Chances are you’re received an unusually high number of “we’ve updated our privacy policy” emails of late. Perhaps you’ve even wondered why…

These emails are a result of upcoming changes in the EU in regards to the data protection and privacy of individuals located in the region. The General Data Protection Regulation (GDPR) will come into force on 25th May 2018 and has companies worldwide reviewing their website and online marketing practices in light of it. Its aim is to give control back to EU residents over their personal data.

So what does that have to do with small businesses in Australia… more than you might think.

Please note, this article is intended to raise awareness about the GDPR and what it could mean for Australian businesses. I am not a GDPR expert and legal advice is recommended on how the regulation affects your business.

Why the GDPR is a good thing

Even though the GDPR has been a minefield to comprehend for many businesses, it’s actually a good thing. The GDPR is all about respecting your customers and clients and being more open and honest with them about their experiences both on your website and email newsletters. The regulation will help empower individuals to be more aware of how their information is being collected, stored and used. Surely more transparency is a good thing!

What does the GDPR mean for Australian businesses?

You may be thinking, “What’s the GDPR got to do with me? I’m not located in the EU.”. Even if you aren’t located in the EU or have EU customers, your business may still need to adhere to the GDPR.

Take my website design business as an example. My clients are primarily based in Australia and chances are I’m not going to design a website for someone in Europe any time soon. In addition to that, my online shop is limited to Australian based customers only. However, anyone in the EU is able to view my website, fill in my contact form and sign up to my email newsletter. These activities technically mean that I need to adhere to the regulation.

It’s still unclear as to how regulation breaches will be fined and enforced.

Full details on how the GDPR affects Australian businesses.

Which website elements should be reviewed in light of the GDPR?

Privacy Policy
Consult with a legal professional to update your website’s privacy policy. Ensure policies around the use of cookies and how information collected is shared with others. FYI, cookies are small files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their website work, or to work more efficiently, as well as to provide reporting information.

You may think you don’t share people’s personal information (such as their name and email address) with anyone but in most instances that information is shared with your email marketing provider (such as MailChimp).

If you currently don’t have a Privacy Policy, it’s highly recommended to set one up. There are free Privacy Policy generators available but for the most relevant policy for your business, it’s best to consult with a lawyer. Sinclair & May, based in Melbourne, are skilled in this field.

If you run an online shop on WordPress, WooCommerce has published some tips on how to meet regulation guidelines. And WordPress itself is helping website owners become more aware what details to add to their privacy policies.

Email opt-in forms
If you’re advertising a free ebook or audio track as a gift in exchange for someone’s email address, the regulation calls for your use of the email address to be explicit. Therefore, on sign up forms, stating that, upon giving their email, they will receive regular newsletters as well as the free gift, is recommended.

Contact forms
Only ask for details that are necessary. If you don’t need a phone number, best not to ask for it. Also, if your “Sign me up for your newsletters” tick box on your contact form is pre-ticked, consider unticking it as a default and let your audience decide for themselves.

Regardless of how much your business is affected by the GDPR, giving your website’s audience full disclosure on how you collect and use their data can only be a good thing. Remember, you’re a visitor of so many websites too and you have the right to know what’s going on behind the scenes, and so does your website visitors.