GDPR. Anyone figured this out?

JAVB · May 17, 2018

Chris McCarron said:
Unfortunately that isn't the case. All EU citizens are protected by GDPR compliance regardless of where the server of the forum is located.

The only way to prevent a business from having to comply to this regulation is to shut off access to EU visitors, including EU citizens residing and/or visiting the US (or non EU country).

You can't account for that.

I didn't talk about where the server was. If your servers are in Europe, the obviously the law applies to you even stronger. And not only to this one, but to other laws governing the specific country you are in.

But going back to my point, if you have a site here in the states, serving primary English speaking users and not actively targeting Europeans or conducting business THERE, you don't have to comply.

Sent from my Pixel 2 XL using Tapatalk

Chris McCarron · May 17, 2018

joelvaldez said:
I didn't talk about where the server was. If your servers are in Europe, the obviously the law applies to you even stronger. And not only to this one, but to other laws governing the specific country you are in.

But going back to my point, if you have a site here in the states, serving primary English speaking users and not actively targeting Europeans or conducting business THERE, you don't have to comply.

Sent from my Pixel 2 XL using Tapatalk

The English language is used as a first or second language by the majority of European countries including UK, Republic of Ireland, Scandinavia, Holland etc.

GDPR is a single set of rules that apply to all EU citizens regardless of where a server is hosted, where a business is located or where it operates from.

Therefore, US laws etc do not trump GDPR and it doesn't get "stronger" or "weaker" depending on the location of where you conduct business or the demographic you're actively targeting.

For example, let's say Fastlane switched to be "A US Entrepreneur Forum" and let's say I join using my personal email address.

I'm a UK citizen who speaks English and GDPR applies.

Same for if I'm a French citizen who resides in the US. Bonkers, I know.

However, with the exception of German citizens, GDPR does not apply to business contact details including personal business email addresses.

MJ DeMarco · May 17, 2018

Andy Black said:
The course is tomorrow.

Ah yes, LOL, a couple days in Vegas and I forget the date.

MJ DeMarco · May 17, 2018

Chris McCarron said:
Therefore, US laws etc do not trump GDPR and it doesn't get "stronger" or "weaker" depending on the location of where you conduct business or the demographic you're actively targeting.

That's what I've been interpreted.

Chris McCarron said:
Only people who have never owned a business or held a position of authority within a company would have ever created GDPR.

All one needs to know is the regulation is 99 pages long, the perfect size so no one can understand or no one will read it, belaying an army of lawyers that can be hired for gazillions, and fines that have no limit (even capped at 20M) in their reach.

Mckenzie · May 24, 2018

Andy Black said:
My head hurts trying to figure this out, but it’s something we have to do.

Can anyone link to good resources that clearly explain what we need to do?

I found this AppSumo promotion: GPDR Tracker today for $49 Lifetime access. : AppSumo
There're positive reviews there. I haven't used it myself.

Xeon · May 24, 2018

Who cares? Even if I don't show any cookie pop-ups on my site and outright ignore this GDPR, what can they do? Shut down my site? Lol

E.g., if I'm a Brazilian/Zimbabwean with my business registered in China, what can the US/EU do?

c4n · May 25, 2018

Xeon said:
Who cares? Even if I don't show any cookie pop-ups on my site and outright ignore this GDPR, what can they do? Shut down my site? Lol

A lot of us here are from the EU, so we care. So do serious businesses outside the EU that do a lot of business in the EU. Feel free to ignore this thread.

Xeon said:
E.g., if I'm a Brazilian/Zimbabwean with my business registered in China, what can the US/EU do?

Worst-case scenario: you get a nice fine that you of course ignore and never pay. Then in 5 years you decide to take your lovely wife to Paris and get denied access (or even arrested) at the border.

ALC · May 25, 2018

It's a complete non sense for Business owners, it's sure is right for the privacy of our data, but what a mess !..

Fid · May 25, 2018

My friend has written a really nice step-by-step checklist for GDPR compliance. Might be enough even for bigger businesses (unless you work on processing the data in some special ways).
I thought it's worth sharing here:

GDPR Compliance Checklist for Human Beings and SaaS users

LifestyleGem · May 25, 2018

I'm not a lawyer, but if you're not a citizen of the EU, then none of this is really needed. Unless you have a physical office in the EU somewhere or bank accounts in the EU.

theag · May 25, 2018

LifestyleGem said:
I'm not a lawyer, but if you're not a citizen of the EU, then none of this is really needed. Unless you have a physical office in the EU somewhere or bank accounts in the EU.

No, thats wrong.

LifestyleGem · May 25, 2018

theag said:
No, thats wrong.

Technically yes. But in reality, I don't think so. It's not enforceable beyond the EU. This reminds me of the digital product VAT moss mess. There was huge panic, and now a ton of big US saas companies don't even bother with it.

With that said, since the EU is very money hungry and borderline bankrupt, I wouldn't bet on it, but still. How can you enforce this on a foreign company? Wouldn't they have to take it to a US court?

MJ DeMarco · May 25, 2018

LifestyleGem said:
How can you enforce this on a foreign company?

