Your Sales Team is Impacted by GDPR. Here’s How –

It’s still difficult to process all the ways in which the General Data Protection Regulation(GDPR) is affecting the work of businesses. From database creation to maintaining an online presence, companies have had to introduce an array of procedural changes for the purpose of ensuring GDPR compliance.

The work of sales teams isn’t spared from such changes. If you’re managing sales teams or you’re member of this department, you’ll need to acquaint yourself with the important new provisions that will affect your work.

Is There a Data Protection Agreement in Place?

One of the important documents that will be needed by the sales team is a data protection agreement (DPA).

The DPA is a legal document that outlines the procedural and administrative ways in which the organization is going to protect the personal information it processes. Such a document should be readily available for customers that ask for it.

Even if a client doesn’t ask for a DPA, it will still have to be introduced in the sales cycle at a certain point in time. Selecting the right moment is of paramount importance because the ill-timed introduction of DPAs can contribute to significant slowdowns.

Most US companies may not need to have a DPA in place but in the event of such a document being required, it will have to be prepared and available in advance. Otherwise, chaos will ensue.

Evaluation of Data Being Gathered

GDPR has forced many companies to reevaluate their data collection policies. A general rule of thumb is to gather only the information needed to continue providing customers with a high quality, tailored service.

Individuals managing sales teams will need to carry out a personal data collection audit. According to GDPR provisions, there is a limited list of acceptable reasons for the collection of personal information from clients. The fact that such information could potentially be utilized for company growth in the future isn’t a sufficient reason for the collection of personal information.

A new process should be developed by the sales team that will enable the collection of the least possible amount of data for successful interactions with clients. While the audit itself could require time and resources to complete, a new process that’s based on minimum data collection could make the life of sales professionals easier in the future.

Changes in Sales Prospecting

Apart from having to be informed about their personal information being collected, individuals are also entitled to being made aware of what purposes the information is going to be used for. The amount of time during which personal information is going to be stored will also have to be shared with leads and clients. More information about these provisions is available in Article 13 and Article 14 of the EU GDPR.

If consent has not been obtained at the time when information was collected, the sales team will have to revisit the process.

As per GDPR regulations, sales professionals and other company representatives have to inform individuals that their data has been obtained (and why) within 30 days of the process being completed. If such a message is sent and an individual responds by saying they do not want their information to be stored and used for sales purposes, the entry will have to be removed from the database.

For most companies, GDPR will indicate a change in which the sales team is doing its job. To ensure compliance, these professionals will have to stop sending automatically-generated prospecting emails, they will need to get consent for data processing and storage and they will need to get consent for the purpose of sending sales materials to clients. Once these issues are cleared, chances are that the work process will become much more streamlined and effective.

 

4 Tips for Legal Online Consumer Data Collection

People’s attitudes towards the collection of online data has been changing over the past few years. A 2017 survey suggests that 75 percent of individuals will sometimes or always read a privacy policy on a website.

According to 53 percent of people, it’s extremely important to know whether an app or a service is using their personal data. At the same time, several massive online data collection scandals have rocked the world in recent years.

Providing a quality online service or content will often be dependent on consumer data collection. To do so legally, however, you’ll have to learn how to collect data and what documents to feature on your website or online platform.

Determine What Types of Personal Data Collection You’ll Be Doing

To craft the right online data collection procedures, you will first need to determine what types of sensitive information you’re going to be having access to.

Most often, online service providers work with the following:

• IP address
• Internet domain
• Type of browser or OS
• Location of the website visitor
• Demographic profiles
• Number of pages visited, length of stay on website

If you have online opt-in forms, chances are that you will be collecting additional sensitive information. When you know what you’re dealing with, you will get to determine which regulatory framework(s) you’ll have to adhere to.

Understand Personal Information Law and Compliance

Online data collection could be subjected to multiple regulatory frameworks due to the international nature of website visits. The EU GDPR is one of these frameworks. The US has more limited regulatory efforts as far as data privacy goes but a few statutes may apply to the work of different online companies.

If you’re based in the US, EU, and many other Western countries, you will have to comply with at least one type of data collection law. A privacy policy, terms and conditions, and thorough explanations as to why you have to collect sensitive data are the absolute minimum.

Carry Out a Privacy Audit

A website that’s already functional will have to be audited to determine whether it meets all regulatory requirements. It’s best to have an experienced legal professional carrying out such an audit.

Some of the items that will be examined include your privacy policy, whether opt-on forms allow for explicit consent and whether people are given the chance to opt out effortlessly. Based on the audit information, you’ll get to determine how data collection is to be modified in the future to ensure compliance.

