GDPR for the Solopreneur
Congratulations! You have launched your website and are on your way to building your dream⎼but do you have all of the pieces in place to be successful and legally protected while you do so?
Isn’t the GDPR only for businesses in the EU?
While you may initially assume you don’t need to pay attention to the GDPR requirements if you are not based in the European Union, it’s not quite that simple. The law surrounding these guidelines reaches anyone or any website that collects even so much as an IP address from someone who resides in the EU, even if you are geographically nowhere near Europe and you aren’t seeking out EU clients or customers.
So, what does that mean? Basically, if someone in the EU visits your website and you have analytic tracking software that collects their IP address or they join your email list and submit data to you that way, you are required to comply with this law.
Fines for violations can be as high 20 million euros and investigations are prompted by complaints. This means that even if you think you are a small fish in a big ocean, all it takes to prompt a GDPR investigation into your business is a complaint fromONE EU citizen to the regulatory body.
- What information is being collected?
- How you are using the collected information?
- Whether or not you will share or sell the information you collect with third parties?
- What rights does the website visitor have?
What do I need to do to be GDPR-compliant?
So now that you know you don’t want to mess around with this EU data protection law, what can you do to make sure your business is compliant?
Do you collect information like names, email addresses, physical addresses, and the location of website visitors and computer IP addresses? If so, do you knowwhy you collect all of the types of personal information your website collects? If there is no logical purpose behind the collection of one or more of the types of information your website collects, you should reconsider collecting it at all. Remember, the reach of regulations like the EU’s GDPR extends well beyond geographical barriers.