(If you’re a Resource Library member, login to skip straight to the checklist download. If you’re not, keep reading to snag it!)

May 25 is the big day: the day that GDPR goes into effect. And everyone and their mother has been emailing you about it, right? So annoying.

But we’ve had some interesting discussion about GDPR over in our Facebook group and realized that lots of folks aren’t exactly crystal clear about what GDPR is, who it affects, and why it’s a big deal. So, today, we’re clearing that up. Grab a big ole glass of wine or hunk of chocolate and let’s lift the fog:

What is GDPR?

Simply put, GDPR is the General Data Protection Regulation – (EU) 2016/679. It’s a game-changer for individual data and privacy on the web, and it protects folks who live in the EU. It mandates that people in the EU have a right to know what data is being collected about them, how that data is being used, knowledge of what specific data someone else has, and the choice to have it deleted, pronto. Whether or not you actually live in the EU doesn’t mean that it has nothing to do with you.

Who does GDPR affect?

While GDPR only protects the data of EU peeps, it can affect you and your little biz, no matter where you live. If you accept orders from the EU, you have to get down and dirty with GDPR. If you let people subscribe to your newsletter from the EU, you need to bring your biz up to snuff with GDPR. If you let folks from the EU leave comments on your blog… yup, you gotta get with the GDPR. Heck, if someone from the EU hits up your website and you use any kind of analytic software (just about any website), GDPR is going on your To-Do list.

The internet is a fabulous place because it breaks down the borders between us and lets us all jam together in one happy family. But that also means it’s incredibly hard to rope yourself off from people based on where they live, so you have two options:

  • Go to great lengths to prevent people from the EU from interacting with you, visiting your website, or talking to your biz
  • Go to (seemingly) great lengths to comply with GDPR

Lots of folks have been making GDPR compliance into a big ass deal by pointing out that fines are up to €20 million or 4% of your revenue from the last fiscal year (whichever is higher!) Even though GDPR officially kicks in today, don’t panic. Typically, with new regulations, they look to the big dogs first and then start to turn their eyes towards the little folks. And on top of that, GDPR (like any other sweeping regulation) will look to education, awareness, and warnings before it hands you a giant bill.

Why is GDPR a big deal?

If by some miracle your business is not affected by GDPR, you should still take notice. Now that GDPR has gone live, other countries will likely turn their sights to getting similar regulations put in place. So, it’s always a good idea to do what you can to get started now – that way, when your country models new legislation off GDPR, you’ll be ready. Getting compliant with GDPR will be one less thing on your list for the future!

If you choose not to tackle GDPR, that’s totally your prerogative. But be aware that website platforms and hosts, email newsletter services, and other tools you use might decide you’re too big of a liability to keep on board. (They’ve gotta comply, too!)

How do I get started?

Chances are you’ll need to:

  • Update your privacy policy as GDPR requires it to be easy to read and understand, as well as disclosing all the data you collect, why you have it, and how long you keep it. (Here’s our newly updated privacy policy that is compliant with GDPR.)
  • Notify your peeps that you’ve updated your privacy policy. (Like we just did!)
  • Verify that you have received consent from your email subscribers, commenters, and customers. (You should be able to verify the date, time, and method that you received consent to collect data.)
  • Allow EU peeps to find out what data you have, as well as request changes or deletion. (This GDPR form service can help you.)
  • Create a plan of action that notifies relevant authorities and customers of data breaches. (If someone hacks your website or steals your email list, you’ll know what to do.)
  • And a handful of other things…

To make this easy as can be, I’ve created a GDPR Compliance Checklist as a bonus for our email newsletter subscribers. If you want to snag this exclusive download for our Tribe, we need to make sure you still want to receive emails from us:

I want to receive weekly value-filled emails and get the GDPR checklist, too!

When you click that link and sign up for our weekly newsletter, you’ll receive the checklist straight into your inbox as a bonus for being apart of our little secret email club.

Here at Modern Soapmaking, we’re enacting explicit consent (instead of implicit consent) for all subscribers (not just those in the EU) to prepare for the future.

I’ve also bundled up some GDPR documentation like a Data Map template, Privacy Policy template, and Security Checklist for Resource Library members. These templates will make GDPR compliance a cakewalk for you and your biz. (Cuz we all know, no one has time for this nonsense!)

If you want to snag those quickstart resources, join our biz-boosting Resource Library right now. You’ll find tons of other templates and guides in there to help build your biz, too.

In the meantime, remember how I said, don’t panic. I mean it. Being a biz owner is full of twists and turns, how you handle them is your choice. Keep your head on straight and make a move. That’s how you win. 😉

** We’re not legal professionals, and you should definitely talk to one about your specific situation and compliance with GDPR.**

GDPR Compliance Checklist

Topics: Regulations, Websites
Resource Level: Beginner
Resource Type: PDF