Minimize Personal Data Collection and Retention as Much as Possible

Online consumer data collection should occur for the provision of better products and services. It’s possible that you’re currently accessing sensitive information that isn’t adding anything to the experience of people visiting your website or using your app.

There are things you can do to minimize the collection of sensitive information online. Based on the audit you’ve carried out, it’s possible to identify certain positive changes in this field.

Very often, online businesses gather a lot of extra information that could potentially be used in the future. If you’re doing this right now, you’re only making your life and work more challenging. Data breaches and hack attacks do occur. The more information you have, the bigger the problem is going to be in the case of an information leak.

A final thing to do is to ensure the security of data collection efforts. To minimize the risk of hack attacks, invest in quality servers, encryption, and access control. While there are numerous additional things you could be doing, this is the absolute minimum when it comes to meeting laws and giving your customers access to a quality service.

 

The Effect GDPR Has on Cookie Policies

If you have visited any website after the enactment of the GDPR, you have probably seen a message about the fact that the website uses cookies. This message is a part of GDPR compliance and if you have a website, you should also consider the enactment of a new website cookie policy.

To understand the specifics, it’s first important to examine what cookies are and how they could affect the collection of personal data.

What Is a Website Cookie?

A website cookie is a text file put on your computer whenever you visit a website. The aim of the cookie is to store data so that the next time you visit the respective website, some of the information will be loaded immediately. Cookies ensure fast loading time and a degree of service personalization.

In some instances, cookies can be used in a way that makes the website visitor identifiable. When this happens, GDPR compliance is going to be on the table.

Cookies could be used for analytics, the delivery of marketing messages, as well as functional website services. For the collection of information to be lawful, websites will have to ask for the consent of visitors. Otherwise, the use of such cookies will have to be discontinued.

GDPR Compliance and the Website Cookie Policy

When you go through the lengthy GDPR text, you will see cookies being mentioned only once. This happens in Recital 30 of the GDPR.

According to the text, online identifiers like cookies could be associated to natural persons. Thus, whenever cookies are utilized in a way that can potentially get someone identified, they are subjected to GDPR regulations.

To become compliant, websites should either stop collecting information via cookies or they should rely on explicit consent to continue operating in the same way. This means asking for consent to be given as soon as a person enters the website and also outlining the use of cookies in the terms and conditions.

One of the simplest things is to have a note that allows the person to either accept or reject the cookie policy. It’s not ok to feature solely a button for agreement. Under GDPR, this is a violation of an individual’s right to prevent businesses from using their personal data.

It’s also important for the people who have already given their consent to be provided with an option to withdraw it.

To sum it up, here’s how compliance can be ensured as far as cookie policies go:

• Inform website visitors immediately that cookies may be used to collect their personal information
• Give them a chance to either accept or decline the collection of such personal data
• Have terms and conditions that outline what cookies are and how they’re going to be used by the website
• Give website visitors a chance to withdraw their cookie usage consent, even if they’ve agreed to it beforehand

Things may seem a bit confusing but consent management is one of the most important parts of the GDPR. Cookie usage is just a tiny fraction of it. to run an online business or a content-based website, you should rely on a template or plugins that simplify the process of getting explicit consent/allowing people to opt out. Take it one step at a time. Enhance your terms and conditions and work on the creation of a consent form that could be modified for different purposes – it will come in handy as far as ensuring GDPR compliance goes.

 

The Seven Most Important Legal Protections For Your Online Business

As an entrepreneur, you have a particularly big role to play in the success of your online business. You are the sales person, the developer, and the customer representative – all at the same time. While outsourcing some of these roles or hiring others to fill these positions is a good idea, scarce resources may not enable you to work with a consultant or freelancer.

No matter what roles you end up serving, it’s important to remember that being an online business owner does not give you immunity from the law. Your business is very much regulated by the same laws guarding big businesses – sometimes even more – so you have to know how to handle legal issues. While not all of your legal needs may require hiring a lawyer, all of it does require your knowledge of the law. A little bit of preparation will go a long way. This article is a good place to start.

ONE: Your Pre-Business Contracts:

The most common mistake startup founders make during early growth is not establishing a strong legal structure at conception. While it’s tempting to dig into the vision for your company and start making your idea a reality, it’s important that founders pause and cover their legal bases. The core legal documents that founders need to put into place will help avoid costly legal battles in the future. Three are listed below.

Articles of Incorporation.  A common mistake startup founders make is failing to put the proper business structure in place. Setting up only a sole proprietorship can result in huge income tax bills and legal liabilities for which founders are personally responsible. By not filing with the Internal Revenue Service to form a distinct legal entity for their business, founders risk losing their personal savings and, in some extreme cases, their homes.

