GDPR Guide for Entrepreneurs – Law and Wit Episode 15 Transcript

Ratelle: 00:00 This is episode 15 of Law and Wit: GDPR for online entrepreneurs – a five step guide. Welcome to law and Wit: creative counsel for entrepreneurs. I’m your host, Brittany Ratelle mother of four, entrepreneur and nap time lawyer and attorney for creative entrepreneurs. I’m here to share inspiration and actions that you can tackle your business blocks and confidently own your business in every sense of the word. Thank you so much for being here. Hello everybody and welcome back. And I’m here to talk about the super sexy and exciting world of the GDPR. Now, it’s, it’s not guys. I mean, I frankly, I feel like I have to apologize for my subject matter a lot. Um, I feel like that’s just the role that I have been dealt. It’s the hand that I’ve been dealt. That’s the role I have to play is to apologize for my subject matter.

Ratelle: 00:56 And today is no exception to that. In fact, it’s probably one of the more denser and more scary things out there in terms of regulation. But look, I’ve, I’ve looked at this a lot. I’ve read a lot of stuff, distilled a lot of things and I am promising you that I am making this the most manageable bite size actionable plan that you’re going to get on this stuff. Okay. So today we have a five step guide so that you can wrap your eyes and ears and entrepreneurial brains around the GDPR, which if you’re not familiar, is the general data protection regulation that is coming out of the EU. Um, now I know what you’re saying, Brittany. I am an American and you are an American. And why are we giving a flying fig about what is happening in the EU? Um, and the reason is the Internet.

Ratelle: 01:47 My friends, if you aren’t aware of people exchange goods and services on the Internet, pretty, uh, freely over borders, including from the EU and this particular set of regulations which goes live on May 25th, year of our Lord, and affects and says that basically anyone who is doing business with someone who is a resident in the EU, not even a citizen, you do not even have to have an EU citizenship card. It could even be someone who just happens to be in the EU at that time that you are connecting with, which, you know, talking to all those laptop warriors who are bragging on their instagram that like, oh, I’m working from Paris, I’m, you know, I’m taking my sabbatical. You know, those people, those schmucks, that’s who we have to be dealing with. So I’m. So it applies to you guys is what I’m telling you.

Ratelle: 02:39 The chances are, is that you have someone on your email list or someone that you have sold something to. Even if you don’t sell products from your website, even if you only sell information like on an email list, like a freebie. I’m like, we all have been counseled to do, to try to get people on an email list. It’s likely that you are dealing with someone in the eye. So that’s why this matters guys. That’s why you got to care. So, um, so there you go. Uh, so here are the five steps. And, and the other reason why is because there are Buku fine. So to drop a little French on you, if you have a problem with this, I’m talking in the neighborhood of that you can be fined up to four percent of your annual revenue or 20 million euro for a fine. Now I understand that it’s unlikely that anyone is going to be hitting you with that fine right out of the gate.

Ratelle: 03:26 The that find is probably going to be reserved for our big players here. You know, our, our major companies, data processors who we’re dealing with a lot of people’s data and perhaps doing it in shadier ways. However, that’s not to say that you couldn’t be at risk for some sort of fine or some sort of center and certainly if you are planning on growing your company and doing more with data and privacy and being able to move forward, you want to be confident that you’re not going to have a problem. So we’re going to talk about how we make that happen. So number one, a your first step is to screen EU users that you might have on that are coming across your website and using your services that you might have their data. Um, so the way that you’re going to do this is you’re going to find out which contacts on your email list or from the EU.

Ratelle: 04:13 Um, now, uh, you may, most of the major email providers I know for example, I use convert kit, so that’s one that I can speak of. I know that they are trying to roll out segmentation right now to give you a heads up that you can actually screen out and figure out which of your users might be from the EU. They’re trying to do that by ip address. So I’m, the easiest way is that you have a tool like that, that your email manager is robust and is on, is on top of this, that they can actually tell you who’s on your list in the EU. If you can’t, for whatever reason, either you don’t have that data or you’ve been using some like freebies, service and just inching along and now you’re not sure what you know, then you pretty much have to treat those unknown email addresses as if they were from the EU because when in doubt, pretend like they are from the EU, you know?

