I am normally good with words, and especially good with letters. (“Q” is a particular favorite…such a cute little tail.)
So why then did I have so much trouble with the now well-known acronym GDPR? Coming out of my mouth or keyboard to tell people about it, it would become DGPR, GPDR, etc. How embarrassing for a demi-geek like me.
When this happens in my brain, it always helps to give an acronym a meaning, a hook, so it’s not just a bunch of letters floating in my soup bowl. I didn’t get a hook from its real spelling-out (General Data Protection Regulation makes me fall asleep right around the first “O” in protection).
So I thought about why it’s even a “thing.” What’s at the core of it all…why was it so important to go through all this bother? That helped me dream up my own: Guide to Developing a Philosophy of Respect
I know. Crazy idealist. Oh well.
But think now: What’s this GDPR stuff about? At its core, it’s about respecting peoples’ rights to not have their personal information used and re-used, swapped and sold, manipulated and mushed to serve purposes they never intended when they shared it.
It’s like this: Say I’m at a social event and I’m lucky enough to make a new friend, Marcia. Very cool person, lots in common, and we decide we’re going to walk our dogs together. Marcia gives me her cell number and her address so I can arrange to drive Gordie over, pick her up and take our stroll. It’s a wonderful time.
What if, after that, I began to freely share everything she’s told me with other people? What if I’m on some very public online space and describe her, “Oh, yeah—such a cool person. She lives at 3998 S. Mayhew Circle. She has a Welsh Springer Spaniel and an Audi R8 and she’s a proctologist. Here’s her phone number too, I’m sure she wouldn’t mind if you gave her a ring some time.”
Okay, that’s a goofy example, but you get the feeling, right? I’ve taken information she shared with me for a specific reason—information she does NOT want others to know, especially people with nefarious intent—and splashed it all around.
Unchecked, companies you buys from could take what you’ve shared with them—what they DEMANDED you share with them in order to sign up for their service—and then turn around and share/sell this information to partner organizations or data brokers. They can then re-sell it to other companies and causes that have nothing to do with your original agreement.
In some twisted universe, that might be okay. But most normal humans would agree that here in ours, it stinks. Hence the need for repercussions under a law like GDPR. Because, as much as we may tire of the tangled spaghetti of law after law after law governing every imaginable situation, it’s gotten to the point where respect is no longer a “given” in business, if it ever was, and in the digital age has to be enforced with legislation.
With our small businesses, yours and mine, we want to put respect and integrity above all other values. The people who come to work with us (or buy from us) deserve our honesty, our clarity, and above all, our respect for their time and other precious resources. Privacy of their personal information—protecting what they’ve shared with us—is one of those resources.
So rather than looking at GDPR as another pain in the posterior to deal with, let’s reframe that.
Let’s look at it as an opportunity to examine the elements of our online presence, from websites to email to social media, to be sure we are indeed operating from within a culture of openness and respect.
It’s good for our businesses, good for the people we serve, good for our souls, and (lastly!) good for staying out of the legal crosshairs of privacy laws.
In my next post I’ll talk about some very common elements of many websites—contact forms, subscriber mechanisms, schedulers, payment links—and suggest reasonably painless ways for small companies like ours to make sure we are being very clear about things like:
- what personal information is collected by these useful mechanisms
- why we ask for it—what beneficial purpose it serves for us AND for them
- whether it’s stored on our website
- how people can know what we store, and how they can ask it to be deleted
- and more
Relax. All will be well.
See you soon.