Nondisclosure Agreements.  Having a non-disclosure agreement (NDA) readily available, is imperative before any business conversations take place between you and an outside party. From the moment a prospective employee or investor initiates contact with you, you need to have an NDA agreement waiting for them to sign. NDAs protect your online business by safeguarding your founder and employees’ ideas, and your intellectual property. An NDA should specify the following:

• What constitutes confidential information
• How confidential information should be handled
• Who owns that information (the company)
• The time period that the information will be disclosed
• The time period confidentiality will be maintained

Independent Contractor Agreements. For many small or online businesses, outsourcing to independent contractors is a great way to get some added help, fill a specific needs, or bring in specific expertise. It’s a flexible arrangement, and you don’t have to pay workers’ compensation, payroll taxes or employee benefits for contractors and freelancers. However, be aware that the IRS is now on the lookout for employers who misclassify their workers as independent contractors to avoid paying payroll taxes.

For this reason, it’s smart to make a contract. Consider an independent contractor agreement that explicitly defines the relationship between you and the worker. Make it clear that you intend the worker to be an independent contractor who is responsible for his or her own taxes. In addition, the agreement should not exert much control over how work will get done. Be careful not to set specific hours for when they need to work or where.

TWO: Your Business Structure:

While less exciting than building a website and marketing your product, careful evaluation of which business structure is right for you is crucial because it will have implications for how the IRS taxes your profits. It’ll also determine whether your personal property is protected when others demand money from your business. Other considerations, including the management of the new business and your long-term plans for it, come into play as well.  

Business structures are largely creations of state law, and there are minor variations on the details from state to state. But here are five common models:

• Sole Proprietorship.  An unincorporated business that is owned by one person who reports business profits on his or her individual tax return. A sole proprietorship is the simplest business structure and is straightforward to start.
• Partnership. An unincorporated business is owned by multiple owners, and these can be either people or other businesses. Profits are divided among its owners and reported on their tax returns. Common partnership types include General Partnerships, Limited Partnerships, Limited Liability Partnerships (LLPs) and Limited Liability Limited Partnerships (LLLPs).
• A Limited Liability Company. An LLC is a hybrid business structure that limits the personal liability of its owners — called members — like a corporation but allows the profits to be taxed on either a member level or the corporate level.
• An S Corporation. An S corporation has one class of stock and no more than 100 shareholders, none of whom can be another for-profit business, or a person without a green card who doesn’t meet IRS residency requirements. Profits are taxed on shareholders’ tax returns, and shareholders have limited liability.
• A C Corporation. A corporation whose profit is taxed once on the business level, and a second time on an individual basis when earnings are distributed to shareholders who have limited liability for the business’s debts. C Corporations can have multiple classes of stock and an unlimited number of shareholders.

THREE: Intellectual Property

Intellectual property (IP) is the bread and butter of most online businesses. Be prepared to invest in the time and talents of an IP attorney early on because there’s sometimes a very thin line between creativity and theft. Intellectual property owners need to put in efforts to ensure their rights are protected. As an online business, securing a trademark for your IP is the only way to guarantee no one will steal your idea from you.

Trademark and Copyright Protection:

There tends to be some common misconceptions about what these words actually mean, with must-know legalities and laws around each one. The United States Patent and Trademark Office defines them as the following:

• Trademark: A word, phrase, symbol, and/or design that identifies and distinguishes the source of the goods of one party from those of others.
• Patent: A limited duration property right relating to an invention, granted by the United States Patent and Trademark Office in exchange for public disclosure of the invention.
• Copyright: Protects works of authorship, such as writings, music, and works of art that have been tangibly expressed.

FOUR: Terms of Use Agreement:

Essential to your website is the Terms of Use Agreement, which is intended to be a contract between the Web site owner and the users of the site, and any purchasers of goods or services from the site. A well-drafted agreement includes: limitations on how the site can be used, copyright protection warnings, disclaimers, liability limitations, disclosure on the site’s privacy policy in dealing with customer information, jurisdiction where any disputes must be brought (ideally, the hometown of the site owner), and much more.

FIVE: Privacy Policies:

This is one of the most important areas of launching your online business, and you should plan on devoting time to getting this right.  Remember that regulations around privacy policies don’t just end at your website: any tool that collects information from your site — such as website analytics, online forms, or chat widgets — will require a policy too. Google Analytics, the most popular web analytics tool out there, even has a privacy policy requirement in its terms of use.  Equally important, if you’re planning on running any online ad campaigns, both Google and Facebook require privacy policies in place if you’re collecting any user information. This is especially important for Facebook Lead Ads, which requires a privacy policy URL link within each ad you create.

