GDPR: What is it and how does it affect my small business?

GDPR: What is it and how does it affect my small business?

Show Video

Hey. You guys what's. Up it's Stephanie, Mayo and welcome, to, another episode of, the lights camera, live for those of you that, are joining us go ahead and leave a comment let me know where you're tuning in from I'm here in San Diego if you're watching the replay go ahead and leave a comment hashtag, replay, today. We're gonna be talking about gdpr, if, you don't know what the heck that means and, this is episode for you because if you're a small business owner this is definitely something that you want to pay attention to, alright, cool so I'm gonna go ahead and switch the screen and I'm gonna show you behind who's, behind door number two boom. Mic Alton. Yeah. All right we ready to do this we are it's, like magic, I love, you can you're using you can see right yeah. Although obviously I'm on skype, now I'm. Like I'm like old school I don't. Get to have all the fun stuff if I'm the guest. I'm. Using the mixer right now. Please. If, you're watching tell me this sounds good cousins, sake I spent a lot of money in this mixer and it hasn't been working out too. Well for me so, say. Hey Mike yeah that sounds good. It. Sounds like rubbish you need to send it back well hey Mitch is here so Mitch if if Mike's if. Mike's mic is not working please let him know will. Cry him a little river for a little second then he needs to get back on the show to talk to us about gdpr so, having. Said that what's. Up Mitch Jackson, so awesome, to have you here we also have Brenda. Charlene, Krisha, Chris show you girl you've been like everywhere you were really watching, the last live stream I love it diggin it alright cool um so, today you guys are gonna break up. We. Are going to talk about gdpr. I'm. Had way too much coffee because I was with UV just like 15 minutes ago. Right. Um, but. Honestly. You guys today we're gonna be talking about gdpr, and why it's, important, for you to pay attention, right because. It does affect any, of you guys that have been using freebies, and lead magnets, and whatnot to grow your email list right, mm-hmm. So Mike Alton is gonna show us how we, can go ahead and comply with the gdpr, right. And what happens if you don't make it. With this month. So. Having said that let's go ahead and dive right in because this, is one of those things where the deadline is tomorrow, yeah. Okay. Cool all, right so first off Mike break it down what the heck is gdpr, yeah. And, before. We even start I'm gonna do exactly what what Mitch and his pal joy did which, is to give you the big fat legal disclaimer oh we, are not lawyers we. Are not even gdpr experts, so. I would, consider us. To be informed, right. We've done our homework we've done the reading we've. Studied you, know some of us have studied more than others just saying. But. Yeah this what we're trying to do is is help each other help you guys sort, through all this stuff there's a lot of terminology. A, lot of confusing stuff that's going on there's deadlines and there's scary things like that and I'm hoping, that between the two of us we can go through this quickly and make this as easy as possible if, you'd at least understand. The, basic, ramifications. The basic things that are being talked about what, gdb are so that by the end of this hour, either. You're gonna feel like you got this and you're, good or, you're gonna feel like you need more help and that's where you want to connect step I talk to somebody like Mitch who's, in the audience he's an attorney, so. That's what you want to talk to when you want actually advice, there are organizations. Out there. Particularly. If you're doing business in the EU there, are you. Organizations. That you can talk to that understand. Why. The EU rights the things that they write in the way that they write them in their law so this. Is just to help you this isn't to give you specific. Legal advice so. There's my disclaimer. That will prevent any of you from coming to me late and saying well you told me to do it this way.

We're. Not gonna go there so, I'm. Gonna do this Will Smith's down say. General. Data protection, regulation. Let's break that down one, word at. A time. General. Everybody. This. Applies, to everybody. This is an EU law but it applies to, the, entire. And we're gonna get into that little moment but that's what general, means it's not just for the, Germans, or the, Italians oh it's, everybody. Second. Word data. This. Is what tricks a lot of people up the word data means. Anything. That's personally. Identifiable, to, an. Individual. Their, name their. Email address. The. Credit card information their, physical, address, any, other kind of specific information that, you can tie to that individual, person, for. Something that might be health-related information. You. Know other kinds of finance information personal. Stuff, that you might ask in a form anything. That's. Personal that individual, that's data and if you're collecting, that kind of data and you're, potentially collecting it from somebody who is in, the EU you. Need to pay attention the rest of this talk. He. Just took a sip of his coffee because, he's like we're about to get into it mm-hmm. So. Then. They're, word protection. This. Is about protecting, people. It's, not about hurting businesses, although to an extent it's about hurting businesses that's spam which is why everything gets ruined I mean we like to say we joke all the time marketers, ruin everything right, this. Is what has happened over, the years businesses. Have taken advantage of people taking advantage of the ease at which they could get data, from individuals, and then use that data in all kinds of wonderful ways and not so wonderful ways and so, people. In Europe governments, in Europe are trying to help the. Individual. Consumers, keep. Their information as, private, as possible, and, to understand, how the businesses. That they work with are gonna use that information and again we're gonna go into in more detail on all these different things but, the last word fourth word regulation. And this, is actually a really important, word in, the, European, Union which is a collection, of countries they. Have directives. And they. Have regulations. Directives. And, some. Of you might, actually be familiar with a couple of these the cookie directive, and then. There was another directive, even or older than that, those. Are like guidelines to. To, quote Pirates of the Caribbean the more like guidelines really, there, were suggestions from. The EU, governing. Body to the individual, EU states saying, you know we really want you we even think you should we really appreciate, it if, you. Created. A law, inside. Your states they're. Protected, your, own states, citizens, against. Say cookies, all. Right so now your if you're if you're advertising, or. If you, people are coming to your website you're, supposed to have a little banner that, notifies them that you're collecting cookies and you. Know you're creating a cookie for them and you're collecting data and what you're going to do that for so. The, regulation. Is. Different, a regulation. Is an actual, law. That. Wipes. Out shouldn't. Say wiped out it applies, to, every. State in the EU and to those of it like in the United States for like okay, what's the difference well the difference is between a state, law and a federal law, here. In the US we have individual. States and some. Of them have laws, that. Are the same as other states and some of them have laws that are different, than other states for instance whether, or not you can carry a gun around. And. Have, it concealed, or not, there's, different laws in different states and if you are going to participate or, use a gun or carry a gun in one state or another you'd, have to be familiar with those laws in order to do that whereas we also have federal laws that apply across the board and the states don't get any say yeah how that works so, it's the same thing in the EU this, is a regulation GDP, ours of regulations, a law that applies to the entire European.

