What You Need to Know About the GDPR (and Why!)

What You Need to Know About the GDPR (and Why!)

Is your business GDPR compliant?

Unless you've been hiding under a rock lately, you have probably heard about the GDPR.

The GDPR is the General Data Protection Regulations that are coming into effect for people living in the European Union (EU) beginning Friday, May 25, 2018.

Here is what you need to know*:

What is the GDPR?

The General Data Protection Regulation (GDPR) is regulation in EU law on data protection and privacy for anyone living in the European Union. (Which countries make up the European Union? Click here). The regulation also addresses the export of personal data outside the EU - so, wherever you live.  The GDPR gives control of their personal data to the citizens of the EU. They have the right  to know who has their data, why they have it, what they are doing with it, who they are sharing it with, and how to access it and delete it.

The GDPR actually came into being in April 2016, but there has been a two-year transition period in place. It becomes enforceable on May 25, 2018.

Why is it important?

The GDPR is important to residents of the EU because of the rights they will now have regarding their own personal data worldwide. It is important to those outside the EU because if you are collecting, processing or holding the data of someone in the EU and they have not consented for you to have it or use it, you could face stiff fines (up to $20 million pounds or 4% of your company's worldwide income). This is a law, and it is enforceable, so that is what makes it so important to understand. 

What kind of data is included?

The regulations include what is called "Personal Data". Basically, the main purpose of the GDPR is to protect the personal data of EU citizens. Personal data is anything that is identifiable to a specific person. It's not just about email addresses. It's about IP addresses of computers, names, addresses, credit card information, and more.

How will it affect my business?

If you are not connecting with or marketing to residents of the EU, you could be safe. However, this doesn't mean that you have EU customers. This includes your customers, your email subscribers, your website and blog visitors, anywhere you have contact with EU citizens is affected. If you are using custom audiences for your Facebook Ads, you will need to be sure your mailing list knows. And if you are using Google Analytics or Facebook pixels on your website, you are collecting cookies and that needs to be made compliant (for EU citizens) as well. 

The GDPR regulations are for data processors and data controllers. , etc. the basis of the GDPR is that it includes data processors and data controllers. The official definitions of these two are:

Data controller:  Article 4 (7) ‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

Data processor: Article 4 (8) ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

Data controllers are you, and anyone else who works within your company who has access to the data that is being collected. 

Data processors are the businesses or services you might use to process the data that is being collected.

Simple example: If you have an opt in on your website, and you use Aweber as your email service, and you have Google Analytics activated on your website, YOU are the data controller. Aweber and Google Analytics are the data processors. Make sense? So your data processors are your ecommerce/bookkeeping systems (or services), your email system, etc. 

What do I need to do to comply with GDPR?

Review your processes and update as necessary:

  • Maintain records of the data you are collecting and processing (or having processed on your company's behalf). 
  • Make a list of those who are processing your company data for analytics, mailing lists, marketing, payment processing, online storage systems, web hosts, website, etc.
  • Ensure that you have proof of consent for personal email data (ie mailing list). If you can't prove consent, obtain fresh consent.
  • Implement a system for people to choose the way you can use their data (ie allow them to opt out of any and all forms of retargeting, marketing, segmentation, and communication).
  • Develop a plan to remove stale data from your company's records.
  • Be certain that your business's data processors are GDPR compliant.
  • Educate your employees, subcontractors and partners on your procedures if they are handling your data in any way, or provide a Code of Conduct for them to adhere to.
  • Update your Privacy Policy on your website to include GDPR compliant language (or add a special GDPR addendum to your existing Privacy Policy if you prefer and link it to your existing policy). Add a link to this page on every page of your website, and on your data collection forms (order forms, email opt ins).
  • Update your Terms of Service on your website to include GDPR compliant language. Link your terms page to your Privacy Policy page.
  • If you do use analytics or a Facebook pixel, install a notification (pop up) to tell people their data is being collected when they visit your site.
  • Ensure that your contacts are able to contact you easily if they have they questions about their data that you may be in possession of, or request for their data to be deleted from your possession ('the right to be forgotten').
  • Develop a system to handle a data breach, should it occur.

Get more information:

If you want the whole shebang in plain English, this is the best article we have found to explain it clearly: Varonis (Michael Buckbee): GDP Requirements in Plain English

Suzanne Dibble is a UK lawyer who provides excellent information about GDPR compliance. She has a free checklist here: http://globalava.org/gdpr . She also runs an excellent GDPR specific Facebook group (download her checklist to get an invitation to join it), where you can get specific help.  She also sells a GDPR Compliance Pack that provides all the forms you might need to become compliant, if you want a handy little package (the webinar is very helpful too!) 

The Bottom Line:

Whether you are actively marketing to EU citizens or not, these are good changes to make to your business. It probably won't be long before something like this is rolled out by other countries as well. Data protection is a huge topic of discussion in all areas of business. Don't avoid the whole thing and hope you don't get caught. Do what you need to, to become compliant. Know what data you are collecting, develop good procedures to handle, process and store it, and make sure your connections know that too, and you'll be just fine. 


Disclaimer: The Canadian Assocation of Virtual Assistants (CAVA) is not an official GDPR resource. CAVA is a educational website and blog, and the information contained within this site in no way constitutes legal advice. Any person who intends to rely upon or use the information contained herein in any way is solely responsible for independently verifying the information and obtaining independent expert advice as required to become GDPR compliant.