A privacy policy usually lets your customers know what type of data you’re collecting, and what you’re doing with that data. It also generally provides information about how you’re collecting data, whether it’s through a form or cookies on your website.

Privacy policies may also include information on who has access to the customer’s data. This can mean giving customers the right to request data if they want, and a process to do so. And it usually involves providing contact info if they have a question about the privacy policy. You may also want to provide an opt-out notice for users that don’t agree with the policy.

Speaking of privacy policies, have you heard about the GDPR (aka the new General Data Protection Regulation put into place by the EU?). If you’re unsure of what you need to know for this new privacy law and how to get yourself compliant, click here to watch my free masterclass on the GDPR, OR click here to download a totally free GDPR compliant plug-and-play privacy policy.

SIX: Client Contracts

Drafting up contracts for your clients doesn’t need to be complicated, nor does there need to be a lot of legalese. The goal is to clearly define all expectations of a project from both you and your client. On a very basic level, a contract should clearly spell out who’s doing what and for how much. Clumsy legal language often confuses people and should be kept out of agreements if possible. Generally, if you don’t understand it yourself, then you should leave it out of your contract.

Service agreements for your clients. A client service agreement focuses on your relationship with your clients or customers. If you are a consultant, coach, or other service professional, then it’s imperative that your clients know what to expect when working with you and what their responsibilities are in the transaction.

A well-drafted client service agreement memorializes the basic terms of your relationship with your client. It also provides the next steps in the event something unexpected happens. It can prevent disagreements and confusion with your customers, which in turn can prevent any need for litigation.

Your client service agreement should include the client’s name and contact information, a place for them to sign, the amount the client will pay you, and what exactly you will provide in exchange for that payment.

Other important items you should include:

• What happens when a client fails to show up for their appointment?
• How many calls/emails/meetings with you can the client expect?
• How and when will the client pay you?
• What happens if payment is late?
• How can you, or the client, terminate the coaching relationship?

Coaching agreements/freelancer agreements. When you’re mentoring others online or offline on how to improve their businesses or personal lives, you will want to put into place a written coaching agreement that clearly states what you have agreed to do, when you will perform such coaching services, and your coaching fee(s).

Equally important, your coaching contract should specifically exclude key areas that your services do not cover.

When having an experienced business lawyer prepare the coaching agreement you will use with clients, here are some key factors to consider:

• What is the term of your coaching agreement?
• What deliverables are you promising and, equally significant, what are you excluding from the scope of your professional coaching services?
• What media will be used to deliver your coaching services?
• How and when will you get compensated for your professional coaching advice?

SEVEN: Liability Protection

Clear communications will solve many customer complaint problems for your online communications, but may also protect you from claims of false advertising and investigation by the U.S. Federal Trade Commission. Disclosing basic information is required by law, but must be done accurately. Therefore, you should monitor the information you are placing on your website to make sure it accurately depicts your business practices, prices, products, or whatever else you are describing to potential customers to entice them to buy your products or services.

Clear communication also includes “adequate” communication. Leaving out key details about what you are describing on your website can be considered misleading. The FTC provides guidelines on its website regarding advertising and marketing on the Internet and gives good examples of what types of statements might be misleading to customers. 

Cyberattacks.  Protecting against cyber-attacks isn’t that difficult. Hackers are intelligent and ambitious, but statistics show that entrepreneurs and business owners generally do not employ the best defense mechanisms against cybercrime either. Most victims are “targets of opportunity.” In other words, they had extremely poor security, if any. Here are a few things you should do to protect your business against cyber-attacks:

• Purchase malware and anti-virus software. Malware is used in most data breaches. It can be planted onto a computer through spammy websites, suspicious emails, or unsecure Wi-Fi connections. If the infiltration is successful, malware can capture login information and keystrokes. Other threats include email phishing, pop-ups requesting personal information, or social media account access. The good news is that it’s surprisingly easy to protect your business against malware and viruses. Simply install appropriate protection software. You should also update it regularly because worms and other viruses thrive on out-of-date software.
• Encrypt important data. Sensitive data such as bank accounts or client information should be encrypted because this is exactly the kind of information that hackers are looking for. Full-disk encryption tools, which are standard features for most operating systems, should be utilized at all times. Data encryption can also be used for cloud-based services or email platforms.
• Educate Employees. Most cyber-attacks occur through compromised Wi-Fi networks If you use wireless networks, you should make sure that they have strong passwords. You should also disable the SSID broadcasting function on your router in order to hide your network. Avoid using WEP networks. At the moment, WPA2 is the standard because it offers better protection.

