You may have noticed a slight increase in updated privacy notices arriving in your email inbox this spring. Some may have come from companies you only vaguely remember doing business with.

The reason for the increase in notices? It’s all due to the General Data Protection Regulation, or GDPR for short.

What is GDPR and how does it affect small businesses? Here’s the lowdown:

GDPR is a set of laws that created guidelines for the collection and storage of personal information of individuals in the European Union. The guidelines went into effect on May 25, 2018.

How does it affect businesses in the United States? In general, it means companies doing business with European citizens must ask for their consent before collecting personal information. The companies can only collect the data they ask for and, once they have the personal data, the companies have several limitations on how they can use it.

Of course, lots of companies use third-party services to collect and store the personal data of their customers. Oftentimes, this data is aggregated and sold to other companies looking to sell targeted advertising. With GDPR in place, companies will need to ensure that these third-party services and other vendors are in compliance with the law.

What does all of this mean for small business owners? There are some simple steps to take to ensure you are not found liable for violating the privacy rights of European citizens who may frequent your restaurant or retail shop. (If you are not sure if GDPR will apply to your business, we encourage you to speak with legal and other professional counsel to determine when and how you might be affected).

First, if you collect personal data such as names, phone numbers, physical addresses and email addresses, put a process in place to ask for consent to collect such data. A word of warning: the consent needs to be clear and unambiguous. No pre-checked boxes!

Second, set up a mechanism whereby customers and prospects can request that their personal data be deleted.

Third, if you already have customer data in place, send out a notice asking customers to consent to continue receiving updates from your business. You can also let those same customers know that they can request to have their personal data deleted.

Lastly, business owners should place a notice on their website letting consumers know that their website uses cookies (we’re assuming it does use cookies for things like analytics or advertising) and that users of the site need to consent to the use of cookies in order to use the website.

Want to read more about the new law? Here are two additional resources:

Want to know more about how a point-of-sale system can help with marketing? Contact us today for a demo.

WordPress Appliance - Powered by TurnKey Linux