GDPR – A Four Letter Word ADHD Coaches Need to Know

We have a guest expert this month – my very own VP of Everything, Meg Gehan! Meg has been braving the GDPR waters making sure the IACTCenter and Coaching for ADHD are compliant with the new regulations. Since the IACTCenter prides itself on training and mentoring world-class ADHD life coaches around the globe, I asked her to share what she’s learned with you!  

First, we are a bit late writing this blog post because we were spending weeks getting the IACTCenter and Coaching for ADHD ready for GDPR day – May 25, 2018 – the day on which the cyberworld loses its collective mind.

What is the GDPR? If you own an ADHD coaching business (or any online business), this four letter acronym is something you need to know and follow. Or else astronomical fines could ensue. No joking. So please read on…

(Disclaimer: We are not lawyers or experts in cyber law, and I haven’t been in Europe since a memorable high school trip to France so we are by no means experts. But we’ve read a lot and have been living the GDPR life for the past few weeks so the following information is what we’ve based business decisions for the IACTCenter and Coaching for ADHD.)

Give Me a G…Give Me a D…

The GDPR – General Data Protection Regulation – is a new law that went into effect May 25, 2018 in the European Union and requires online businesses connected to the EU to take steps to protect their data.

Despite the hell that might be required to become compliant, it’s a good thing, really. It means that businesses and companies need to:

1. Be up front and honest about what they are doing with your private information (everything from your name and email address to your financial details and health records).
2. Get your permission to send you emails, newsletters, marketing, etc.
3. Delete any and all information they collected about you and provide an easy way to request this.

So as a consumer, this is fantastic news. You now have control over cyberspace and your own personal details, and can make sure only businesses you like and trust can keep them. Here at the IACTCenter and Coaching for ADHD, we strongly believe in the right of privacy, and most importantly, the right of choice! So we like this.

Now, as a business owner, what does this mean for you?

GDPR + the EU + YOU

So, you business owners sitting in the US…yeah I’m talking to you – bet you’re wondering if and why this effects you. Like why am I writing about it sitting at my laptop in sunny New England this fine Memorial Day weekend?

Well, the GDPR effects ALL businesses IF they have clients who live in the EU OR IF they have contacts on their list who live in the EU. So if you’ve been working with Client A who lives in Austria, then it impacts you. If you have a contact on your list from the UK, then you need to follow it.

I bet you are going over your list right now wondering if you have anyone from the EU. Well let me interrupt your ruminating, because…are you ready for the catch? Most of us build our lists with only names and email addresses on it. We have NO idea if Elsa is from Sweden or if Liam is from Ireland…or if they live down the street. So you may think you’re safe from this GDPR stuff with your online business in Nebraska, but you just don’t know.

And with fines resulting in millions of Euros for not implementing the changes, I say it’s better safe than sorry. No matter how small your business is. Plus protecting someone’s privacy is just kind. And we like kindness. People want to do business with kindness.

Bottom Line – Whatcha Gotta Do

So before you start to panic and fall down the rabbit hole that is interpreting the GDPR requirements, Alice (especially now that you realize you’re passed the date and are currently in violation), we, as our Privacy Policy says, got your back.

Here’s what you need to do:

1. Update your Privacy Policy to reflect who you are, how you collect and use information, your cookie policy, etc. Here’s ours.
2. Update your opt in forms so there is a place where people can give explicit permission for you to email them. Most email marketing systems now have a way to do this using checkboxes.
3. Update your systems so there is evidence that you now have informed consent from contacts moving forward*.
4. Set up a way people can easily alert you when they want their data completely removed from your system – and then do it. Immediately.
5. Eventually you might need a pop up on your site for cookies, but that isn’t mandated until 2019.

*There is some debate whether you need your list to re-optin or not. Some opinions say no, but we lean toward using this as an opportunity to clean up your list and make sure it consists of people who really want to hear from you. (If you’re on our list and want to update your preferences or want to join it, click here to do so.)

Now how complicated this all ends up being for you and your business depends on how complicated your optins and systems are. Some systems like Infusionsoft, Mailchimp and ScheduleOnce have put out detailed step-by-step guides to help you comply with the regulations and have become my new favorite email marketing and scheduling systems. I’m still trying to find help with other ones…yeah I’m looking at you Ontraport.

Oh and speaking of help…If you’re sweating this out cause it’s after the deadline and you’re like, um crap, I’m noncompliant…Let me know. We like rebels, but we don’t like unkindness. And not protecting privacy is the wrong kind of rebel. Simply reach out to info@consultingunboxed.com and I will get back to you!

And now, because this is heavy stuff, we all deserve a bit of fun – click here for hilarious GDPR memes! Or do a search for #GDPR on any social media outlet for a good laugh.

And in the comments, we’d love to hear your fave acronyms for GDPR. Our personal fave is Get Drink Please Rightaway which is what I am going to do!