Ratelle: 05:04 Um, that’s, that’s, that doesn’t rhyme, but that’s what you have to do. Okay. Just to be safe. Better safe than sorry. Okay. So first is screening segmentation. Find out who’s from the EU. Second is you are going to need to get consent from those EU users to be on your email list. So if your. And that’s because the EU, the GDPR, I’m one of the promises and one of the things it’s rolling out is that it’s saying you have the right, um, as a, a person to have someone have to ask your consent to get your email address and to access and have your personal data. And that includes things like your address, your name, your ip address, your email. Um, certainly, you know, anything else that could be personally identifiable, especially anything else that’s more sensitive information, you know, genetic information, healthcare information, things about pregnancy status, sexual orientation, religious disability, certainly all of those.

Ratelle: 06:01 Now I know most people don’t collect that kind of information, so I’m going assume you don’t are dealing with that kind of sensitive information, but it’s a pretty safe bet that you are asking about someone’s email because you probably want them on your list because we’ve all been told the money’s in the list, get them on a list, get the list however you need to, so that’s great. But now you have this ticking time bomb list of people. So we need first. Our first step was to screen who’s EU on that list. Second step is to get consent from those EU users. Okay? So if you are at all unsure if when you added those people to your list, if they it, if it wasn’t crystal crystal clear that they were getting added to your general email newsletter marketing list, and then you need to get consent from them.

Ratelle: 06:45 Now I know what you’re saying, Brittany, like, Hey, I had a little, you know, thing on my form that said, um, get my freebie and get added to my list. Isn’t that clear? Mm. The jury is not quite out on this. In fact, a lot of attorneys that I’ve been consulting with and listening to think that if you were giving away a Freebie that it’s not very clear because you were kind of tying and mingling those things together. You were saying, Hey, I’m going to give you this thing that has a lot of value. You really want it. It’s super sexy and cool. And by the way we, the amended list, it’s Kinda like one of those like, you know, mortgage commercials where they just add in all the terms at the end. So if this is possibly what you were doing, then you need to assume that you do not have consent from these people.

Ratelle: 07:31 Um, and what I suggest you do is that you start sending out some emails to those people, those EU people or possible EU people asking to reengage and asking for their affirmative consent clearly and concisely to say, please, please, will you continue to play with me? Will you consent to be added to my email marketing list? And you needed probably phrase it very similar to that. Okay? Don’t try to sugarcoat it or say like, oh, just be added for my, you know, for this purposes or so I could get more value. I mean, you really just need to make it very clear of what you do with this list. If you sell from this list, then you need to be clear about that. Okay? If this is a marketing list that that’s exactly what it does, then don’t try to call it something else. Okay?

Ratelle: 08:18 Um, you know, you can add value. Talk about what people get out of this, you know, do you give people exclusive discount codes? Do you give them access to know, you know, all I know a lot of newsletters people use to say like, oh, we’re dropping new product or midnight to see what actually doing that scene have to like buy a new product. I don’t know anyone who does that, but apparently it’s happening because sometimes things are sold out, but anyway, if you’re doing that kind of thing, then yeah, tout that make, make a little video or audio clip and personalize it. Talk about why your list is so cool and you want to be on it, but make it clear that that is what you were asking them to do. Okay, so you need to get. And ideally you would have a way for them to click either a new little lead page.

Ratelle: 09:01 That’s exactly for that purpose. That’s your EU re-engagement page that you create or some click in in an email some length that says, please click here if you want to be added or stay on my newsletter list otherwise after this date, and I would give yourself at least a couple of days before the 25th deadline of May. So By May 20th or may 20, third at the latest, if you haven’t clicked this, you are out of here. I am dropping you from my list. This is the last call for alcohol people. Okay? Um, all right, so after you’ve done that, um, which I know sounds it sucks. It sucks guys. But uh, you know, there’s nothing else to tell you that that’s just where we are. Okay. Step number three is you need to get a consent and set up some new consent procedures for your New People. So this is, you know, looking forward to what are you going to do after May 25th, might as well put this stuff in place.

Ratelle: 09:54 Okay? Um, one way that, uh, is recommended that you can do this is that you can add a checkbox to your opt in or lead magnet just to people from the EU. If there’s a way that you can segment people from your website that super sweet, because then that will only show up to people from the EU and you’re not giving that option to everybody. If that’s not an option, then you may need to wait and do a step later on in your process, in your funnel so that you’re not unnecessarily giving people options out of your list, so you kind of have to look a little bit at your tech and what you have an options and that may depend on the sophistication of your email provider, your if you’re using lead pages or other opt in boxes and forms and other what we know other widgets and plugins, all those different companies that are speaking together, them that are trying to get your people stuff.

