I am sure that you’ve heard about General Data Protection Regulation (GDPR) which it came into effect on May 25th, 2018. It’s basically a stronger set of rules on EU data protection, which changes how businesses handle their customers' personal information and as a result, people have more control over their personal data. But what does it mean for your online business?
When GDPR came into effect, everyone was freaking out about it because nobody really understood what it meant. So, to ease everyone’s fears and clear up some of the confusion, I invited data law protection expert, Suzanne Dibble, onto the show.
Suzanne used to work as a business lawyer at the largest law firm in the world – literally. In 2010, she switched her focus from keeping household names and huge multi-nationals out of trouble to helping small business owners protect and scale their business. She’s a natural entrepreneur at heart and always provides practical and relevant advice to each of her clients.
Essential Learning Points From This Episode:
- GDPR is a supercharged data protection law that replaces the previous 1995 Data Protection Directive
- Data is the world’s most valuable asset – so it’s important to protect it
- The maximum fine for a GDPR data breach is €20m or 4% of your global turnover in the last 12 months
- You must have a lawful ground for processing data which includes consent, contractual, legal and legitimate interests
- You don’t necessarily need to get an “opt-in consent” from existing customers to continue to market to them
- Your privacy notice must clearly state that people can object to the processing on the grounds of legitimate interests
- Use this opportunity to clean up your email list and sort out the subscribers who engage with you from those who never open your emails
- GDPR has amplified the standard of consent. There must be an affirmative action by the individual that signifies their consent
- It’s not mandatory that you need to have a double opt-in, but you may need it when dealing with special category data or sensitive data (such as health information)
- Don’t bundle all of your consent boxes together - you need to give people real choice and control
- Controllers can only use processors and virtual assistants outside the EU if they are GDPR compliant
- Much, much more!
Important Links & Mentions From this Episode:
Thank You for Tuning In!
There are a lot...
I am sure that you’ve heard about General Data Protection Regulation (GDPR) which it came into effect on May 25th, 2018. It’s basically a stronger set of rules on EU data protection, which changes how businesses handle their customers' personal information and as a result, people have more control over their personal data. But what does it mean for your online business?
I am sure that you’ve heard about General Data Protection Regulation (GDPR) which it came into effect on May 25th, 2018. It’s basically a stronger set of rules on EU data protection, which changes how businesses handle their customers' personal information and as a result, people have more control over their personal data. But what does it mean for your online business?
When GDPR came into effect, everyone was freaking out about it because nobody really understood what it meant. So, to ease everyone’s fears and clear up some of the confusion, I invited data law protection expert, Suzanne Dibble, onto the show.
Suzanne used to work as a business lawyer at the largest law firm in the world – literally. In 2010, she switched her focus from keeping household names and huge multi-nationals out of trouble to helping small business owners protect and scale their business. She’s a natural entrepreneur at heart and always provides practical and relevant advice to each of her clients.
Essential Learning Points From This Episode:
- GDPR is a supercharged data protection law that replaces the previous 1995 Data Protection Directive
- Data is the world’s most valuable asset – so it’s important to protect it
- The maximum fine for a GDPR data breach is €20m or 4% of your global turnover in the last 12 months
- You must have a lawful ground for processing data which includes consent, contractual, legal and legitimate interests
- You don’t necessarily need to get an “opt-in consent” from existing customers to continue to market to them
- Your privacy notice must clearly state that people can object to the processing on the grounds of legitimate interests
- Use this opportunity to clean up your email list and sort out the subscribers who engage with you from those who never open your emails
- GDPR has amplified the standard of consent. There must be an affirmative action by the individual that signifies their consent
- It’s not mandatory that you need to have a double opt-in, but you may need it when dealing with special category data or sensitive data (such as health information)
- Don’t bundle all of your consent boxes together - you need to give people real choice and control
- Controllers can only use processors and virtual assistants outside the EU if they are GDPR compliant
- Much, much more!
Important Links & Mentions From this Episode:
Thank You for Tuning In!
There are a lot of podcasts