877.799.9994   330.666.5164

GDPR, Your Website & Your Company

The penalty for violations is just over $23 million or 4 percent of your global revenue for the year, whichever is higher.

You’ve surely seen a lot more emails coming into both your work and personal email accounts from companies providing you with their updated privacy policies or asking for permission to continue contacting you.

That increase isn’t a fluke or a coincidence – it’s a direct result of the GDPR, the General Data Protection Regulation, which was passed by the European Union in 2016 and goes into effect May 25, 2018.

And, yes, the regulation likely pertains to your company.

And, yes, this is serious business. The penalty for violations is 20 million euros (just over $23 million, based on exchange rates earlier this week) or 4 percent of your global revenue for the year, whichever is higher.

A GDPR Primer

The regulation’s goal is straightforward – to give individuals living with the EU full control over how any of their information is used by any company.

“Any information” literally means any information, including DNA, geographic coordinates, credit cards numbers, addresses, phone numbers and a whole lot more.

“Any company” literally means any company that collects information from individuals within the European Union, even if that company doesn’t have an office or physical presence within the EU.

The GDPR applies equally to B2B manufacturers as it does to major retailers. Even though a manufacturer might only sell to other companies, if it collects an individual’s information at any point in the sales process, the GDPR is still in play.

Which is why the GDPR likely pertains to your company.

Of course, if your business completely totally only operates outside of the EU and would never ever sell anything to (or take the information of) a company or individual within the EU, you can stop reading here.

But do you really want to? While the goal of the GDPR is to protect individuals, the regulation provides a useful road map for companies that want to handle their customers’ data in the most ethical way possible.

GDPR Basics

If you use a good CRM system, your vendor has likely contacted you with updates to the system that will incorporate some of the necessary changes related to the regulation.

If you maintain your own stand-alone email list, you’ll want to check for individuals living within the EU and make sure to remove them if you don’t have their affirmative consent to be contacted by you – just the fact that they called your company once or submitted a contact form at one time no longer counts as consent.

GDPR and Your Website

HTTPS

For a while now, we’ve been talking about the importance of moving every website to https, which provides an extra layer of security for information that’s transmitted via contact forms.

We’ve looked at it largely from an SEO standpoint, but it’s also indirectly related to the GDPR, which requires companies to “implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk.”

And https is really the only way to ensure that level of security on a website.

Privacy Policy

If you don’t have a privacy policy on your website, you’ll want to add one now. It should be in plain, everyday language that covers topics like:

  • What information you collect from website visitors. For most B2B websites, this is generally basic contact information.
  • What you will do with the information.
  • With whom you share the information (including other vendors).
  • Why you collect this kind of data. Typical reasons include:
  • To develop new services or improve your existing services
  • To provide special offers, details on new services or other information that may interest them
  • To invite them to participate in market research
  • How your website uses cookies – for many B2B websites, this is simply to gather aggregate, non-identifying traffic data, using a service like Google Analytics. But your web developer can tell you if your site uses cookies for other tasks.

Forms

Every form on your website now needs to include affirmative consent wording. Here’s an example adopted by one company:

 

 

 

 

The wording needs to be clear and easy-to-understand, and, yes, the GDPR requires that the person confirm his/her age.

Because the GDPR affects people who live within the EU, it’s also necessary to confirm the person’s country of residence. If this seems like a strange field to include on a B2B form, you can add in a note that the information is needed to comply with the GDPR.

Newsletter Sign-ups

These should be treated like contact forms, with clear affirmative consent wording and a field to confirm country of residence and age.

Cookie Notification

Best practices also recommend adding a cookie notification (which you’ve likely already seen on major consumer sites as well as the websites of companies within the EU). It usually reads something like:
 

The link would go to the cookie portion of your privacy policy.

Other GDPR Issues

The regulation covers any way in which you might collect data – including sales and contracts, list purchases, referrals, phone calls and trade shows. Any employee who might collect information from prospects should be trained to ask for country of residence, to request confirmation of age and to explain how your company will use the information the prospect provides. During a face-to-face meeting, your employee should get the person’s signature, along with a checked box confirming consent to contact.

All emails sent to customers and prospects should now include an “unsubscribe from communication” link. Consider including it in the email signature of every employee who might contact prospects or customers who live within the EU.

Documentation is a GDPR requirement. You need to be able to show that each customer or prospect living within the EU has given affirmative consent to be contacted by your company.

Pilot Fish can help get your website in good GDPR shape. Give us a call at 877-799-9994, ext. 2102 to learn more.

Please note: This blog post touches on just the most basic points of GDPR. For a good overview of all things GDPR that might affect your company, read this great article provided by CSO – the “What should my company be doing to prepare for the GDPR?” section toward the bottom of the second page is particularly useful.

European Union Countries
Austria Italy
Belgium Latvia
Bulgaria Lithuania
Croatia Luxembourg
Cyprus Malta
Czech Republic Netherlands
Denmark Poland
Estonia Portugal
Finland Romania
France Slovakia
Germany Slovenia
Greece Spain
Hungary Sweden
Ireland United Kingdom*
*Despite all the Brexit news, the UK is still a member until it officially begins to leave the EU next year.