Ratelle: 10:41 So the main thing here is that you cannot do any kind of bait and switch or pre checked box here. So if you have a checkbox that says, please add me to your email list. You cannot precheck this for people or, or instruct your web developer to do that. Okay? People have to voluntarily like a real human being reached up with their mouse and click it. Okay? Like, you know, God touching Adam in the famous painting. Okay? On the Sistine Chapel, that is what must happen here. Okay? A human being has to have an honest voluntary movement to say, yes, I want to be on your list all dramatically. Just like that. Okay? Um, if that’s not an option for you in terms of segmentation, then another option you can have is an optin page. You could have just on your optin page, you can have that as an option and say, I’m here.

Ratelle: 11:35 I want you to add onto my list, and this can be like an inbetween page. Maybe it’s after someone asks for your Freebie, but before they get to like the thank you, here’s what you’re going to love about it. You’re gonna love being part of our team, whatever, whatever. Maybe you. And some people have called this like a sandwich page in between here. I think Bobby Clinic said that on Amy Porterfield’s caught a podcast, which if you haven’t, if you don’t listen to Amy Porterfield, she is, you know, the email list queen. And so if you want more specific information about how to implement this and, uh, the attorney that she on and his take, I would highly recommend that episode. So look for that. Amy Porterfield. And Bobby Clink, um, and so that’s one that they recommended is doing like a sandwich in between page. Um, another option is in your delivery email.

Ratelle: 12:19 So if someone clicks on, they want your Freebie, you send them their free me, it ends up in their email box, you know, they opened that email that says, thanks so much for confirming. Here’s your thing, by the way, you might also, while you’re here, I’m pretty cool. You might also want to get added onto my email list and here’s a great time to sell. And again, use some of your same magic that you were using before to get your people to stay on your list. Talk about why is your list so cool, why would they want to stick around or what are you delivering? Is it value, is it entertainment, is it money and saving time saving? Is it exclusive content? Whatever it is that makes your email is sexy and cool, sell, sell, sell so that they’re. And again, but make sure that it’s a voluntary Freebie, opt in, not any kind of precheck thing that they have to be checking on their own.

Ratelle: 13:07 So, um, and uh, the last thing is in the lead magnet itself, you possibly have some sort of link that someone has to click back in or say like, Hey, I want to be added to my list or um, and you know, but again, it has to be something that they are taking action on their own. So, and again, these are all ways to handle new subscribers if they could possibly be from the EU or you either know that from the EU or you can’t tell and so you kind of have to err on the side of caution. So obviously because of this and because of the way it’s going to change, it’s likely that a lot of our email providers and people who are providing these kinds of services are going to be stepping up to the plate and trying to offer more segmentation and being able to, to show where your people are from.

Ratelle: 13:50 Because I’m sure you like me, I am not really interested in giving away a lot of freebies and optins without people joining my list. That’s Kinda the whole point. I mean, I’m all for providing value, but I also need your email address, like, let’s be real here. I can’t do what I do and I can’t contact you when and if I want to contact you, if I don’t have that, um, if I don’t have that email address, you know, I’m at the mercy of all of the other platforms and their algorithms and their policy. So. Okay. Um, so that’s a big number three. I know a lot to follow, but I know that email marketing is so important and that’s likely the biggest area and touchpoint that everyone is going to have with the GDPR is how they handle their email marketing. So, um, if you have any questions about this, I’d advise you to reach out to whoever is your email service provider.

Ratelle: 14:35 It’s likely that they have a frequently asked question or they’re doing some sort of training or they have information in their support or knowledge base. Um, so reach out and see what are they doing to offer you as a consumer of their products. And if they’re, if they’re kind of leaving you in the dust, if not helping you with some of this stuff and some of these options and tech, then maybe it’s time to switch people. Okay? Okay. Number four is you need to update your privacy policy on your website. So if you don’t have a privacy policy, and that’s a wrong answer guys, you need to get one. Okay? I don’t like to be judgey on here and I’m not being judgy, but I’m just telling you the straight truth. It’s time. You need to have a privacy policy. Okay? California requires one. You’re probably are dealing with people in California now.

Ratelle: 15:20 The EU is requiring it. So just get on it. Okay? Just suck it up and write it and put it on your website. It needs to be in your footer. It needs to be a standalone page, one page for your privacy policy and a page for your terms of service or a terms of use. Okay? You can call it either one. Um, but your privacy policy also needs to have kind of new GDPR compliant language. And I’m creating some text like this, so if you guys need some of this, um, uh, you want to make sure that you are on my email list because I’m going to be sending this out to my email list subscribers. Okay? So if you’re not already a client of mine, um, or on my email list, then you might be left in the lurch. So make sure you’re getting on my list.