*Article sources: Suzanne Dibble (UK Lawyer), Information Commissioners Office (ICO), Varonis Systems Inside Out Security, Europa EU, Wikipedia (definitions), 

Your Marketing Plan Goals Check Up

It’s a good idea to check where you’re at in terms of your marketing plan goals and objectives. Some people check weekly, others do it every month – but you should definitely check at least once per quarter.

Your goals might include revenue, number of sign-ups to your list, number of products sold, number of visitors to your website and blog – and so on. Regardless of what you measure, you want to make sure you take time out regularly to see how you’re doing.

You’re rocking!

If you are humming right along and reaching your objectives - that’s fantastic.

Some questions to ask yourself:

• Have you been working like a mad dog to reach your objectives and can you now slow down a bit?
• If you are easily managing your current level of marketing, are there a couple new tactics that you’d like to add to the plan?
• If there’s extra revenue, is it time to hire a Virtual Assistant, bookkeeper, or other help to free up your time to work on new ideas, products and
services? Or to be able to service the extra clients and business your marketing is bringing in?

You’re sucking!

The reason we have goals and objectives is so we know if we’re meeting them – or not. If you’re not, don’t despair! There are a few things that could be impacting this and you can tweak or change these.

Some questions to ask yourself:

• Have you been doing the tactics on your marketing plan consistently? Did you fall off of your plan?
• Does your plan have enough marketing tactics or are you relying on only one strategy?
• Are you giving prospects enough different ways to reach you?
• Does your marketing message come across loud and clear in all your communications (website, sales letters, emails, ezine, blog, etc.)
• Did you add any new services or products?
• Does your marketing plan have tactics that work off of and build on each other?
• Has your target market or niche changed? Is your marketing still aimed at the “right” market?
• Has there been any dramatic change in the competitive environment that could be impacting you?
• Where in the marketing process are you falling down? Attracting new leads? Converting into clients? Keeping clients?
• Do you need to revise or create new marketing materials? Update your website content? Do an overhaul of your ezine?
• Have you given enough time for the marketing tactics to work? Some tactics take longer to show results than others.

Incorporate regular assessments of your marketing plan goals and progress into your business workdays. There are lots of variables that can affect your success, and by being proactive you can keep on top of any changes, good or not-so-good, and keep heading upwards and onwards!

 

To Track Time or Not?

Virtual Assistants need to have an effective and accurate time tracking system in place. It’s easy, but it can get out of control if you let it.

‘Losing time’ can not only set your schedule behind, lead to disorganization and late night catch-up, but it can also impact your revenue if you forget to bill for work done.

Here are a few answers to those questions you have about time tracking:

Why should I track my time?

First of all, because you need to know how you are spending your day. How much of your time is being spent on billable work? Non billable work? Wasted time? Things you dislike doing?

If you write it all down, it will be easier to assess where you can make adjustments to make your business more profitable .. and more fun too!

Also, as you start to get busier, the day can disappear right before your eyes. You want to be sure you are not losing out on billable time simply because you didn’t write it down.

When should I track my time?clock

Every day, every minute.

There are resources (see a few below) that can help you do this by using stopwatch to stop and start a timeclock, or you can do it the old fashioned way by writing it down.

I use a spiral notebook and record every task I do every day (even breaks, lunch, and my own business stuff). By using a spiral notebook, I have a record for every day. I transfer my written notes into my time tracking program for billing.

How should I record tasks?

In whatever way makes the most sense to you … whatever is easiest for you.

If you choose a complicated system or one that confuses you, you will run into trouble more than once.

My system is simple … I write my clients’ initials at the beginning of each line, and I record the task item I took care of for them beside it. I indicate the time I worked during the day. I record one task per line in my book for easy reference, and for easy transition to my time tracking program.

In my time tracking program, I have each client set up with their rate and I also have individual tasks set up for all of the things I do. I enter each client’s name and their task and the length of time I worked on it.

At the end of the month, I run my reports and can provide the detail if the client wants it.

I charge my clients on retainer (or by project rate) – I don’t need to track my time, do I?

Of course you do! What if your client goes over your budgeted time… or is way under? Even if you are working with someone on a project rate, it’s important to keep track of the hours you are putting in.

When you decide to revisit your rate package (which you should do often!) you will have an exact measure of how long projects are taking you to do.

If you are working with someone on retainer, it’s good to be able to keep a detailed list of what you worked on for them at the end of their retainer term.

Recording your time is helpful in both of these situations.

Any of these questions are easily answered just by developing a great system to keep track of how you are spending your time.

There are all kinds of resources out there (some free, some paid) that can help you manage this part of your business.

Myhours.com has a free level … it’s what I have used for years. Paymo.biz and Toggl.com are very reasonable and popular with VAs.

Freshbooks.com is a paid solution but also allows you to invoice your clients and track expenses. I use it in my business!

There are many other services and systems that you can use to track your time (just Google ‘time tracking software’ and you’ll see!). No matter which system you decide to go with, be sure that it works for you, and above all … use it! Your business, your client and your bank account will thank you!

If you need help to get your procedures in place, ask your colleagues what works best for them, or consider getting some help with yours.

And of course check out Your VA Mentor's free Time Tracking training session here!

How to Setup Google Analytics for VA’s