Your questions answered
Does the GDPR apply to my business?
The GDPR applies to you if you hold any data on anyone in the EU. This means if you have any customers in the EU or if you have anyone in the EU on your list or if your website uses tracking cookies or pixels and anyone from the EU visits your site. It doesn’t matter where you are in the world, if you hold data on anyone in the EU, this applies to you and your business. It is a legal requirement and you must comply.
It’s European, right? How will that ever impact on me if I’m in the US?
It’s the law of the EU but it has worldwide effect. The penalties include fines of up to €20 Million or 4% of annual global revenue whichever is the larger. The EU has drawn a major line in the sand on this in relation to the privacy of the data of its people and therefore will be using every means available to enforce, including international treaties. It would be a mistake to think that just because you are outside the border you can escape this.
Of course, in a connected world, the most likely first practical way that the EU are going to enforce this is via the internet service providers. Google and Facebook for instance are both based in in the EU, in Ireland (where we will be too as your EU representative as a matter of fact) and the EU can bring enforcement against them directly as they are located here. Do you think Google and Facebook are going to expose themselves to fines of €20M or 4% of their global turnover by letting you continue to use their services if you are not compliant? This is going to be mandatory to be able to continue to use the Internet for your business. (And if you’re operating online, we’re guessing this may be important to you.)
Don’t just take our word for this, if you use Infusionsoft, for instance, you’ll see that they’re already all over this. In your app just go to Admin > Settings > Privacy & Compliance. You have to insert details of your “Representative in the EU” in order to enable the GDPR settings. This is currently optional, but it’s likely only a question of time before it becomes mandatory. Don’t find yourself locked out of your app without a simple and easy solution when it does.
Apart from the fact that this is the law and subject to enforcement by stiff fines, and from the fact that from a practical standpoint the internet service providers are going to be making sure their customers are compliant, there is another important angle to this: the GDPR gives people on behalf of whom you hold data the right to sue you if you breach their rights. This is important.
You might think that some EU government somewhere has much better things to be doing then coming after you (don’t bet on that by the way). But even if that were a reasonable position to take, bear in mind that every individual in the EU on behalf of whom you hold data has legally enforceable rights as a result of the GDPR, rights that they can enforce by suing you. It only takes one to make your life an expensive misery. This happened to Facebook, a guy called Max Schrems sued them in relation to data protection rights and it brought down the hold system of transfer of data between the US and the EU. If this could happen to Facebook this could happen to you. Are you as well able as Facebook to afford it?
Do I have to do this?
Well, if you are in the US and you don’t hold any data on anyone in the EU then it will not apply to you. So, one option would be to delete any customers that you have in the EU and delete anyone from the EU from your list completely and then ensure that you do not collect any data on anyone in the EU in future. This would entail ensuring that no from the EU can visit your website, sign up to your list or be tracked by cookies or pixels that you have on any of your pages, Facebook etc.
If this is an option for you, you need to do it immediately in order to avoid continuing to be in breach of the law.
If deleting everyone from the EU from your list and eliminating that market of 500 million people as market for your business for the future is an option for you, go for it.
If not, you need to have this.
Can’t I just get this whenever I need it?
This is a bit like saying “can I drive around without motor insurance and then just get it if I have an accident”. The world does not work like that. You need this in place now and can get it taken care of simply and easily for a great value price. This may not be easy to get at all if you find yourself in the middle of a messy non-compliant situation.
What’s the worst that can happen?
Well apart from being fined €20M, shut out of the Internet and sued, not much really!
How likely is this to happen to me?
It’s impossible to say. The EU has laid down a huge marker with this legislation, and having done so they will have to follow up with effective enforcement. We will just to have to wait to see how this materialises.
However, it is safe to say that the EU are not going to let Facebook and Google continue to roll out advertising services that mean that the data of people in the EU is collected by businesses outside of the EU that are not compliant. Therefore, it is very likely that this is going to be mandatory to be able to continue to use those services. And of course, we have seen major players like Infusionsoft have already started to move on this directly.
