Dream of Launching a Business Website Crumbles

We are living under the regime of General Data Protection Regulation. Your dreams and innocent memories are collateral damage.

Living the Dream

May 25th was a historic Internet milestone. Prior to this epic day in the year 2018, Internet Service Providers (ISPs) were wooing everyone to launch a website and sell useless widgets or begin a recipe blog. Soon, people who never penned a postcard were blogging under the nom de plume, Hemingway.’ Toll House cookie bakers and many others with drop­shipping dreams were “virtually” in business with no graphic design experience required. As a result, ISP businesses were making a lot of dough hand over fist, so to speak.

Challenges of Building a Healthy Online Business

Let’s be honest. Most of the pop-up websites are pretty pathetic looking. But they’re a start. Longing for customers, these shallow-pocket hopefuls bombard social media and begin accumu­lating subscriber emails. To improve website appearance, a third-party app plugin is added here and there. With persistence and a few theme changes, a site’s successful­ness begins to rise like cookies with too much baking soda. Perhaps you were inspired to serve up your own website.

Living the Nightmare

What dashed this utopian dream on May 25th? A regula­tion halfway around the globe from many folks battered ISPs by the dozens. ISPs that remain are not assuming extended liability for the many website owners they signed up. The fond childhood memories of baking cookies with siblings and some day making an online business out of it may need to remain memories.

The Internet disrupter is called GDPR for short or General Data Protection Regulation. This regula­tion makes maintaining a website anywhere in the world more difficult. Whether inter­national laws concede so much authority to the European Union is yet to be seen. In the meantime you can either risk doing nothing and become a test case for legal limits or pay more attention to site visitor data.

The principle is simple and well-intentioned — protect the privacy of European visitors. But imple­menta­tion can be daunting if you don’t know where your subscribers reside or never paid attention to those third-party plugin privacy agreements. Even if you did, your vendors may not have disclosed everything done with the customer data or allowed you to opt-out of questionable usages.

Some site owners feign compliance by adding a pop-up box telling visitors they must accept a privacy policy. Without extensive backend modification, this is about as effective as drizzling icing on stale cookies.

That’s the Way the Cookie Crumbles

Who doesn’t love freshly baked cookies? To ones wooed by the simplicity of launching a website without under­standing its ingredients, cookies have a new technical meaning. Visitor Web browsers might be littered with your crumbs unless you know the difference between sessional and persistent cookies. The fact is, many site visitors terrified of cookies, have no idea of their importance. So given the control to remove them, they can actually obstruct their browsing experience. It could be like someone asking you to remove the coconut, pecans and chocolate chips from your German chocolate cookie recipe.

Dreams of Launching Business Websites Crumble

You may not recall personally saving cookies on visitor computers but the apps that make creating websites so easy have done so. Now, Toll House Baker is liable for undisclosed data usages, inade­quate data pro­tection and possible breaches. Before you shrug off the assess­ments, understand that these fines are not morsels. GDPR penalties run into the millions of dollars.

Multiple data controllers (your new title as a small business owner) are sometimes held equally responsible as third-party companies hired to process data. Penalties may be multiplied by the number of companies handling customer data. That adds up to some serious dough. The European government may be targeting large multi­­national corporations, but the law also holds the hands of little guys to the fire.

For the sake of analogy, initially, you may have envisioned you could simply let people taste the wonderful cookies you bake. They would be so delighted, the cash register should start overflowing. After all, everyone loves cookies, right?

It doesn’t matter whether your website is an adjunct to a brick-and-mortar store or the sole source of income. The new regulation, metaphor­ically speaking, requires you to disclose what will be done with the DNA left on the napkins used by customers before they take a bite. You need to hand them a napkin that indicates the origin of the chocolate chips and nuts. Calorie counts and nutri­tional benefits, of course, are written on another napkin. Now document acceptance of all the napkins for every customer.

Keep track of the serial numbers on any currency that exchanges hands. Wipe your kitchen of fingerprints after baking, and sterilize all utensils touched by customers. Then, at some point in the future, visitors from 28 specific geographic regions can return and request a detailed report of what they ate and how much they spent, while also asking you to erase their past, as though they are in witness protection. It’s enough to make you smash your Easy-Bake Oven.

If that is not taxing enough, the U.S. Supreme Court South Dakota v. Wayfair ruling opens the opportunity for states to charge interstate sales tax. As legislation rolls out, likely it will be threshold-activated. Returning to our analogy, imagine charging a different tax to each customer based upon the state in which they were born and how many bakery goods purchased. This requires sophisticated software to track location-based online sales. Fortunately, TaxJar is ahead of the game but you will likely still require assistance from an accountant.

Cut them off like you’re slicing a roll of Toll House cookie dough.

If GDPR caught you off guard or you have not yet launched your website, get informed and comply — quickly. Begin by asking all your vendors what customer data they retain, for how long, what do they do with it, and how it’s secured. If you are unsatis­fied with the responses, request the data they have (in case your customers want it in the future) and cut them off like you’re slicing a roll of Toll House cookie dough, so you won’t get burned later.

Next, make certain you implement granular informed consent at the point of data capture. Then document protocols for keeping data secure and handling requests for erasure. If you can, identify how many customers you already have that reside within the European Union. Write a comprehensive privacy policy and stick by it.

This is just the beginning. The GDPR recipe book is 261 pages long. So you may need help from real writers, program­mers, security and legal experts. Many of the compliance tools rushed to market ahead of the deadline had major flaws. More should now be available but you will need to look carefully. Make certain the tools and apps used do not themselves violate GDPR. If all this is too much to comprehend, afford or implement, consider selling your cookies door-to-door or leave this business to the French bakery chefs.

Obviously, GDPR affects more than online bakery goods. It regulates scientific specimens, medical history, financial data, social security numbers, photo­graphic likenesses, racial or gender bias, and personal contact information like phone numbers, street and email addresses. For healthcare, GDPR is a level above HIPAA. Protect customer and visitor data or your business could vanish like a sessional cookie.

If you like this article, subscribe to our newsletter.

Protected by Copyscape
References

Speak your healthy mind