Union, No. Matter what the states say and by the way it also includes, Britain, because. The. Law the, regulation, was passed in 2016. Before, brexit. Hmm. So, they're part of this. Mike. Alton is dropping in geography. Normandin. And what, no the record we're not gonna do history. Very. Cool alright so for those of you guys that are just, tuning in we are talking about gdpr and how it's going to apply to you and your business. Might. Just Mike just basically. Dropped it down to let you guys know what it pretty, much stands for and how, it's not just its, even, though it's happening in the European Union it's still it's still gonna apply to you so definitely, pay attention and if you haven't already get, your notebook out start. Writing stuff down if you have any questions by all means drop. Them in the comments oh my god seriously. I have a notebook these are my notes I have GDP on my pages, of notes. Myself, cuz. I. Gotta, know this stuff and yeah yeah it's. The Dark Lord what can I say. Okay. Cool, so having said that again if you guys have any questions by all means in. The comments, because I'll be monitoring them I'll. Obviously be switching the camera to between myself and like so I'm, just going through this stuff right so, cool we talked about what GDP, our GDP. Are is can we just think good Brewer. Gerber. Um. So. Why do business, not in the EU, need, to think about GDP, are like, why should I care yeah. And that's that's, really the crux of it I think or at least where most people need to start is why should you care my business is here in the US I'm in st. Louis Missouri you're, in San Diego California why. Do we care. It's. Complicated. It's. Complicated so. It, starts, with first. Understanding. Whether or not you, have you customers, like actual paying customers right because that's that's gonna impact. You in that way and also starts with understanding whether or not you, have people coming to your. Your online site and maybe subscribing.

In. The EU but at the crux of it it's do. You have or do you have the potential, to. Receive, that, personal, data that we talked about a second ago from. An EU citizen because or, even really anybody who's actually in the EU or they don't be sitting there just physically, in, an EU country which is weird, to me but okay, if. You, have that potential or if you have it existing, that, data. Then. You, need to be in compliance with, GD P R, because. It. Applies, to you, they. Want anybody. In the world who is taking, their citizens, and their their, users, and their residents information. They, want them to be compliant then one thing to be, explicit. About what they're taking. What, what data they're collecting how. They're storing it how they're using it so that their citizens know. And as. Businesses. Outside. Of the EU. There's. Still the potential, there that we, could be participating. In that process, and, collecting, that information and, so, you're. Going to want to be, compliant. It's. A matter though of, determining. What, risk. What amount of risk you're, willing to accept. Because. Full-on, compliance. Frankly, is something that not everybody's gonna be able to do full. On compliance, would. Mean for instance having. A representative in, the EU someone. Who actually literally. Lives and works in EU, representing. Your business so I'd have to have somebody from the social media hats as an. EU representative, I'd have to pay them to, be my eyes. And ears, to be my contact, if a, member state of the EU when. They get in touch with my business. That's. Just because I could. Potentially have somebody from the EU coming. To my site and signing up for one of my services, or maybe even hiring me I do, business around the world not that much in the EU but it can happen. But. I'm not gonna do that I just I'm not I'm gonna tell you right here on video I am NOT gonna hire somebody to sit in the EU and be my quote-unquote representative. What. If I just said like hey Mike I'll say in the EU for you like would that be cool I. Will. Totally. Send. You Starbucks gift card and we're good. Yeah. So there's. Those kinds of considerations there's, my, cameras like see. That works alright, there's. There's there's all these little details and nuance that you. Could do if you wanted to be fully compliant in the, larger, business, the. More widespread your, exposure, to. European Union, people, is, the. More risk you are at. Of. Falling. Against. The gdpr get, upper and. Therefore. The more attention, you're gonna want to pay too you. Know these different things that that you could potentially want to do. Got. It okay, so what, happens if I, what. If I what if, I'm like Mary I'm just getting married, what. If I'm a small business owner I'm just like you know I'm just not gonna pay attention to this right, now because life is happening and I don't have time for this what what are the potential, risks, that may happen. There's. Several, risks, so at, a very very, broad high, level, you. Risk. Offending. Upsetting. Turning. Off. People. In the EU who. Have come, to you they've, given you their information and. They. Realize. Somehow. That, you aren't compliance. Maybe, they. Sign up to get an ebook and, after. You email them the ebook you, start emailing them newsletters. Which. They did not agree to receive, and we're gonna get into this in a second what, this all means but you do something like that or maybe. Somebody. Breaks into your office and steals your computer and. You. Don't let your context know why, would you write but. You complain about on Facebook because like dammit my computer's, go and all my stuff's on there and then, one, of these EU people that knows they're on your list that knows you have the information that says wait what a minute you. Didn't tell me that somebody, took your computer with, my information, on it when, we see this with big corporations right, we see this with the credits and. Equifax. I think yeah Equifax, had a data breach Yahoo the data breach they're, obligated to, tell people right. Well according. To the GDP are you. Are not obligated to tell people as well if you have that kind of a breach whether, it's physical. You know somebody steals your stuff or somebody, hacks into your website or some service or or your app if you have an app of some, kind so, those are data breaches and you're not obligated to do that and if you don't.

