Now, it comes into force on the 25th of May. If you are outside of EU, but you have customers, prospects, employees, suppliers, anyone whose personal data that you hold, in the EU, then you need to comply, because this regulation is all about looking after the data protection of people within Europe. So that’s what you have to do.

Fines have gone up to €20 million or 4% of your worldwide turnover for the last 12 months. It sounds that this policy targets those big corporations, but there might be reputational damage for not complying. And with all eyes on the commercial use of personal data right now, staying compliant with the current laws will only help you as new rules and regulations are developed.

Even if you are a VA (virtual assistant) if you’re processing data (i.e. email list) from a customer in EU or the list contains information from the EU customers, you have to be compliant with GDPR. Otherwise, legally they are not allowed to use you anymore.

What do you need to do? You need a privacy notice that if you’re collecting emails for a lead magnet, at the point of collection. You need to link to that new privacy policy that is upfront and transparent about what you’re going to be doing with the data. People can only make that informed choice if you tell them exactly what you’re going to be doing with their data.

If you have Facebook pixel installed on your website or landing page, you have to make it clear to your online visitors. For example, The Formula One website. They notify you upfront cookies is in place, by continuing to browse this site gives consent for cookies to be used.

Business Consultant