WBy now, you have become accustomed to a message at the bottom of websites you visit that reads similar to the following:
The message is the result of the General Data Privacy Regulation, or GDPR, put in place by the European Union. You may wonder why the all-American website you are viewing needs to comply with an EU rule: Because it’s the Internet, and folks over in Europe are watching us, buying from us and sometimes even answering our questionnaires.
That last part, in which we gather information about customers and potential customers, is what requires U.S.-based companies to protect themselves from stiff penalties that could result from violating GDPR rules.
And it is what you should consider – even if you work by yourself and don’t intentionally appeal to Europeans.
One more point: The rules set out in the GDPR are intended to improve transparency for consumers. Transparency helps customers understand what you do, and decreases their tendency to think you are somehow deceiving them. In other words, following the general intent of the GDPR guidelines is a good business practice, even if you aren’t bound by the technical rules.
Under GDPR, a business must get permission from website visitors to collect their information. It must also keep that information secure for a required period of time (which may depend on where your business is based), and ensure that any vendors that you share the information with also protect it.
The GDPR will also keep an eye on what kind of information you collect. If you are only asking for name, email and name of business, you will be OK. If you ask questions about religion, spouses and similar personal information, you may be violating the law.
Who needs to worry
Most small businesses probably won’t be targeted by the GDPR rules, which are realistically aimed at multinational corporations and companies doing business within the borders of the European Union.
But you might be surprised when you look at where some of your traffic originates. It’s as easy, of course, for someone in France to access your site as it is for someone in your hometown. You will probably only be notified of a GDPR violation, however, if you collect personal information as you fill your sales funnel, and then find that many of your potential customers are citizens of the EU.
On the other hand, keeping track of your customer information is always a smart idea, whether you sell overseas or not. You are also likely to get more customers, and earn their loyalty, if you are clear about how you handle any information they give you, and that you can keep your promise to safeguard it.
Bingley helps customers build attractive, effective websites. Call us with your questions about whether you need to comply with GDPR or want to improve your customer communication.