Somebody. Could complain well. The second. Issue comes in yeah well. I was just gonna say like how many of you guys that are watching right now do have freebies, and leave magnets on your website like I know I do I like all these different entry, points of, here's. The Facebook, live workbook here's the Facebook, group right, if. You guys have, any lead magnets just go ahead and be like yeah that's me, just. Just so we know like how many people this is going to impact potentially. Bad. Go ahead yeah. So then that's, that's basically a breach of trust right, when you fail to do something that that gdpr, says you should be doing and somebody. Knew you figures it out. They're. Gonna be upset with you maybe, that's all it is maybe that's just one upset person but. If they complain, to. The EU governing, body and. The. EU governing body says yeah Stephanie, you're not in compliance, so. We. Don't know yet exactly, what that's gonna look like we don't know how it's gonna be enforced and again this is where part of that you know understanding, your risk and understand how much risk you're willing to accept comes. In but, the GD P R is very clear, that, if. A company is found to be in violation of, the GD P are they. Could be fined up to, four percent of, your annual revenue, or. 20. Million euros, whichever. Is greater. So. For. Those of you who aren't making a lot of money in your in your little side hustle there you thought out four percent whatever that's like, 40 bucks for me right, but no. No no no they. Could be finding you quite a bit more now it is, they. Can tear it that's not every single find every single violation, you've, got a form, without an opt-in and then they're gonna find, you 20 million euros probably, not they. Can decide, the severity, of it if it's a breach like, on the level of a you. Know expedient, or, whatever I sent that expedient. Equifax. Sorry. Don't want to scare the people at expedient. If. It's a breach at that level then yeah I mean the massive amount of fines that they can levy you know for something else there's probably a lot less but we just don't know yeah, and we don't know how. They're gonna sort that out I mean they don't have as. Mari said in her broadcast yesterday is no GDP our police we're, waiting, to pounce on people around the world when, they're not in compliant, that doesn't exist they're. Gonna have to sort that out they're in the process of sorting that out which. Is also to saying that technically, speaking if you're not fully compliant by tomorrow, there's. Nobody that's gonna be outside, your door Saturday, morning, with. Some kind of a subpoena attached, to a fine it doesn't exist yet don't. Panic honestly I just feel like there's a like I know when I first signed up for my LLC, right and I got like my registered. Trademark, and whatnot I got like a bunch of, fake. Spam. Letters. That would say like oh you, didn't post your your, hourly, wage stuff in your break room so we're going to find you and blah blah blah I just imagined that there's maybe a bunch of bad, actors, out there they're. Gonna say hey your website is not gdpr, compliant. No, no no no you, get fined, so for those of you guys I mean this is this is a really good episode because, we're gonna talk about like, things, that you should do next in your business, that way you don't get duped. By it by those people but, go ahead what were you going to say again, that. There's. A third. Component. Here. In terms of you, know what's gonna happen to me if I, don't comply, you know there was there was your breach of user trust yeah which. Could potentially be a big deal I mean because people could start tweeting about it and and all that kind of stuff you know there's the potential for fines, we.

Don't Know what that looks like we don't know if they're even gonna be able to find anybody out of the E or the the US government say no, way we're not gonna cooperate and. With, Congress. Today who knows if. They're even understanding. What gdpr means maybe they should be watching this video well, I mean, based off of the Facebook, Congress testimony I know what I'm saying they're like is. That a serial what does GDP are is it, I. Like to can't comment ken ken was saying that the GDP are and might be was gonna stop by your house and you're like. Yes. That's, exactly what it's gonna be that yeah well Smith see. But. The third thing and, here's the bigger issue. It's. A forward-thinking issue suppose. You. Decide in, five, years. That, you want to take your game to a global level and you really, want to start marketing, in the, eu-us art helping big, big brands and organizations in, the EU with. Their Facebook advertising, in their Facebook lives and that sort of thing at. That point you're going to have to be complied you're going to have to have a representative, you're gonna have to have a data processing, officer, those. Are requirements of doing business in the EU. Wait. I was about to take a sip of my coffee and then you said something that I was just like oh snap, say that again, if. You decide you want to do business in the EU well. Whether it's right now or five years from now there. Are certain things that you're going to have to do you're gonna have to have that you representative, that we talked about before you're. Probably gonna have to hire a data processing. Officer. Who, works for you and as your representative but. These. Are all requirements that most, of you listening right now aren't. Worried about the point is. Five. Years from now you decide, that you're gonna do this it's a hypothetical so, five years you decide okay I'm gonna make this step I'm gonna hire some people in the EU and I start marketing myself all over the EU, here's. The problem what if. In. A year from now you. Were, cited by the EU governing organization because, you were not in compliant with the gdpr and. Then. Five years from now you now want to do business in the in the EU they've. Got you on record as not being compliant with the GDP are how. Likely are you to be approved for any kind of approvals, that are required to do business in the EU if they already know that you, aren't doing what you are supposed to be doing and you've been doing it for years. So. I'm gonna jump in real quick because yeah like, even someone like me like I have students, that have taken the lights camera life course and they're in the EU right. Are. You now saying I need representation, in the EU, no. In. Your, example, yeah, we're talking about very, very few people okay. Right. We're. Really in. In this example because I, don't. Mean to sound trite but yours. Is a small to medium business okay, your business is not the size of business that, we believe. The EU is going to be truly concerned about and even if it is your, the jet you're actually, helping people people are happy, to pay you for, what you do because you do an amazing job and they're.

Not Complaining, you're not abusing. The data that they give you or, any of those things. But. Other. Businesses, are. Larger, other, businesses, have a lot more holes, in terms. Of the. Kind of data that they're collecting and. What they're doing with that data and how they're securing, that data so, for instance one of the stipulations that gdpr is that you're not allowed to, collect, data unless you actually need it. Right. So on my signup form, I can't, ask people for what city they're from unless. I have a legitimate need to know that particular information if I'm just asking. If I just need their email address to send them, an. E-book yeah and their name so that I can refer to them I'm not allowed to ask, those. Other questions. At. Least I have to I have what I have to do is I have to say this is why I need that information and you have to know that I'm collecting that information and what I'm gonna use it for and how I'm gonna keep it secure and all these are the stipulations, so those. Are the things that we need to be doing we're. Gonna get all that we're gonna go into more detail all those things in just a second but, the point I'm trying to make is, in terms of you, know should I be worried about gdpr, the. Answer is yes if you have aspirations, for. Doing a lot more work in the EU down. The road then, make sure that your business is compliant, today frankly. You don't piss off people. You. Know government regulators, in the EU today, and make it harder for yourself in the future got, it okay, cool, all, right I was. Like my brain is all thinking now like this is this is honestly you guys I'm probably not gonna be talking a lot cuz in my brain I'm just like oh my god I need to write that down I. Need. A time stamp this okay. So. Where. Do businesses, start then how do I like, what do I need to start focusing on, today. Glad. You asked because there are three, things three big things that we need to figure out hold up I need I need notebook, yep. The notebook. Okay. I'm. Calling these the big three the big cool. This is for like, every, business. This big three is for every business now. Larger. Businesses, enterprise level businesses, you guys well. Frankly if you're watching this show you, needed have been worried about this three months ago because you got a lot to do and, you need to hire people you need to hire a consultant probably. Have full-time staff devoted to this because bigger. Businesses. Are collecting, information from a lot of different places it's, storing, in a lot of different places you've, got spreadsheets, you've got crms, you've got, sales. Databases, and, you've, got roaming, sales, reps with their laptops, and you've got all this stuff to figure out most. Of us don't have that right most of us watching this I'm pretty sure today solopreneurs. Small businesses, so it's it's it's a lot easier for us so number. One okay and, i'm, calling this determine, consent. Consent. Is one of the words that we didn't talk about any to go back to my might the rest of my notes because I have, terminology. That we're going to talk about consent. Is a big, big word in the GDP our consent. Is this. Idea, that as somebody. Who has given you information I know. Exactly. What, information I gave you. Why. You needed, it what, you're gonna do with it and how, you're keeping it how you're storing it how you're keeping it secure.