Disclaimer You should avoid making announcements, slanderous statements, or engaging in any business that might be considered suspicious. Partnering up with companies that end up being sued might also harm you in the fallout. In addition to this, you should also limit any possible conflicts of interest. To that end, you should definitely think of obtaining liability insurance to protect yourself against unfortunate events. Errors and omissions coverage should also be considered, especially if you’re working with people. Another option besides purchasing insurance is to build protection through your contracts.

Here are a couple of things that a website legal disclaimer can do:

• Inform people you may change your content at any time with or without notice

• Disclaim responsibility for the content provided on any websites that you link to your website.
• Advise people, under no uncertain terms, if they take any action based on the information provided on your website that they do so “at their own risk.”

Data Protection. There is probably no quicker way to lose customers than to allow their personal information to be unsecured. Laws and customers are placing more and more emphasis on personal security, and protection of their financial information is required. Accurate and adequate disclosure of security practices to consumers is a vital aspect of good online business practices. State and federal laws require protection of financial information and social security numbers. Also, several state laws require notification to consumers if there is a security breach that puts their personal information at risk for identity theft or other fraud. Constant monitoring of your security practices is essential.

 

Conclusion: Relationship with a good attorney!

 

Finally, and perhaps most importantly, securing a good attorney at the beginning of your business will save you time and trouble in the future. If you’re unsure which corporate structure is right for you, talk to an attorney. If you’re not clear on the terms of a new contract you’re about to enter into, have a lawyer read and interpret the document to you. While you might be very eager to append your signature to the agreement, taking a little caution will keep you from entering a long and painful business relationship. An investment in a good counsel now, will pay big dividends in the future.

 

How is Personal Data Defined Under the New GDPR Provisions?

The General Data Protection Regulation (GDPR) is already here and hopefully, you’ve managed to implement all of the required changes. To ensure consistent compliance, however, you need to have a thorough understanding of the term personal data and its specific definition under GDPR.

The general definition of personal data is easy to understand – this is data pertaining to a certain person (financial, medical, personal, etc.) that should be protected. Does GDPR change the definition of the term, however?

The Definition of Personal Data

More information about the definition of personal data is available in GDPR Article 4.

The document states that personal data is any information that relates to an identifiable individual. An identifiable individual is someone who can be identified by their name, ID number, an online identifier (like IP address, for example) or any other source of information that can be utilized for either direct or indirect identification.

As you can see, the GDPR definition is quite vague and it could relate to just about anything. The scope of information expands in an attempt to give people more control over the privacy of their data.

New Categories of Sensitive Data

Personal data has an important sub-category under GDPR and this sub-category is sensitive data. Sensitive data is more specific and it should be handled more carefully by website administrators and web service providers.

A few common types of sensitive data under GDPR include:

• Information about a person’s race or their ethnicity
• Political opinion
• Health details
• Sexual orientation
• Religious affiliation

In order to process sensitive data, online service and content providers have to get explicit consent under the GDPR.

There are two more types of data that fall under the same category and necessitate similar processing – biometric and genetic data. Genetic data is specifically used for medical research purposes. Biometric data includes fingerprints, retinal scans, etc.

Processing Terms and Conditions for Personal Data Handling

Now that you have a better idea of what personal data is, it’s time to understand how such information should be processed and handled under GDPR.

The conditions for personal data processing under GDPR are somewhat similar to those under the Data Protection Act of 1998. Processing is going to be lawful whenever:

• Consent is obtained from the individual that the data pertains to
• The processing of such data is absolutely necessary for the performance of a contract, for legal compliance, the performance of a task or to meet a legal obligation
• Explicit consent is obtained for sensitive personal data

To meet these requirements, website owners have to review existing data collection policies, as well as the terms and conditions presented on the website itself. If a consent mechanism is already in place, it should be reviewed to make sure it meets the much more stringent GDPR requirements (especially for sensitive data).

Whenever personal and biometric data is being processed, both GDPR and local national regulations will have to be taken into consideration. Individual EU member countries could impose additional restrictions that will come on top of the standard GDPR provisions.

Ensuring GDPR compliance has been a lengthy process for many businesses and for some, the process has not been finalized yet. If you’re one of these businesses and you’re still struggling, you should seek legal assistance right now. Having an experienced professional reviewing your personal data collection and processing policies will make it easier to identify gaps, shortcomings and potential GDPR violations.