Then of course there are 500 million people in the EU (versus 350 million in the US). It only takes one of them to take legal action and sue you to enforce their data protection rights. Those are odds we would not like to gamble with.
I’ve put up a GDPR privacy notice, changed my opt-in procedures and sent GDPR notification to my list, isn’t that enough?
These are all good things that you need to do to be GDPR compliant. They are necessary, but they are not enough. Without an EU representative you are just not compliant with the GDPR unless you have an establishment in the EU directly.
So, unfortunately, if you have done all of that hard work on GDPR compliance, it’s a case of “close but no cigar” if you don’t have this additional piece in place. The good news is that you can take care of this today.
What are the alternatives?
One is to delete anyone from the EU from your list and not collect data from anyone in the EU in future.
If that isn’t an option, you might look at others in the market. It’s a service that tends to be offered by lawyers, most of whom just don’t get how online business works and who tend to be very expensive.
However, we have created this service specially for online business. It is a one off simple payment that gives you everything you need to be compliant in this area immediately.
There are actually very few offering this service in any kind of a user friendly way for online businesses. So if you miss this opportunity and end up without this taken care of, you may be disappointed.
So what do I need to do?
It’s very simple. Just buy the service now and we will send you our form of agreement by Docusign. Under GDPR your representative needs to be appointed by formal legal agreement and you can complete this very easily and simply with Docusign. Once you have signed the agreement, we will send you all of the information that you need to get set up.
You will be able to put details of your EU Representative on your website and in any apps that you use immediately.
And you’ll be done.
Simple as that.
How does this service work?
We provide you with a representative in the EU for GDPR purposes. It is a requirement of the GDPR that if you are not established in the EU, you must appoint a representative in the EU who is your point of contact there for people in the EU and the regulators in the EU.
You can then put our contact details on your website, in your terms of business and in any of your apps etc. and if we receive any contact from anyone in the EU on your behalf we will forward it to you and liaise with you on any further communication required.
How much does it cost?
Our Essential Representative service starts at just €97 a month or or just €83 a month (€997 a year) paid annually. See full details here.
What options can I chose from?
We have developed the Essential Representative service as pay as you go, so that you can put in place simple compliance now at the lowest cost for your business, if that is what you need. This works on the basis that if you do need further services in the future, you can just get those when you need them.
However, we also have pro and premium options available if that is what you need. You can check out all the details here.
If you find that you do need more than just the essentials service as you go along, you can of course, upgrade any time you need to.
Will I have to do anything to make this work for me?
All you will have to do is sign the document that we send you and then you will receive your representative’s contact details which you can display on your website, on your terms of business and in any apps that require it. That’s it.
What happens if I need to use the service and I get contacted via my representative?
The annual payment covers the appointment of your representative and authorises you to use the representative’s contact details for your business. If you receive a contact via your representative, the first email contact is forwarded for free in our Essential package (Pro and Premium includes more than that). If you need additional services at that stage you can get them when you need them or if you wish, you can put in place a pro or premium account to cover you. See full details here.
Is there a long term commitment?
If you opt to save by annual billing, your initial payment includes representation for your first twelve months. You can cancel at any time and if you cancel within your first 30 days because you are not happy with the service you can get a full, unconditional refund. After than you can cancel at any time if you wish, there is no long term commitment. After your first twelve months you can continue using the service for €97 per month and you can cancel at any time.
What if I don’t like it?
If you are unhappy with any aspect of the service you have a full 30 day no hassle, unconditional, money back guarantee. Just let us know within 30 days, discontinue using the service and delete any reference to us as your representatives and we will refund your payment in full.
After 30 days you can cancel at any time once you discontinue using the service and delete any reference to us as your representatives.
How do I get this?
That’s easy, just go here.