3C Digital

Digital Marketing for Small Business

Home » Blog » Page 11

Blog

By

GDPR and how it affects your small business

Before your eyes glaze over and eventually drift towards better daydreams, like expanding your small business, we need to discuss the important but not so interesting bits. The General Data Protection Regulation (GDPR) is going to be implemented soon and as a small business, you need to know if you’re affected by it or not. Or if you should do whatever the regulation says just in case, anyway. In this post, we will try to clarify the major things to help you understand it better.

Who is affected by GDPR?

The Office of the Australian Information Commissioner (OAIC) says, “Australian businesses of any size may need to comply if they have an establishment in the EU, if they offer goods and services in the EU, or if they monitor the behaviour of individuals in the EU”.

Do you have customers in the EU or are you planning to expand your market there? If you are, then you’re affected. These are the examples of Australian businesses that may be covered according to OAIC:

  • Australian business with an office in the EU
  • Those whose website targets EU customers for example by enabling them to order goods or services in a European language (other than English) or enabling payment in euros.
  • an Australian business whose website mentions customers or users in the EU
  • and businesses that track individuals in the EU on the internet and uses data processing techniques to profile individuals to analyse and predict personal preferences, behaviours and attitudes.

What does the regulation cover?

The GDPR is all about protecting people’s data. Remember the Cambridge Analytica scandal? Well, customers are even more wary about how their data is being used after that. In short, the GDPR aims to protect anything and everything that can be interpreted as ‘personal data’.

Here’s the example that the OAIC uses:

The GDPR makes clear that a wide range of identifiers can be ‘personal data’ including a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

What you need to do

First off, we’re going to assume that you already have Privacy Policy protocols set for your business (and published on your website). Also, that you don’t sell your customers’ data to third parties. And that when you collect your customers’ data, they actually give clear cut consent for you to have their data.

For a start, look through this super comprehensive guide provided by the Information Commissioner’s Office. It’s easy to understand and will help answer most of your questions. But if there are still some really confusing things, then it’s best to see an expert. List your questions and have a sit down with them.

GDPR aside, we can help with your other social marketing issues. Book a FREE strategy call today.