Disclaimer: The following is general information and is not intended as legal advice. I am not an attorney. I encourage you to seek legal counsel for advice pertaining to your particular business. Some of the links used in this post are affiliate links, and I may receive a commission if you use or purchase items through my affiliate links.
There’s a new law that’s going into effect on May 25th, 2018 called the General Data Protection Regulation (GDPR). Basically, this is a European privacy law designed to protect personal data privacy for citizens in the European Union (EU).
As virtual assistants, it’s something that we need to pay attention to. Whether YOU live there or not, you may have clients that do, or your clients may have clients that do. You may also have people from the EU on your mailing lists.
If so, this affects you and how you do business with clients and potential clients, how you collect and store information about them, and if you have them on your mailing list or your client’s mailing lists.
But there’s a lot of info floating around out there right now about the GDPR. So, I’m going to try and break it down and keep it simple, specifically with virtual assistants in mind.
First, let’s talk about the point of GDPR.
“The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling”
Second, let’s talk about how “personal data” is defined according to GDPR.
Currently, there’s no exact list of items that constitute personal data, but this is how they define it:
“Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.” Source: ec.europa.eu
Let me make that simpler.
Here’s some personal data you may come across with clients and those on your mailing list:
- Mailing address
- Phone number
- Email address
- IP address
- Cookie strings
- Credit card or payment info
What do you need to do in your virtual assistant business in order to be GDPR compliant?
It’s really about making some tweaks to your website, optins and places where you collect information from and about your clients and potential clients. I’ll cover some of the basics for you.
–2. All About the Cookies
You can find a free popup here: https://cookieconsent.insites.com/
–3. Change Optin Wording
You might need to make some tweaks in the wording of your optin that you use where people can sign up for a free offer and get on your mailing list. It’s very important to ensure consent of the person who is opting in to your list.
For example, you can no longer say, “Sign up here and receive my free gifts.”
Instead, you need to be very clear that they will also be on your mailing list if they sign up for those free gifts. You can tweak it to say something like, “Sign up for my list and receive these free gifts.”
Here’s an example of my own optin form:
Do you see the difference there?
–4. Other Places You Request Info
Think about other places or pages on your website where you might ask for someone’s contact or personal information. You can add a simple line of text to these pages or forms in order to comply.
Here are some that you might have:
- Landing pages
- Optin pages (Ex: free webinar optin, free ecourse optin)
- Contact page
- Client intake form
–5. No Auto-Moving
In the past, auto-moving people from one list to another was acceptable. I’ll explain what I mean. Let’s say that you had an optin for a free webinar that you were running to teach people how to better manage their social media marketing. Once the webinar is over and they’ve received all of your emails about it, you decide to then move all of those people over to your main mailing list.
You are not permitted to do that anymore. People have to CHOOSE to move to that different list.
Here’s what you can do instead:
Use customized thank you pages.
When someone signs up for your webinar, send them to a thank you page on your website. On that page, ask if they’d like to be subscribed to your list to receive your awesome newsletter and freebies, and add a link to your optin.
This goes for any of your lists, whether they are for free or paid items or products. Yes, you can still email people on those lists with information relevant to the reason that they signed up for that particular list in the first place. However, if you want them to receive information about something completely different that you offer, or be on your main free list, you need to ask them to opt in for those things.
And that’s my summary on things you can do to make your VA business GDPR compliant. Of course, I’m not claiming that this is everything in the world that could possibly be said on the topic. I really just wanted to cover the basics for your VA business.
Be sure to do your own due diligence to make sure that you and your business are being protected and that you’re playing fairly out there. We want to do things with honesty and integrity. So, if you don’t know, ask a professional for advice.
Disclaimer: This is general information and is not intended as legal advice. I am not an attorney. I encourage you to seek legal counsel for advice pertaining to your particular business. Some of the links used in this post are affiliate links, and I may receive a commission if you use or purchase items through my affiliate links.