What Digital Agencies Need to Know About GDPR

By Jason Swenk on May 23, 2018

Are you ready for GDPR? Wondering how it will affect your agency and/or your clients? Even if you’re not in Europe, you are required to be in compliance with these new data privacy regulations. In this episode, learn what you need to do to protect your agency and stay in compliance with GDPR.

In this episode, we’ll cover:

  • What is GDPR?
  • What does GDPR mean for agencies?
  • 3 Steps to GDPR compliance.
  • What happens if your agency is non-compliant?

I’m super excited to talk to today’s guest, Suzanne Dibble the small business law expert based in The UK. She’s got 20+ years experience and has worked some big-time entrepreneurs, like Richard Branson. She has been living, breathing, and consuming everything related to GDPR and how they affect small businesses for the past 3 months. Suzanne is on the show today to explain the ins and outs of GDPR so you can keep your agency in compliance and continue to generate leads despite stricter guidelines.

What is GDPR?

The GDPR (General Data Protection Regulation) is a set of rules imposed by the European Union (EU) who seek to create a harmonized data protection law framework across the EU and aims to give back to data subjects, control of their personal data. GDPR imposes strict rules on businesses hosting and processing this type of data, anywhere in the world.

Suzanne says GDPR comes from a place of good intention and isn’t just a new set of regulations to make our lives miserable. The good news is that there are just a few steps to take that will keep you compliant by May 25, 2018. And the really good news is that there’s no enforcement agency waiting to haul you off to prison for non-compliance. 🙂

What Does GDPR Mean for Agencies?

Basically, this will affect your agency’s lead magnets and automated marketing campaign sequences. It’s all about transparency. Under these regulations, when people opt-in for something (like a lead magnet) that’s the only thing you can send them. If you want to continue to use their email address for marketing purposes, this will require additional consent. This also affects Facebook marketing and targeted social media ads.

3 Steps to GDPR Compliance

Compliance does not have to be an overwhelming process. Suzanne top lined the three steps we can take to make sure we stay compliant:

1. Decide whether GDPR is relevant to your agency.

It affects businesses who either (A.) process data of people in the EU with the intent to offer goods or services, and (B.) businesses monitoring the behaviors of those in the EU. If you’ve answered yes to either of these criteria, then you need to send a re-consent email to your lists to those recipients in the EU.

2. Determine if you have lawful grounds of processing data.

There are 6 criteria that fall under the definition of being lawful under GDPR, though most small businesses will fall under one of the first four.

  1. Consent. The real issue is obtaining re-consent after May 25. With that, you have lawful grounds.
  2. Contractual agreement. If you’re already under contract with a client, you’re all set and new consent is not required.
  3. Compliance with the law. Record keeping or maintaining data on clients, employees, and contractors are consensual and therefore no new consent is required.
  4. Legitimate interest. Many of us will fall into this category, where you’re marketing to someone with a legitimate interest in your service you can lawfully process their data with consent to do so.
  5. Vital interest.
  6. Public interest.

3. Write a new privacy policy and a cookies notice.

Under GDPR you must be completely transparent about what your data you’re holding and why. Additionally, you must rationalize what you’re doing with any data, where it comes from, where you’re transferring it to, etc. GDPR has 13 points that must be addressed in your privacy policy so be sure you’re fully covered.

Cookies are considered an extension of personal data. Therefore, businesses are also required to be transparent with their use and handling of cookie data with a cookies policy.

What Happens If You’re Non-Compliant?

As Suzanne explained, there’s no governing agency that’s enforcing these regulations or hunting down offenders. Basically, it just all comes down to risk analysis.

The real risks are to your brand reputation. Breaking compliance may upset people who are knowledgable on the subject. They may choose to take direct action and make a legal claim. And even if they don’t take action, you risk losing their trust and respect.

There are over 250 pages to the Articles and Recitals of GDPR. If you are unsure whether this relates to you, or you’d like to dig in deeper you can learn more in Suzanne’s exclusive GDPR for Online Entrepreneurs Facebook group. She also has a ton of information on her website here: SuzanneDibble.com/GDPR

mastermind apply

Ready to Discover the Best Agency Strategies Working Today?

Most agency owners struggle to scale. We’ve developed an amazing mastermind to guide you through the journey of implementing the right systems so you can scale your agency — instead of feeling overwhelmed by it.

We do this by bringing together successful agency leaders to share strategies, offer advice, and reveal what’s working (and what’s not working) in their agency. The truth is, whatever you want to accomplish in life, nothing will help you go further, faster than getting the right adviser in the context of motivated peers. If you want to GROW fast and smart, Digital Agency Elite mastermind will help.

You find more of my Ask Swenk series by clicking here or why not visit my Youtube channel for more of the series and lots more videos that can help you as an agency owner improve your business.

Would You Like To Get Access To A Proven Agency Framework For Growing Your Agency?