So. That means, it's, not enough to, just say. Here. Give me your email address I'm gonna send you my facebook hacks. And tips that's one of the resources that I get people on my site, this is ebook and it's it's great people love it and it's it takes them through all these hacks and tips and, I. Just say here, here's. This resource, I'm gonna email to you I don't. Tell, them that. After. They get that they're. Gonna be on my general, email list that they're gonna get blog post notifications, from me that they might get sales offers, they might get event notifications, like, this one that. Was always understood this. Is the sustainer practice, for for online businesses, and online marketers, you have lead magnets, which, bring the leads in you magnetize, them and bring them in. I. Just. Imagine like this big old magnet. Yeah. Well. Okay. But. Now, with, the GDP our that's, not good enough in fact it's not even good enough to say on your, form run your opt-in that, you. Know we're gonna email this to you and oh and by the way you'll also then get our newsletters, and all that kind of stuff that's, not good enough. People. Who sign up for your list they have the, right now, according, to the GD P R so this only applies to the EU, people. Are in the u they have the right to. Only get, what you're offering and. Not have to get anything else, yeah. Okay so I saw that because before, even, this this, interview, I hopped into my convertkit and they had this little, they. Had this little banner at the top that was saying hey like we, are gonna make sure that it's gonna be easier, for you to find out if people subscribing, to your list are are. From the EU and like they made it where it's a checkbox to say yes. I'm getting this free read but then yes I also want. Promotional. Emails, and, all that other stuff and I thought that was kind of cool to have an email, service provider that was like cool we got you this is how we do it boom yeah, nice. Okay. So. The. Question then becomes. You. Ever done that you. Ever had a forum on your site that people, could subscribe, for, one thing and now, you're using their, information in other ways that, they didn't expressly. Consent. To, be used in that way yeah. I, see and that's like that was the other conversation, that you and I were talking about was. Even. Doing Facebook ads for clients, right usually. Standard, practice, would be hey, give me your email list so I could create a custom audience from your. List of subscribers and, if your client doesn't have that, in their privacy policy of, like by you signing up for this we, also mean use your data for for Facebook ads. Yeah. That's, exactly right so now I'm seeing like, MailChimp and convertkit, most, of these are are giving, their, users, a set. Of check boxes this. Is the easiest, way to do it is to, have a set, boxes, anytime. You're offering somebody, are allowing somebody to sign up contact. You provide. You with that information provide you with an email address or more have. Chat boxes that say would. You also like to receive or is it okay if we also send you whatever language you want to use checkboxes, that say things like marketing materials, promotional, offers and customized. Digital, advertising. Those. Checkboxes have. To be unchecked. They. Cannot, be checked by default this is not an opt-out. Scenario. They, have to opt in to those things which means that they do not opt in to customized. Online advertising. Then, you can't serve them things like retargeting. At Facebook, ads. Okay. That's. The big first thing that's the big first question, if. You. In the audience you're sitting and thinking that. Doesn't apply to me i I've. Never I. Don't do email marketing well I'm, sorry. You. Know I've never collected email addresses like that you know or maybe maybe.

Your Form has pretty much always been in compliance. Aight, is subscribe. To website updates, and it's, very clear that the only thing that they're going to get from you and the only thing that they do get from you is an. Update from your website yeah, you're. Fine, yeah. That was the part that i was so happy about with my convert okay cuz i was like oh i like properly. Named my. Forms, i was like oh yeah, gosh, i was like good job stuff, good job i. Was. Like okay cool there's one where it just says like give me updates and I was like that's good. But. Then you and I we're also talking, about chatbots, because some people are using chat bots to collect data and notify, people via facebook. Messenger. So. Is that the same thing now where because. Like people, can watch like a Facebook live episode I'll say leave the comment subscribe and by leaving that comment your subscribing, to an episode which by the way I did not hook up for this one so don't don't, do that. But. That's them opting it for me to only tell them about when. A new episode goes on air, so, like let's say I have, one of my chat, bot subscribers, from the EU and. They. Only opted, in to get updates. Of when I go live that also means that I can't, sneak. In there and like try to put them into a sequence or a funnel is that right that's, exactly right if, the language of the chat bot says, they're. Subscribing. To be. Notified, when. You go live, that's. The only thing you're allowed to, do, for them so. Again it goes back to language now depending. On the chat bot and how you're setting it up you know what you're talking about is theirs. They're giving you their email right. Some people use chat BOTS to create. A, private. Message using, facebook Messenger you got nothing to worry about there because you're still within the Facebook environment. And it's, Facebook's, agreement, with their users, that, have you covered. Inside. Of Facebook right so let's say, like. And repeats a great example right you go to and repeats Facebook page, you. Can you can you can message them and have, conversations, with their messenger, and you can you can do things like have their messaging, BOTS, automatically. Let you know whenever they have new videos. They. You don't have to do, anything special, there. Because that's all within the Facebook environment. I have a Facebook user engaging. With other Facebook users or Facebook pages and anything. That I choose to do that's. Covered, within Facebook's. Terms. Of Use in Facebook's, data privacy, statements, and policy policy privacy policies and.