Ratelle: 16:00 Okay. Brittany retell.com/newsletter or, um, you can also, you’re going to be able to get on the list from the episode’s notes from this episode, which will be Brittany retell.com/fifteen as an episode 15. So go to either of those places and you’re going to be able to get on my list, um, and you able to get that text to update your privacy policy. Okay? Um, what your privacy policy needs to say is it needs to not be shady and needs to be clear and understandable. No hard to understand. Legalees. Okay? And it needs to state stuff of how. And explain how you are going to comply. You need to talk about what are you collecting from people who come onto your webpage, what information, what are you collecting and what are you doing with them. That’s the essence, and I know that sounds really simple and you’re like, well, I’m not collecting anything and I’m not doing anything with it.

Ratelle: 16:50 I beg to differ. I’m going to call bs on you because it’s likely that you are running google analytics. Okay? And guess what? Google analytics collects information from people. That’s how. That’s how, that’s the analyze in the analytics. Okay? They are analyzing stuff. They are looking at what devices are people on there. They are checking where they are coming from. They’re tracking how long they’re staying on your site and if they’re putting in for any information, they’re tracking that. Okay? Um, if you are using lead pages or email marketing managers like we’ve talked about, then you are collecting information. If you have facebook pixels on your website, you’re collecting information. Okay? Cookies. If you’re participating with affiliate networks who all have to keep track of where people are and how long and if they bought in a certain time period, whether in that cookie window than you are collecting information.

Ratelle: 17:37 Okay. So yeah, the answer is yes, you are collecting information, but you need to understand what you are. So talk to your web developer, talk to your advertising people or if that’s you, if you’re wearing all those hats, then be a little introspective about what are you collecting from people and why and is this actually information that you need to be. Are you unnecessarily collecting stuff that you don’t really need, that you’re putting yourself at risk? Um, some other things that the Gdpr codified that are kind of newer that need to be considered is that customers can have, have the right to be forgotten. Basically has a right saying that someone can contact you and not only can they ask and say, Hey, I want a copy of all the information you have on me that you’ve collected from your website and you need to provide that.

Ratelle: 18:22 Someone can also say, Hey, I am exercising my right to be forgotten and I want you to delete everything, in which case you need to delete everything on them, so, and that means you’ll need to delete it on wherever you store that information and any of those other vendors or service providers that you use. So contact your email people and your lead pages and whatever else you use. Make sure that their information is not being stored anywhere else remotely, um, or through a third party APP. Okay. Um, the other thing is, like I said, don’t collect more information or data then unique. You’re just opening yourself up to liability and risk and you’re not getting anything out of it. So, um, and make sure the, the Gdpr, I’m redefines children as anyone under 16. We’re all pretty familiar with the capa law in the US that says that you have some extra burdens if you are doing any marketing or um, that you’re advertising to children under the age of 13.

Ratelle: 19:14 So a lot of us have those in their privacy policies. The GDPR bumps that up to 16 that says if you are connecting or storing anyone’s information, private information from anyone who a child under the age of 16, then you need consent from their guardian or age or, and slash or age verification. So that’s a good idea. So if that says 13 in your privacy policy, change that to 16. Okay? And if you do have content that’s aimed at kids, if that’s part of what you do, you know, if you are having toy tutorials or hair styling or something else where you know, um, you know, that kids are watching it and you are, your content is aimed at children than we need to talk. Okay? Because, um, there’s some other things that you need to be doing to protect yourself because anytime you’re dealing with private information of children and interacting with children, you have a lot more burdens anyway, um, that, that come on you as a service provider.

Ratelle: 20:06 So, okay, so that’s the big number for us. Update your privacy policy. Um, and make sure you put your updated date on there. And I would send out a link to anyone who’s an email subscriber or a customer and say, Hey, by the way, we have updated our privacy policy and here’s the link for that. Um, so yeah, I know no one’s gonna read it, but it’s a, it’s a good practice to have is that you will update people when you change the term so that they’re aware when they’re interacting and coming onto your site or using your services. So, okay, the last is that be, um, be prepared to delete data and we kind of already talked about this, but if a user reaches out and requests to your vendor or anyone else that they want their data deleted, that you need to be able to, uh, deliver on that promise.

