• Skip to content
  • Skip to primary sidebar

Online Rule

The Home Of "No Yuck Marketing"

  • About
  • Contact
  • Blog
  • Privacy Policy
  • Terms Of Service
  • Testimonials

GDPR – scary news for online marketers

October 16, 2017 by Veit 4 Comments

as you may or may not know, towards the end of May next year, the so-called GDPR (General Data Protection Regulation) comes into effect in the EU.

However, it applies to ANYONE selling into the EU … and that includes pretty much all online/Internet marketers.

So, straight from their FAQ http://www.eugdpr.org/gdpr-faqs.html

the ‘scary’ one:

What are the penalties for non-compliance?

Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million.

This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts.

There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment.

It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.

 

Regarding the first part (the 4%): that applies to the entire company-structure.

So if you think: “not to worry, this one company that might be affected is only a small thing under my umbrella brand” … think again:

GLOBAL turnover of the ENTIRE company!

As you can see, they explicitly mention ‘not having sufficient customer consent to process data’.

Here’s where this gets scary:

look at the last paragraph I mentioned:

if you store customer information in e.g. Aweber, and they get hacked … YOU are responsible!

It is YOUR responsibility to CHECK up-front (and keep checking on a regular basis) that (in this example) Aweber are GDPR-compliant (they’re not, just checked, see below)

Now it gets even scarier:

even if you can prove that Aweber messed up and YOU checked in on them on a regular basis … it’s still the 4% of YOUR company that’s on the line (or €20 Million, whichever is the greatest).

You can then TRY to reclaim that from Aweber, but that’s YOUR job. YOU/YOUR company foots the bill to begin with.

in case you’re wondering: I attended a seminar on just that topic last Thursday, great presentation by a lawyer who specializes in just this thing.

The big take-away from this was:

obviously, the scary stuff from above.

But, probably more importantly:

Data Protection (at least for those selling into the EU) is now a PROCESS!

It’s an ongoing effort, and in order to be compliant, you will have to prove that you have systems in place!

If you don’t … that’ll be 2% or €20 Million … whichever is the greatest.

Just to scare you some more:

just had a chat with Aweber … and they think they’re safe because they US-EU Safe Harbour agreement (self-)certified.

They’re NOT safe:

https://iapp.org/resources/article/safe-harbor-and-gdpr-action-plan/

(read the Price Waterhouse Cooper article at the top)

how’s that for a lighthearted start to the week?;-)

Cheers

Veit

PS: if you’d like to sign up to my new “Drip”-list, you can do so here:

Join us in the fabulous world of “Drip”

Enter your name and email below, and see the magic of Drip in action (there’s a video with ‘first impressions’, along with demonstrations of the tagging functionality)


 

Filed Under: Uncategorized

Reader Interactions

Comments

  1. jane says

    October 16, 2017 at 5:50 pm

    Yes, I got this last week from Google as I host my email through them. Looks like a new business having a EU representative requirement for anyone in North America!

    Hello Administrator,

    We are sending you this message because your organization is operating G Suite account thebusinessofathomebusiness.com, and the G Suite Data Processing Amendment currently governs how we process personal data on behalf of your organization, and/or according to our records, your organization is established in the European Economic Area or Switzerland.

    On May 25, 2018, the most significant piece of European data protection legislation in 20 years will come into force when the European Union’s (EU) General Data Protection Regulation (GDPR) replaces the 1995 Data Protection Directive. We know that preparing for this regulatory change is a priority for many of our customers. It is a priority for us, too.

    Today, we are pleased to roll out version 2.0 of our Data Processing Amendment (DPA), which has been specifically updated to reflect the GDPR.

    How opting in to DPA version 2.0 works

    If you opt in to DPA version 2.0, the updated terms will take effect with the GDPR on May 25, 2018. If you opt in before May 25, you will benefit from DPA version 1.6 until then.

    Details Google is required to obtain from you

    The GDPR requires Google to maintain records of certain information, including the contact details of your EU representative (if your organization is not established in the EU) and Data Protection Officer (DPO), where applicable.

    Reply
  2. Quentin Pain says

    October 16, 2017 at 6:41 pm

    Note that the wording is UP TO 4% or €20m, whichever is higher, which means if your global turnover is less than €500,000,000 (ie. 1/2 billion Euros) and the EU Court of Justice (or whatever) thinks you’ve been especially naughty (eg. you left your WordPress User Name as ‘Admin’ – as in the case of a British Company which was fined recently for being hacked under the previous DP rules), then they can still fine you €20m even if your global turnover is $1.

    In the UK, the ICO have stated that small companies needn’t worry as it is unlikely they will be fined €20m – which is great since there are probably around 1 million UK micro businesses desperately trying to peddle their digital ebooks and such like across the EU by way of optin forms on digital channels they have no hope of every understanding (as you mentioned above Veit).

    And don’t think for one second that Brexit is going to free up the UK from this legislation – far from it – the UK is the FIRST country in the EU to implement it – in fact, everything’s already in place over here, the only thing that changes next May is that they’re going to fully enforce it.

    Note that the only entity that’s going to get seriously rich from this is the EU state machine (considerably more than the lawyers trying to get rich off fighting the legislation where it victimises the ignorant, since the ignorant are most likely to be the penniless, who will be forced out of business through not having a PhD in cryptographic processes).

    If they really cared about data protection, they’d give all the fines back to the ‘victims’, wouldn’t they? Ha! SNAFU.

    Reply
  3. Walt Bayliss says

    October 16, 2017 at 7:37 pm

    Thanks Veit.
    So the key here is customer consent… is that right?
    Or is the focus on encryption and security ?
    (Or both)
    Keen to know more.
    Cheers
    Walt

    Reply
    • Veit says

      October 17, 2017 at 2:31 pm

      it’s both: getting permission as well as protecting the data.

      The key thing (kinda hinted at in the Q&A) is that you have to have PROCESSES in place that deal with different scenarios of customer data getting compromised.
      And those processes need to end in “and this is how we notify the authorities when shit happens”.
      And of course, processes need to be documented (that’s the 2% rule, see above), plus you have to have systems/processes in place that make sure your first lot of processes are always up-to-date.

      if there’s enough interest, I’ll contact the lawyers I went to see last week and see if they could do a ‘special’ edition for online-marketers.

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Popular Posts

  • The “Entrepreneurial Divide” 79 comments
  • Internet Marketing You Can Do In Public 63 comments
  • What’s The Difference Between Santa And Easy Video Suite? 44 comments
  • The Mathematics Of Success — Why It’s So Hard To F.O.C.U.$ 32 comments
  • #$%# the Salty Droid 27 comments
  • Super Awesome Free Resource For Deploying New WordPress Sites 25 comments
  • Are Passion And Willpower Needed To “Make It” With Internet Marketing? 24 comments
  • Why “passive income” isn’t a good idea 22 comments
  • “I’ve worked, and it wasn’t fun” – exclusive interview with Lynn Terry 21 comments
  • Paid Traffic First, Ask Questions Later 21 comments
  • Full-time Income From Just ONE SINGLE BLOG 19 comments
  • (W)ISN? 19 comments
  • The source of all intuition and creativity 19 comments
  • 5 Marketing Lessons In One Short Video 17 comments
  • more important than the #1 business-building activity!? 17 comments
  • On “Secrets” and “Shortcuts” 16 comments
  • Why No “Squeeze” Page? 15 comments

Featured Posts

Building Marketing Campaigns From The Ground Up  – A Counter Case Study

Building Marketing Campaigns From The Ground Up – A Counter Case Study

A quick case-study of how NOT to do it:basically what the product creator in that case-study does is build out an entire marketing funnel WITHOUT first proving to himself that his assumptions are correct. (something I referred to in the last blog post on launching products)Leading in almost all cases to a massive waste of time […]

How to create & launch a product: Step 1

How to create & launch a product: Step 1

[heads-up: at the end of this post I’m going to suggest you check out Russell Brunson’s 10X Secrets, and this post here is the reason WHY] over the last quarter, I’ve come to an ‘old’ realization: ‘old’ in the sense of: I already ‘knew’ it (intellectually), so it wasn’t ‘new’ to me … … but […]

The ONE thing that separates the winners from the wannabe entrepreneurs

The ONE thing that separates the winners from the wannabe entrepreneurs

[warning: could be interpreted as a RANT!] right now, interest rates are low, right? so that sucks for those who have money to invest, and want the ‘security’ of getting ‘interest’. right now, stock-markets are flatlining/going down & they’re rather volatile, right? so that sucks for those who are a bit more adventurous than those who want the safety […]

fascinating thoughts … and PERSPECTIVE

fascinating thoughts … and PERSPECTIVE

I hope you enjoyed that BBC article I sent you yesterday …. … quite interesting how the ‘reverse’ of what everybody is doing can lead to massive results, right? Now, there’s another angle to it (or let me put it this way: there’s a very specific reason WHY that model is so successful) And again, […]

Warlord Optin Review

Warlord Optin Review

This started out as a review of the “Warlord Optin” plugin … but quickly turned into a (hopefully;-) useful case-study on providing value. The big take-away: the old model of getting optins (first get the optin, then lead subscribers through a ‘nurturing’ campaign that shows them how ‘valuable’ your content is) is pretty much doomed. End-result: you […]

How to pick a niche

How to pick a niche

Hey there, Veit here with a quick overview over the  “how to pick a niche where you can provide value (even when you’re not an expert or think that you have any particularly exciting skills, knowledge or experience)”-project.If you’re not sure what this is all about, go to the original FB™ post and read that first) The background […]

OnInbox Performance Test

[UPDATE May 2018: I’m no longer 100% happy with Oninbox, see here why: http://www.noyuckmarketing.com/the-future-of-oninbox) so I wanted to know how OnInbox compares to the Awebers, Sendgrids, Amazon SES of this world. For this, I ran an experiment where I sent a ‘normal’ email as I normally would through the following services: Drip (my standard ‘go-to’ solution […]

Copyright © 2022 · Twenty Seven Pro on Genesis Framework · WordPress · Log in

We use cookies on our website to enhance your user experience and to help us administer our business. By continuing to use our website you agree to set cookies OR for full details about cookies we use and how to opt-out see Cookie Policy