So On it's only when you're collecting that information and taking it elsewhere. Right. Like collecting an email address and adding it to your subscriber. List that's. When now you need to be hyper aware of what. You're collecting why, you're doing it have, you asked for express, permission and, have they given it to you so how are people supposed, to like keep track of that. Well. That's where it gets more complex, the larger your organization, is and the longer you've been doing it and the different ways that you've been doing it. I'm, a good example in this regard I have. About a dozen different. Opt-ins. On my sites about, a dozen different ways that people can sign up to get an e-book or content. Upgrade or worksheets, or a resource, or a digital download of some kind they're, all a little bit different and so. At. Some. Point I'm gonna have to go through and edit each one of those and, make. Sure that the opt-in, is very clear that in, addition, to that I want. To send you other marketing. Offers and I'm gonna have to sell people on that so that they check the, buttons until. Then. I don't, have time to do that right now I'm busy doing live video, so. What. I've done is I've gone into my email service, and my pop-up provider I happen to use wishpond they. All pretty, much these days offer this kind of deal where you can go in and you, can exclude, the, EU, from seeing those, campaigns. You. Can't sit here because, you're, too freakin high-maintenance I. Knew. Like, Mike. Alton and I have like Mean. Girls jokes just like running. All the time but yeah. If you don't wear pink on Wednesdays you can't sit here you can't be on my email list. Really. Rule full-stop. Yeah. So to buy myself some time yeah, I just shut that off and it's pretty cool within wish pond because there's a crush, the board setting I can just say no no. No. EU for you. As. I edit each campaign, I can turn that back on like the first thing I've edited is my general, newsletter, I've got a newsletter subscription, page I link, to it all over the place if somebody just wants to know when. I've got a new blog post or when I've got a new event they can sign up for my newsletter it's, very, straight forward I don't have to put all kinds of extra checkboxes there I updated. That page and, that signup form and then I turned it on so now if you're watching in the EU please. Join. My newsletter community. You're welcome you're. Welcome. No. But. You can have my news though you can stay on that side. That. You can do is. Go. Through those forms, like. The. Before. You do that and the, second of the big three, things to. Do it's you've. Got to update your privacy policy yep.

Which. For some of you means you have to have a. Privacy. Policy. Maybe. Don't have a privacy, policy but you're gonna have one now yeah, I felt like when. I first started my business I, was very fortunate that like in. My mastermind, I had a friend who had a cousin that is a lawyer that she's super kick-ass she's like these are all the things that you need and also really, I need like a policy. And yeah yeah, so. That was just like okay cool got that good but. When you say that you have to update your privacy policy for, gdpr is it to say, specifically. How you're going to use that data and all, that good stuff well kids. Let's open our hymnals. Page. 18. Where. I read you everything, that your data your privacy policy now, must include this isn't the actual language. For. Those of you who want to save you some time and make this as easy on yourselves as possible, just, Google GDP. Our data privacy. Generator. Example. Sample, template, there's there's lots of places out there that you can go to again. If you are a big big business don't. Do this talk. To a data, privacy. Specialist. Talk to a data privacy attorney, enjoy, of Italian, hello. Prett. And correct, for your business but for most of us honestly, this, is fine you because, I went I went to a service this week and I. Basically, said okay I'm using these third-party apps like Google Analytics, and I'm. A small business here's my business name and I turned out to the language that I need the language that you need it's. Got a cover like, you said the specif it's gonna, specify. The type of data that you, are collecting in, my case it was always first name last name email address does the only data that I collect, on, my website. Your website might be different a Mitch. You know Mitch and Joey did it their video last week and. Now, Mitch. On his contact, form now, asks, for your country of origin and if it's in the United States he might even ask for your address which. Means in Mitch's, data policy, he's. Gotta say that he asks for that information so you're saying just copy and paste Mitch's no I'm just kidding. You. Got an outline what, are you gonna do with that data Wow what, are you using it for is. It just to contact. You, know people and keep them in touch him and for. Most of us it's going the, answer is going to be to. Deliver the services, that they asked for. Like. An SNL, skit like, I should, dress up like a wanker. Like an email pop didn't be like hey, you, want this free weed and then, you're you're sitting there at the keyboard like, but. What are you gonna do my data like. What. Do you need that for. We. Need to get Owen on this Owen is totally gonna act it out if I came in Judge Judy like by all means. I. Am. An influencer in a thought leader you. Are just going to give me all of your data.

I'm. Telling, you it'd be really funny if it's like remember the old school. Apple. Versus Mac, commercials. It'll. Be due to your complaint, okay we're totally off topic I'm, second. Cup of coffee not a good idea but all right go for it well. You know we. Talked before we went live we don't want to be, scary. We don't want to be tall, and erm about this cuz it's serious but at the same time I mean look, we're talking - it's. Gonna. Be. Okay. Like site Trekkie one more time yet did, you ever see this one viral, article or, this guy created, this landing page and it, just says like hey give me your email address right, that's like what and you keep scrolling I was like no really can I have your email address and then, they kept going down he's like no seriously come on just give me your email address and I'll get out of your hair and I was like that feels like, a single freaking marketer like when you hit their lettuce I'd give me your email address and now if, you and I were to do this skip I just give me an email address because this is women to do with it I'm gonna open up like alone. I'm. Gonna keep it private I promise all, right. Get, back to seriousness I know that one like number two good, that's all right yes so, you. Have to indicate where the data is stored now that's only applicable. If you are personally storing data. I'm using wish pom which means I'm using a third party service using, your using convertkit, you're using a third, party service and one of the cool things here is, that you get to just say hey go, look at their day surprise, their. Their privacy policy if, you really want to know more because. They're the ones who are actually having to secure that data, but. What about from the Facebook advertising piece, because like what we said is, when, clients send me their email list and then I make a customized, I now have I, have. That, data what. Huh. I love, this question let's circle back to a putz. It's. Your client, who. Would have to have something, of that effect in, their, privacy, policy. Okay. So. We're going to come back to them, in. Fact the next point is who will access it so they would have to say we, may use your information for. Customized, online advertising, and we may provide that with our third party consultants, and vendors and, tools, like at espresso, and. Facebook, and Google AdWords or whatever the case might be to. Serve. You those ads okay. You, need to talk about what security measures you might be taking and again most. Of this is for people who actually personally. Have that data themselves, in, their own systems, their own servers, in their own spreadsheets, and so on if like, me it's really all third party stuff Google Analytics Disqus. I had I put discus because I people, can leave comments on my, site and that counts, okay. Commenting systems and, then the last big thing is contact, info you have to have up-to-date, contact, info, for. People who have questions for. People who want, to change their data for people who want to have access, to the data which brings me to. The, other requirements. And I'm gonna run for these really quick and then if people have questions we can we can dig into this or if you have questions we. Already talked about consent, there's eight of these, privacy. By design is, just this concept, that you're. Doing everything that you can to, protect, the, privacy, of these, individuals, to not, collect information that you don't need to keep it secure and all those things so, this, is where the entire organization. Has, to be evolved, and we'll talk about this if we have more time but that means having training. For. The other people that work for you so that they understand, how to handle. Customer. Data, do you have said. That are taking laptops out, to Starbucks, and connecting to public Wi-Fi and, they've, got customer, data on those laptops, they, need to be careful with that stuff so. You know we, will probably, talk a little bit about like organizations, like privacy skills laws such a privacy, awareness. Academy of privacy skills calm they'll, help you train all of your staff to, understand. Privacy. Skills, calm, so that what they do is you buy seats and then you go you have your staff, your employees go through online, training, to. Like, okay who's got access to the server room right.

