Are you ready for GDPR? Wondering how it will affect your agency and/or your clients? Even if you’re not in Europe, you are required to be in compliance with these new data privacy regulations. In this episode, learn what you need to do to protect your agency and stay in compliance with GDPR.

In this episode, we’ll cover:

• What is GDPR?
• What does GDPR mean for agencies?
• 3 Steps to GDPR compliance.
• What happens if your agency is non-compliant?

I’m super excited to talk to today’s guest, Suzanne Dibble the small business law expert based in The UK. She’s got 20+ years experience and has worked some big time entrepreneurs, like Richard Branson. She has been living, breathing, and consuming everything related to GDPR and how it affect small businesses for the past 3 months. Suzanne is on the show today to explain the ins and outs of GDPR so you can keep your agency in compliance and continue to generate leads despite stricter guidelines.

What is GDPR?

The GDPR (General Data Protection Regulation) is a set of rules imposed by the European Union (EU) who seek to create a harmonized data protection law framework across the EU and aims to give back to data subjects, control of their personal data. GDPR imposes strict rules on businesses hosting and processing this type of data, anywhere in the world.

Suzanne says GDPR comes from a place of good intention, and isn’t just a new set of regulations to make our lives miserable. The good news is that there’s just a few steps to take that will keep you compliant by May 25, 2018. And the really good news is that there’s no enforcement agency waiting to haul you off to prison for non-compliance. :)

What Does GDPR Mean for Agencies?

Basically, this will affect your lead magnets and automated marketing campaign sequences. It’s all about transparency. Under these regulations, when people opt-in for something (like a lead magnet) that’s the only thing you can send them. If you want to continue to use their email address for marketing purposes, this will require additional consent.

3 Steps to GDPR Compliance

Compliance does not have to be an overwhelming process. Suzanne top lined the three steps we can take to make sure we stay compliant:

1. Decide whether GDPR is relevant to your agency.

It affects businesses who either (A.) process data of people in the EU with the intent to offer goods or services, and (B.) businesses monitoring the behaviors of those in the EU. If you’ve answered yes to either of these criteria, then you need to send a re-consent email to your lists to those recipients in the EU.

2. Determine if you have lawful grounds of processing data.

There are 6 criteria that fall under the definition of being lawful under GDPR, though most small businesses will fall under one of the first four.

1. Consent. The real issue is obtaining re-consent after May 25. With that, you have lawful grounds.
2. Contractual agreement. If you’re already under contract with a client, you’re all set and new consent is not required.
3. Compliance with the law. Record keeping or maintaining data on clients, employees, and contractors is consensual and therefore no new consent is required.
4. Legitimate interest. Many of us will fall into this category, where you’re marketing to someone with legitimate interest in your service you can lawfully process their data with consent to do so.
5. Vital interest.
6. Public interest.

3. Write a new privacy policy and a cookies notice.

Under GDPR you must be completely transparent about what you data you’re holding and why. Additionally, you must rationalize what you’re doing with any data, where it comes from, where you’re transferring it to, etc. GDPR has 13 points that must be addressed in your privacy policy so be sure you’re fully covered.

Cookies are considered an extension of personal data. Therefore, businesses are also required to be transparent with their use and handling of cookie data with a cookies policy.

What Happens If You’re Non-Compliant?

As Suzanne explained, there’s no governing agency that’s enforcing these regulations or hunting down offenders. Basically, it just all comes down to a risk analysis.

The real risks are to your brand reputation. Breaking compliance may upset people who are knowledgable on the subject. They may choose to take direct action and make a legal claim. And even if they don’t take action, you risk losing their trust and respect.

There are over 250 pages to the Articles and Recitals of GDPR. If you are unsure whether this relates to you, or you’d like to dig in deeper you can learn more in Suzanne’s exclusive GDPR for Online Entrepreneurs Facebook group. She also has a ton of information on her website here: SuzanneDibble.com/GDPR

Need Guidance and Support to Grow Your Agency 3X Faster?

Need Guidance and Support to Grow Your Agency 3X Faster? Are you overwhelmed by all the information out there on various ways to grow your agency? Do you want direction on how you can grow your agency faster and easier?

Then you’re in luck! I've created an innovative agency owner mastermind called Agency University.

Agency University is a program which provides 1-on-1 mentorship, coupled with the ongoing group support that is crucial to the success of your agency. Click here to see if it’s the right fit for you!