox]