Is it time for a new privacy policy?
I’ve had a few clients ask me if they needed to update their Privacy Policy because they are seeing a lot of emails about this.
In case you are wondering, here’s the quick answer:
Do you do business with clients in the European Union? Then yes.
If the answer is no, then you do not need to worry about it.
Long answer:
Two years ago, the EU (European Union) passed a new law requiring tighter privacy policies and more transparent data collection. That law officially takes effect on May 25th, 2018. If you are now or plan to do business with anyone in the EU, then you need to be in compliance with these new laws (called the GDPR or General Data Protection Regulation).
If you do need to be in compliance, it involves a few different points.
- Privacy Policy – Your privacy policy must be revised to include all the details of your data collection process. There are some generic templates available but we highly recommend you consult an attorney for maximum compliance.
- Email collection – Whenever you collect data to be used for marketing purposes, including a newsletter, it must be clear and obvious that the individual is being added to your newsletter and they must have a way to opt out if they so choose to. Depending on how you are collecting this data, there are certain requirements in place.
- Cookies – Your website must clearly state that you are using cookies and allow the user to have a way to opt out of this usage now and in the future.
- Backwards compliance – If you have existing contacts from the EU on your mailing list, you must send out an updated notice of your privacy policy and request that they re opt in to your newsletter. While this only specifically applies to those in the EU, you are likely to have seen this from a number of companies that are doing this as an opportunity to clean up old lists. Anyone who does not re opt in must be removed entirely from your list.
This is the general info you may need to be in compliance with the GDPR. There are many other aspects to it as well but will help most small businesses avoid major issues.
Please let me know if you need more information. While we are not legally qualified to help you achieve full GDPR compliance, we can provide some guidance and help.
Did you find this useful? Please share.