Privacy Best Practices for your Website

GDPR-Facebook Live image

Hello Hello Everyone,

Coming to you as we embark on the 3-day holiday weekend and here in the NorthEast we are finally feeling the sunshine. I am seriously exhaling, feeling the warmth of the sun and getting back to sitting outside with my computer a bit.

I’ve been doing more Facebook Lives and less emails so hope that you have been popping in on social to connect.

Connecting today to do some follow up on the GDPR.

The GDPR (General Data Protection Regulation) is a new Privacy law enacted by the EU that goes into effect today, May 25th. It addresses privacy of data and its collection for those in the EU. If you didn’t catch my Facebook Live overview of the GDPR, you can watch it here.

Many of you don’t do business internationally, so strict compliance may not apply for you. But some of the GDPR items put into place are good business practices overall that we all should be paying attention to in this world of data hacking and spam that we live in.

There’s been much talk (and anxiety) over being GDPR compliant. I’m taking the British approach… Keep Calm and Carry On.
I’ve spent a lot of time the past few weeks, learning how this law applies to small businesses and although I’m not a lawyer or GDPR expert, I’ve got some key take-aways to share with you today – and the one’s that I’m applying to my own business.
As with everything, it is best to be informed so you can make the best decision for yourself.

1. Data Protection – one of the biggest pieces of the GDPR is about protecting the data that you collect. When was the last time you thought about this, if ever? I love that the GDPR is bringing this up for all of us to reflect on our own practices. I’m in favor of safe keeping of my data that is collected and the data that I collect.
So what do you do?

  • You update your Privacy Policy to be more detailed and include how you use Cookies on your website. If you never had a Privacy Policy, now is the time to get one. You can find a GDPR compliant templates here and here (and yes, there is a free version). This will go on a separate Privacy Policy page on your site, be linked in your website Footer so its on every page, and also linked at points of sign up.
  • You can view my updated Privacy Policy here.
  • Ensure you have SSL and security programs activated on your website.
  • Another best practice is to not sell or share the data you collect! Its your list, use it for the purposes that people freely signed up for. Simple.
  • Cookies: mmm… cookies – a warm chocolate chunk sounds good about now… I’m talking about the other cookies though, the bits of tracking code that follow you around the internet. You can address cookies more fully in your Privacy Policy or even get a separate cookie policy. Why do you need to add info about Cookies? Well they track personal data and letting people who visit your site know that you use these items is good practice. Not sure if you use cookies? You do if you have the Facebook Pixel or Google Analytics on your site. Remember it is ok to collect data, its just being transparent about the data you collect and how you protect it.

2. Add a Consent checkbox for those joining your list.

  • If you think folks from the EU will be joining your list, then adding a checkbox for explicit consent is a great idea.
  • This is very similar to the double opt-in we used more in the past and you can even still use that if you expressly say “You are joining my list! by clicking Confirm”. Will less people confirm, yes, but for me the people that do confirm will be more engaged. There’s a lot that goes back to good old list building practices. A smaller, more engaged list is a better list for your business.
  • And going forward, keeping sign up for your list as a condition to get your freebie or watch your webinar needs to be separate from consent for joining your list (if you’ve got folks from the EU downloading). Give that knowledge and value away for free anyway!!! Make sure you include all of your contact info and a way to sign up to your list on everything!

3. Look at your existing list

  • Do you have people from the EU on it? Send them a quick email asking for consent to be on your list. Explicit consent is needed from those from the EU, so if your list is all non-EU, you are golden on getting consent.
  • You may though want to email out to your list about your updated Privacy Policy (like I have above) and let them know that you take the protection of their data seriously. I know you do!

Going forward, I like the idea of adding the consent. That’s what I will be doing. Then you are good if this type of privacy law expands to other locations.
And to note, there are existing privacy laws that you must adhere to like California’s Online and Consumer Privacy laws as well as the Canadian Anti-Spam Act.

4. What the heck are you emailing out to your list anyway?
Take a long hard look at yourself and your business communication. Make your communication be of value, informative, and/or exclusive so that people want to read what you have to have to say and take advantage of the offers that you send them.
More best practices here.

And lastly, this is a process that you will do and find the right space for your business in. There are rabbit holes to dive down, there is nitty-gritty to get into. As long as you are moving in a direction of compliance and best practices you are good. You will find that space of comfort for yourself along the way.
So set aside some time this weekend to think about your business, who you serve, and how you can be a beacon of good when it comes to data protection.

Reach out with any questions.

Happy Weekend Friends,

Sandra