My guess is the EU will become the internet Gestapo... don't pay your fines and they will strong arm the search engines and network data access to your website across the EU. Seems ridiculous, but when it comes to unelected bureaucrats and politicians, nothing surprises me anymore, just as long as you preface your liberty killing regulation with "it's for the children" or "it's for safety." SMH.

As with most gigantic regulatory BS (think "affordable care act") it sounds great simplified, but once it's put to paper and executed, not so much.

Ravens_Shadow · May 25, 2018

Some of it is actually good in my opinion. It forces us to be more on the white hat spectrum when dealing with our customers. It also embraces transparency about what we do with peoples information and they still subscribe to receive emails from us after our GDPR updates. I actually think it'll help our list stay more relevant rather than force subscribing like we used to and 10% open rates.

Do I agree with all of it and like having a government step in? No.

Was it a total pain in the a$$? Yes.

Will it be of benefit to many? I think so.

Scot · May 25, 2018

So, I just start looking through this thread and I’m still confused because of varying opinions...

My company is US based, we sell food to US grocery stores. We do not export to anywhere, do not serve EU customers at all. If EU customers are on my site, they dont really belong there...

I assumed I didn’t have to worry about this.. do I?

c4n · May 25, 2018

I'm not a lawyer, but I wouldn't worry in your case.

If you were selling to/collecting data from EU citizens, then you'd be required to do so.

How the EU will enforce the GDPR outside of EU? Live and learn...

Andy Black · Jun 8, 2018

So all the email crap hitting my inbox has gone. We're going to spam you to tell you we're not going to spam you. ?!?

Anyway, I went on that GDPR course and it wasn't bad, but my biggest takeaway was when another attendee asked if there was a checklist we could go through and the presenter shuffled through his Powerpoint slides, frowned, and said he hadn't created one. So I've a pile of Powerpoint slides but no checklist of actions to go through? Hmmm.

I had a one hour meeting with a GDPR mentor yesterday that was more useful.

What was even more useful was me sitting the evening before drawing out the flow of data through my business. It was a good process to go through and I identified areas where we're gathering more info than we need, and are taking additional steps we don't need to take. We're going to remove those immediately and that will make my business a bit simpler already.

I was surprised that I actually started finding it quite interesting.

FWIW, here's my notes from the meeting yesterday (note that these are personal notes so go and do your own due diligence):

It's my obligation (and in my interest) to explain what data is collected and what happens to it in the Privacy Policy on my company website. This could be needed for mitigation.
Have fun with it! You can use humour if you want in your Privacy Policy. You can make it your selling point that it's simple, and easy to understand. (You should make it simple and easy to understand anyway.)
Check the UK ICO site. They're much more up on this and innovative in the UK than in Ireland.
Where are our landing pages hosted? I need to determine this and put an explanation up in my Privacy Policy.
People can only really lodge a complain if you haven't stated what happens with their data.
Use your Privacy Policy to demonstrate your own understanding of the data gathered and processed in your own business.
Illuminate people!
Mention that payments to Google are through the Google AdWords platform. Mention Stripe, Paypal, etc.
Tell people what you DON'T do, not just what you do. E.g. We don't take your credit card details.... they're input into Google, Stripe, etc.
I pretty much have a GDPR compliant business already because I just create a page for consumers to call Blacksmiths or send them an email. I don't (really) collect consumer data. I need the Blacksmith's phone number and email address to serve them. I just need to get everything documented in my Privacy Policy.
Don't forget to mention that people can email <email address> to get a copy of their data or to request it is deleted. (Note that you can decline to delete data if you have a requirement to keep it. E.g. for legal reasons where I might need to keep data for 7 years.)
Don't capture data you don't need.
Don't add processing steps you don't need.
In my case, we don't need the consumers email address when they request a callback. We just need their firstname, phone number, and maybe the brief message.
In my case, we don't need to send a copy of the email to ourselves so we can see everything is working. We just need to note the date/time a message was sent, and to whom.
(My own note: I should chat with all my team members about our requirements for protecting consumer and client data. I should also get a short contract stating this.)
If/when I come to sell a business, make the fact that it's GDPR compliant and SIMPLE a selling point.

Martin Boeddeker · Jun 9, 2018

This is a nice read, about the crazy measures that some companies took.

GDPR Hall of Shame

At the end, there are some resources you can use to get compliant.

Welcome to the only entrepreneur forum dedicated to building life-changing wealth.

Build a Fastlane business. Earn real financial freedom. Join free.

GDPR. Anyone figured this out?

Contributor

Bronze Contributor

I followed the science; all I found was money.

I followed the science; all I found was money.

Bronze Contributor

All Cars Kneel Before Pagani.

Full throttle

Silver Contributor

Bronze Contributor

Contributor

Legendary Contributor

Contributor

I followed the science; all I found was money.

THE TRUTH IS OUT THERE

Salad Dressing Empire

Full throttle

Help people. Get paid. Help more people.

Bronze Contributor

Sponsored Resources: Jumpstart Your Fastlane

Post New Topic

Fastlane Insiders