zlacker

[return to "GDPR: Don't Panic"]
1. weehob+Me[view] [source] 2018-05-18 10:56:31
>>grabeh+(OP)
As a solo business owner based in the US, I’ve been spending the last couple weeks learning about GDPR and getting compliant. While it has not been a fun process, I do think in general the regulation is quite reasonable and overall good for the world in general. So far, GDPR compliance has not cost me any money, only time.

There are three problems however that I have with GDPR and I’d love to hear how other small non-EU businesses are dealing with this.

First is the requirement to have EU representation (Art. 27). Since I don’t have any physical presence in the EU, GDPR requires the appointment of a representative. It would appear that a new industry has been created selling non-EU businesses GDPR representation in the EU which in my brief Google searching can cost $1000 per year or more. Are other small businesses owner out there paying for this? Or how else to deal with this requirement? Not a lawyer but this is the only part of GDPR I am tempted to ignore.

Second is the common practice of using lead magnets to collect emails for marketing. My email signup forms are very clear about marketing use, and are double opt in, and subscribers can opt out with a single click. But my research suggests that this is still not GDPR compliant unless there is an explicit consent, which I believe will reduce email signup rates. Also, while Mailchimp has a GDPR form, but it is quite large and doesn’t work embedded in web page headers, sidebars or popups. I’ve only seen one of these Mailchimp GDPR signups in the wild and they opened a new browser tab to present the hosted Mailchimp GDPR form which to me isn’t ideal. How are others handling email marketing signups? Disclosure and checkbox for consent seems a reasonable compromise but I haven’t seen this very often in the wild, at least not yet, that may change come May 25. Not a lawyer but I’m tempted to keep my current forms until I see more websites make changes.

Third, I have a medium sized mailing list (less than 10,000) mostly US based emails which is important for my business. Are people running consent campaigns (as suggested by Mailchimp?) I’m concerned that I will lose a substantial part of my list due to non-response. Again, the list is double opt in and I am very reasonable with my marketing emails. (Not a lawyer) but my thought is to segment my list into EU and non-EU customers and run a consent campaign only on EU emails. Has anyone run a consent campaign and how did it work out for you?

Any thoughts or suggestions from other small and solo business owners would be much appreciated.

◧◩
2. Boulth+7F2[view] [source] 2018-05-19 21:02:19
>>weehob+Me
> Provided your company doesn't specifically target its services at individuals in the EU, it is not subject to the rules of the GDPR.

Source: https://ec.europa.eu/info/law/law-topic/data-protection/refo...

[go to top]