Do We have you. Know proper security in place for our systems, on-site, are we, not just blindly. Emailing, stuff are we keeping our Google Docs secure. Or are we just linking, that anybody can view the document if they've got that link those, kinds of. You. Said that I want. My emotions on my sleeves you guys. Okay. Good to know good to know yeah yeah so then but. Then real quick there's a couple of things we talked about breach notification before. There's. Two other things did. A portability, and right. To be forgotten that are kind of weird so, data portability, means if somebody. In the EU knows, that you have their data they, have the right to, come to you and ask, you for, you to give them that data and if, it's possible. You have to give them that data in a way that they can give, it to another vendor. Most. Of you this doesn't apply yeah, it's. Like I would, just be handing back over to you your name in your email like you. Need me to tell you your name and your email address really. Mary. Is that your problem. Sorry. Mary's of the world but, but, yeah for, apps and larger. Companies and vendors you know like you know let's say that, you're. Edward Jones right. And you're managing a financial, portfolio, for somebody else and they want to move that portfolio, to another, vendor. You, have to give them their data and if, you if it's possible technically. You have to give it to them in a way that they can just send that over to another vendor. And. And, and, move their account and then. The last one is right. To be forgotten that just means that in, addition to being able to unsubscribe, what. We're. All good marketers, we've all given people that option to unsubscribe right, we. Have to on a request to totally, delete all their, data and, this is kind of different because for most of us using MailChimp's. And convert kits and so on, the. Contact. Information remains. In the system, so, that we know that at some point in the past they. Unsubscribe and, they can't. Easily. Be subscribed, again, and. Then for other apps there's. Even more to it but at. A basic level we. Have to be able to delete that information and show them that it's been deleted if they ask so. Honestly. Be prepared to. Get those requests, probably, not every day I'm not even more, than a few year but that. Might happen. There. Was one thing that we touched on. In. Terminology, that I want to cover and that's, this idea of data. Controllers, versus. Data, processors. Okay. Okay. These. Are two really, important, terms that. The gdpr uses, throughout, this. Is regulation and it's a 271. Page regulation, by the way so, if anyone's having trouble sleeping tonight by all means download yourself, copy and start reading you'll. Be helped very, very soon. Data. Controller data, processor you. Are a company, and you, are actively. Accepting. Data. From, an individual, that you're they're subscribing, to your site okay. That, makes you the controller you're determining. How, and why. That. Data is being collected, that's, the controller that's. The controller okay if. You, are using a third party email, marketing service, like wishpond or convertkit or something like that, they're, the processer, they're pulling, in that data and they're. Allowing you to use that data they're giving you services, and whatnot that you can use to send emails and those kinds of things but. They don't have any say in who. Signs up they don't even have any say as to what you do with it once they signed up they're just processing, that data for. You so, they're a data processor, it is. Possible. And it's in fact probable. That. These, roles. Will. Interchange and. Sometimes. Even be reversed so. In, your, case you. Are data processor, for, your clients, who. Want you to run. Facebook, ads for. Them and. They, give you a custom audience that's why I said we'd come back to this so, they're, the data controller, they. Have you. Know the the client your client is controlling. Their. Contact. Data, their subscribers. Or their clients whoever it is that they want to advertise to let's. Say it's subscribers, for ease of language, so, you're, working for an. Organization San, Diego, they've got subscribers, they, want to run Facebook remarketing ads, to those subscribers, so they give you an exported, list of all those subscribers, you're now the data processor, you don't have any saying how that data is used.

But. You're gonna upload that list to Facebook and you're gonna create some Facebook ads for them, so you're just processing, that so that's where you'd have to be part of their privacy, policy but. Says hey. You as a subscriber. You've. Opted in you said it's okay to do custom, online advertising. To. You we, use third party consultants. We use a third party marketing agency, and they in turn use third party platforms like Facebook and Google to. Run those advertising. Goddamn. Okay. Is, there a checklist. But. There are there are check this not, how when Mike Alton the man of all checklists and blogging. Toolkits, not have a checklist yeah. Yeah, well, it's um. This. Is the checklist it's the big three good. That was. That. Was number two number, one was determined consent number two update. Your privacy policy and, this language might have to be in there that, you know this language of data control or data processor that sort of thing might, have to be in your privacy, policy depending. On what data you're collecting and. How, you're using it and I get for everybody, watching me. Too I've been poring, over this stuff for a couple of weeks now. This. Is a lot to take in and and I should have mentioned at the outset. We've. Got this great resource, from Aunt Polly so she. Wrote this article this guy. Will. Put the comments, link, in the comments she goes, through step by step by step what is the gdpr who's, it applied to what, he had to do what had to worry about how. Is it gonna be enforced, what's. Everything that needs to be in your privacy policy. Again. This. Is probably sufficient. For 75%, of you, watching, some. Of you will need more than what, aunt you know writes in in that article but. So. Look at that then the last thing is get. Consent. And this is. What's. Driving people like us nuts because, it's. One thing for you to force me as the European Union to, go and update all, of my subscription. Forms and signup forms, and have, now check boxes and try. To make everybody from the EU happy, and and and informed.