Ratelle: 20:52 And the other thing is that if you have any kind of data breach that happens, um, you need to respond within 72 hours. Those are serious responsibilities at data breaches is a big deal and that you need to notify your customers and have some sort of plan in place of how you’re going to mitigate the damages and try to fix it. So I’m more of the story is if you have a data breach, you cannot just sit on it and be like, woe is me, this sucks. Like you need to have a plan, so you probably needed to have someone already on your Rolodex of who you know, who you’re going to call ghostbusters. Sorry, I’m famous in mind, but have a plan of, you know, do you have someone who can help with that kind of issue, especially as we talked about if you have more data than less, you know, if you’ve, if you have a giant email list, then that’s going to be a bigger deal.

Ratelle: 21:37 So let’s make sure we’re on that. If you collect a lot of information because you use forms or quizzes or other things in your community element, um, that collects information from people, then let’s make sure that we have a plan in case any of that gets hacked or breach. Okay. All right. Um, okay. Those are the five steps guys. I know that’s a lot of dense stuff I threw at you and I’m not trying to scare you. Okay? That’s never what I’m trying to do is try to scare you or overwhelm you, but I am trying to serve you and bring your attention to important issues that are going on your business and I want you to know that even if you think that like I am just a little. I’m just a little shot Brittany, like I, I just do this online or maybe you don’t even sell anything from your website.

Ratelle: 22:21 All you do is you want to get people on your email list because you want to do something else with that. You maybe want to sell stuff down the road or you have an online course or you do in person events or you know the hundreds of other business things that you do. You’re a photographer, but you know if someone’s interested in getting on your next mini shoots, then you want their name. Okay? This is what I’m talking about, that you’re collecting data because you’re collecting people’s email addresses. So just be aware that this actually applies to you even though you think it may not. But if you follow what we’ve talked about today and go through these five steps, you, you’re gonna be okay. All right. Like I said, I’m going to have this up in a little guide on, in the show notes.

Ratelle: 23:02 So if you listen to this and are like, yeah, uh, this went on all over my head and now I’m sweating bullets. Thanks a lot Brett, for ruining my day. I’m then jump on over the show notes. Download the little checklist that comes with this and it was going to walk you through. I’m going to hold your hand. Okay? So that we can get, we can get, you know, on top of this thing and feel better and more confident as business owners. Okay. As online entrepreneurs, as citizens of the world, you know, congratulations. We get to be affected by, um, credit stuff that they pull in the EU. Okay? That is, unfortunately, that’s the world that we live in, you know? No, no, no borders. Not on the interweb. So. Okay. Um, if you, uh, if again, the link to the show notes, it’s going to be Brittanyratelle.com/15.

Ratelle: 23:47 If you want to be added to my list, which is my email marketing list, full disclosure, although I’ve, I’ve yet to sell anything on there, but I probably will someday, but I do give tips and tricks and that’s why it’s useful to be on my email list. I give the links to my youtube replace of my online q and a’s that I do every Monday night on instagram and facebook or you can hop on if you haven’t joined in for one of those, get on it. It’s at 9:00 PM mountain standard time and you’re able to jump on and ask any questions that you want. I’m on there for usually like 20 minutes and you can ask any kind of creative entrepreneurs, small business, indie entrepreneur, however you identify yourself. There’s a thousand names for you people, which is why it makes it hard for me to niche.

Ratelle: 24:32 Everyone keeps telling me to niche down, but I’m like, yeah, that would be helpful if people had a working, you know, a reasonable nomenclature of how to define themselves. But uh, you know, people are all over the map, which is fine. You guys, you do you and I’ll do me and I’m just here to help you, so. Okay, that’s a long winded way of saying that. Thank you guys so much for leaving reviews. Those of you who have left reviews, I read every single one and I really appreciate it. I’d love to get like up to 30 reviews. I’m only like at like 20 something so you know, if only a couple of you, just a handful of you who I know are listening to this because I’m checking the stats and are finding this useful and uh, sharing with your friends and posting about it and sending me Ddms, which is all super, super nice. I love the love and feedback. I really appreciate it. Um, if a couple of you would just posted a review on Itunes, I’d really, really appreciate it. Be My new bff. So thanks so much for being here guys listening. Let me be part of your day folding laundry, driving, driving kids to and fro, jogging, walking, whatever it is you’re doing. I really appreciate it. So thanks a lot and I’ll see you on the flip side.