The Yeti Guide to GDPR (a basic guide)

As we get closer towards the 25th of May, more and more people will be scrambling to get their heads around GDPR, what exactly is it all about and how is it going to affect their business. If you haven’t heard about GDPR yet, you must have been living in a cave up a snowy mountain this past 12 months! 😉

In this blog post we will cover briefly what is GDPR and the kind of things you will need to do with your business and website to meet the new GDPR legislation, we also need to state that we are not lawyers or legal experts in any way shape or form and this is not legal advice, we can not, and will not be held responsible for any misinterpretation of any information in this blog post on this subject, we are simply here to give you some food for thought and to help guide you on the path to GDPR compliance. We will be discussing the points that affect the majority of our client’s businesses and websites, and what you need to consider if you use your website to generate business through sales funnels and lead magnets etc.

In a nutshell, GDPR is here to protect visitors and users of your website/business with their information, and that you have concent for sending out marketing and sales emails or communications to them. You also need to be clear as to what you do with client information, how you store this information and how long you are going to keep this information for.

There are lots of misguiding information out there from many different “experts” or just people with their take or opinion on the matter. A great source of  impartial information can be found in a GDPR facebook group that is run by Business Law expert Suzanne Dibble, the Facebook group is a closed group but once you been accepted you will find lots of videos created by Suzanne that try to break down the mumbo jumbo of the legal legislation, and try’s to explain in plain English what GDPR means and how it will affect your business. You can also find some of these videos on Susanne’s youtube page

In this blog post, we will cover some of the points that you will need to be GDPR compliant with your website. As we have mentioned you can find more in-depth information in the links above to make sure you are going about GDPR in the right way.

1. If you have newsletter signups, sales funnels or store email information via your contact page for marketing purposes, you need to be clear in letting the user know what you are going to be doing with that information at the point of sign-up. If you are using it for multiple things like newsletters, sales emails and informing people about your latest offers or products, this needs to be stated at the point of sign-up. You will also have to have a tick box (ideally for each option if you have many) that allows the user to give consent to you holding their info and using it for those purposes.
2. If you use Google analytics on your website or other similar software that gathers visitors IP addresses, then you have to give notice of this in your privacy policy. Also, an on-screen notification telling your visitor that you use cookies on your site with a link to the section of the privacy policy that this is shown in, as peoples IP addresses are now classed as an identifiable piece of data under GDPR,  just as much as a name or email address is.
3. If you already have an email list that you send out promotions and offers to, then it’s more than likely you need to get all your subscribers to re-consent to you using this information. It is also stated that you may need to do this every 2 years to make sure that people still want you to send them sales emails. There are believed to be some exemptions to this rule of re-consent ( if you have already been upfront and honest at the point of sign up in a GDPR compliant way, and can prove this!) with old or current email lists, but you can find out more information on Suzanne Dibble’s closed Facebook group.
4. If you can answer yes to any of the above points then you will need a new GDPR compliant privacy policy, and don’t go looking at what other peoples privacy policy states, everyone is different in what they do with the information. They may have also been lazy and pinched it from some other website too, which you could also get into hot water for!

So there you have it, there is much more to GDPR than the points we have covered in this short blog post, Such as where you are storing the data, what types of sensitive data you are collecting. even if you have names and personal data in a filing cabinet in your office, it’s all covered in the new GDPR legislation. It’s all about being clear, honest and transparent with what you are doing with information gathered, and that you are being responsible with it!

Take a look at the links we have left in this post or investigate further yourself, it all kicks off on the 25th of May, which is not far away!

All the best and good luck.