As To what they might be setting up for the. Issue is, it's. Retroactive. 100%. Forever wait, wait again. It's 100%. Retroactive. Anybody, who's on your list too day even. Though this doesn't go in effect until tomorrow anybody. Who's on your list right now. They. Have to have given you express. Consent, for, how you're using their. Data, and. You. Have until tomorrow to. Get. That data to get that consent, so. Where's, my copy/paste, email. But. It's, it's funny because this, is why I've. Been seeing non-stop, for the last two weeks people bitching, online sorry, complaining. About. All the emails they're getting and this is why you're getting emails if those of you in the audience are watching and you're upset about all the emails you're getting from other brands this, is why it's not their fault it really isn't their fault they're, trying, to comply it with the GD P R and the GD P R is very clear if there. Are people on your list who. Did not expressly. Consent. To, be emailed, to in, any, other way that you're emailing them right now you. Have to go back and get, that consent, so. I had to do it the same way I've, got people on my list that didn't say yeah I want your weekly newsletter. Yeah. I want to know when, you go live yeah, I want to know what are the tools you might recommend or anything else that I might email them above. And beyond. The. Kit download, or any of those other downloads. So. I had to send them an email that. Said I'm sorry, but. If you want to be on my list you, are going to have to opt back, in is, this. For, everyone. On your list or just only the people in the EU, that's. A good question because. Technically. This. Only applies to, people in the EU yeah. Here's. Where it gets complicated okay. Most. Of us if you go into your email list or whatever whatever wherever, it is that we have this data again I'm thinking mostly as a market or something email service providers like wishbone and MailChimp and convertkit this.

Could Be a sales database, this could be a CRM, this. Could be a spreadsheet wherever it is that that data is if, you. Can tell exactly. Where that person, came. From and exactly where they are in terms of their geolocation. And they're, from the EU then, you absolutely, must get. That consent okay. The. Grayness is when, and, we probably all have this you've. Got people on your list and you don't know where they are. Okay. I could totally hear myself on your side I. Know. I'll be totally transparent well I have 15,000. People on my list yeah, 400. Only, four hundred four, hundred five people on my list I knew, they were from the EU I could. Tell really. Wish pot could tell from their IP address, that these, people reside, or ikemen or at least signed up for whatever. It is they signed up for from, the EU. Twelve. Thousand. Out of my fifteen thousand people I have no clue so are, you gonna like, poof. Gone nope. Cuz, that's me and in, my case and. Hopefully. Many of you, there's. Two considerations, the first is risk we talked about that at the outset right, am i worried, that. Someone. From the EU is gonna be knocking on my door because. They got a complaint from a citizen, a resident of the EU about. Me, and and the data how, it's being used I said I'm not worried about that I really, am not so. For me to, take, that. Step. Basically. Unsubscribing. 12,000, that's. 75%. Of my email list and. Waiting. For a fraction, of them to opt back in, it's. Not worth it to me I just, don't believe that I'm gonna have that kind of a problem but. Here's the second step the second. Aspect of it that. It. Might be a little hard to explain well. It's gonna be hard to explain it might be hard to understand so hopefully that's okay cuz I will ask all the questions I'm. Gonna take over I'm gonna say can you explain it like I'm five okay. Yeah so it is this concept, of legitimate. Interest. And some. Of the people watching may have seen people talking about this before so I use those words specifically.

If I'm, on your list, and you're sending me information and I signed up for one thing and you're sending me information on other things if there's, legitimate. Interest, in those other things if you can prove that I would be legitimately, interested in those other things they're related. Then. It's easier, for you to justify. Those. Emails, it's easier, for you to say to the EU if they were to ever come to you that, that consent. Well. It may not have been expressed, it's it's, pretty much a given, so. If you sign up to me to my list to, to. Learn about Facebook, and, social media and I'm sending you stuff about Instagram, and YouTube there's. A really, close relation, it's really hard for you to argue for anybody to argue that those are just so wildly, different, that. That somebody should be upset at getting. That information, so. Because. I'm not doing that in the sense that I'm sending you weird stuff everything. That I talk about is, the same it's all online marketing it's all logging, in so different. Social media platforms I don't go off on rails what are the kinds of topics and I'm not trying, to sell you weird offers, right, I'm not pulling. You in with a lead magnet about Facebook, and then, turning around trying to sell you Real Estate's, there's. A connection between anything, that I ever talked to my list about so, I feel like I have a legitimate, argument, for, legitimate. Interests. Yeah and so I'm confident, that if somebody were to complain, I would. Be able to show somebody in, the governing body of the EU that you know what I am I'm making an effort here I did. Go out and I talked to every, single person on my list that I knew was from the EU and, I give them every opportunity to. Opt back in I deleted, them I sent, them an opt-in email and, then. I turn around I deleted those 405, people from my list they're not on my list unless, they clicked, a button and then put their email back in and opted it in got. It for the other thousand. I don't, know where they are. Where. They are they, block all right but, they, don't have that information so, that's, not. Okay. Wait so, Mary actually had a really good question and it was the same thing that had popped into my head and so. Her question is do, open emails indicate legitimate. Interest, shown from the reader so, if they subscribed, right. No. I. Again. This is just my personal opinion this is now the advice, by any stretch but. Me. Personally, just because I opened your email does not mean I'm interested in you what. They click on something related. To that maybe but. Here. You'd have to get a little more green Oh what did they click on did they click on your unsubscribe. Link. Did. They click on your website to, find out what you who you are or did they click on an offer that, was in there not yet because and here's. Where it helps to have things like screenshots, and good programs, this. Is why you should be using you. Know professional, email marketing services, and not sending out newsletters via, Gmail where, you can't tell any of this information because, I, actually, had someone do that to me and I was like you don't have it how. Do I even get on this and you don't even have an option to unsubscribe because. It's, their personal Gmail, that they put you on a little bit like nah. Yeah. But here's you know here's the bottom line for me and. And hopefully for many of you it's. That this. Is just the beginning yeah. It's. Not gonna stop with the EU gdpr, is just the beginning I mentioned outset. That you know cookie, directive is a directive, it's just a guideline that you said each of you individual states need to create some regulations, and laws that do, this it's gonna be replaced then it's already in the works it's gonna be replaced by an actual, regulation.

That, Applies across the board for the EU which. Is actually a good thing those. Two directives, that I mentioned, the EU the cookie, directive and I didn't give you the name for the first one you know why the cookie directive just makes me smile I know you. Dated protection, back in 1995. The. EU data protection directive. Was, passed. The. Problem with the EU data protection directive. And wide had to be replaced by the gdpr, is that every. Individual, state 28, different countries in the EU had. Their own way of implementing, it had, their own laws their, own regulations, which. Means if you wanted to do real, business, you're not just general online business and maybe, somebody from Germany happens to buy my course but you, want to target people in Germany, you want to provide them with a service. You. Had to know German laws and. Then, you had to know it Italian, laws and then you had to know French laws because. They were all different. The. GDP are actually, makes it easier to, do business in, the, EU. Okay. I'm, still stuck on one question, um, when. You were okay so when we were saying because. Convertkit, will let me know which of my subscribers are in the EU so am i - now, just, only, send. An email to the that, specific, segment and ask, them to reopen, because. We talked about like the other people that are not in the EU I don't I really. Don't have to have them opt in at this point. That's. Your personal choice because. What, are you general. I copy you what, yeah well there's risk, associated there I am, NOT, unsubscribing. 75%. Of my subscribers, that would be crazy to me it'll, be crazy for me because, of all the reasons I just outlined but, there are bigger companies. That. Not. Only did a bigger list not only do they have a bigger footprint in the U for sure you, know if only 400 people identified. Themselves as being EU. Or allowed their IPS to be visible that's from the EU yeah I know, that, there aren't that many more, I know that twelfth they're not twelve thousand people out of fifteen thousand people that are in the EU, so. Statistically. There's. Not that many left of the unknowns, on my list, yeah other, businesses. Maybe. Can't say that other, businesses, maybe might, have hundreds, of thousands of people in the, EU that are probably subscribed, to their, services, maybe. Their. Annual revenue is, sufficient. That's somebody. Who's like a government, of body in the you might. Want to take notice like, maybe your Microsoft, maybe your Purina, maybe your other some kind of brand where, you're, you're doing sales in the EU, you definitely have customers, you definitely, have subscribers in the EU and, you, need to be compliant, and you. Have too many people on your list whether. They're customers or subscribers and you, don't know where they are that, it's better for you it's safer, for you to just send a blanket. Notification. Hey we've. Updated our privacy policy we. Want to make sure we're compliant we want to be able to send you marketing things you're. Gonna have to opt back in and that's what we're talking about before that's why all, of us are getting, bombarded with, gdpr, spam, it's. Because those companies have. A legitimate, reason to be concerned they. Want to be on the right side of GDP are, they. Just don't know where you are and that's why some of us are like why are you emailing me oh. Okay. It's finally clicked. It's. A complicated, topic these, aren't you know hey do. That it's, okay. Okay. So let me break down like what was going on in my head cuz, I was. Like if this only applies. To folks. That are in the EU why, am I getting all of these other emails because then that was freaking me out thinking, that I had to do the same but. When you said, basically. They're not mind reader's maybe. They don't have like a sophisticated, email service, provider where it tells, them that I'm opening, it in my, specific location, which is in the u.s. that, makes sense okay yeah that clicked yes. They don't know they, don't know that you're in California and. I don't need to do it for you did you know that you're. Fine but yeah yeah. Cool. And so, you're saying that Joey and Mitch do, privacy, policies. Well. Is and, they, can correct me because I'm gonna say this wrong is, by saying as Mitch's of litigation, attorney and Joey's, actually is a data privacy attorney so. So Joey Vitale would probably be a great. Resource to turn to, Mitch. Tell me if I'm wrong but I'm guessing. From what I understand, Joey's, the better resource, for. Legal questions in this regard just.

Like I mean my dad's an attorney but he's, family practice, and first and estate, planning he doesn't know he knows less about G deeper than I do at this point yeah so, he would not be a resource okay, so we're, gonna give Joey some love Joey. Joey. If it's a lead that come, let's. Even it even has Mitch in his Instagram, what. All. Right this is in, deal off in deal a calm that is where you could find mr. Joey vitally. Sweet. Beans all. Right cool, um. I'm trying, to see if there's any other questions in here we had a ton of questions pop, up um. But, well I mean, you. You. Or. Mitch by all means like Mitch you know this stuff and Joey could pop in here and do, that this was more like the, way that I kind of envisioned the show was that like you're you. Research this well topic, I'm gonna be like your average business, owner that's trying to make sense of this and asking, the questions that most people are going to have so. Having. Said that if. Anyone's looking for like leads the, whole freaking entire comment, section are all leads at this point. Yeah. No, doubt so all right cool what dude is there anything else that we need to have covered, Mike. I, still. Need to check out that privacy skills calm thing because I'm thinking yeah I'm, thinking for, me especially. You, know doing Facebook Ads for clients, like I'll have to ask them as a part of like my onboarding, checklist, do, you have a privacy, policy right. Because. You should and if you don't then go to Joey Vitaly, mm-hmm. Yeah. And there are online services, like I said that if. The service I used I'm. Cheap. And I'm a solopreneur so I did not pay to, have my privacy. Policy created but again you know my perception. Of risk is really. Really low compared, to most other businesses social. Media hat is a side gig for me but. For. Those who are. Concerned and they want to make sure they do this right there, are lots of services I saw out there that are. Providing. You with, privacy. Policy, creation, services, some of them are total self service you, just pay a little extra money and you can, have that privacy. Policy created for you you can just check all the different services you use, you know create the language and you fill in the blanks and then, edit. It read it internet take the time to understand, what it's, saying at. Least at a high level so that you are communicating clearly. What. Is your doing with the data and why, do, not do not do not just have you and paste somebody else's. Privacy. Policy. Use. It as a guide I mean I don't you know people can look at the social media heads privacy, policy it's not secret it's on the footer now of every single page of my site you, know you can, take it if you want to but, edit. It make, sure it applies to you make sure it's worded the way that you need it to be worried worded, so that it hones

2018-05-28 20:43

Show Video

Comments:

Love the video! Thanks for sharing

Xiomy C Ventura you’re welcome!

Other news