There has been a flurry of activity worldwide due to the GDPR regulations that went into full effect on May 25, 2018. You may be wondering:
“Do I need to be concerned about the GDPR regulations?”
It’s an important question to ask because a violation of GDPR compliance could result in fines of up to $20M or 4% of your gross annual revenue. And, who can afford that?
So, how do you know if the GDPR regulations actually affect you and how you conduct business? Or, if we use GDPR-speak: “What is the material scope of the regulation?”
Article 2(1) states that GDPR regulations apply to:
“The processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system.”
GDPR regulations apply if:
- Something is done with or to data
- The above-mentioned data belongs to a person
- The person is identified or capable of being identified
And, what is being done to or with the data is either:
- Fully or partly automated,
- The data is or will be part of a filing system.
The GDPR regulations are focused on business being conducted in Europe.
The laws are in place to protect the personal data of consumers who are located in the EU; However; because the worldwide web is…well…worldwide, you could still be affected if you run an online business even if you are not based in Europe.
We will go into the ways that GDPR regulations affect those who conduct business from locations outside of EU in a separate blog post. For now, let’s stick to the general principles of the GDPR regulations.
Here is a breakdown of some of the terms used within the GDPR regulations:
- Processing – “Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”
- Personal Data – “Any information relating to an identified or identifiable natural person.”
- Identified or identifiable person – “A person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
- Automated vs. Manual – Fully automated means that there is no human involvement, whereas party automated uses some degree of human involvement. Manual means that only humans are involved in the processing, without any form of computer technology (meaning hard copies including someone’s personal data also fall under GDRP regulations.)
- Filing System – “Any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis.” This could be online or in hard copies.
In a nutshell, the GDPR regulations apply to use of or anything being done to data that relates to a human being. Pretty broad, right?
These confusing laws have thrown companies who process personal data into a frenzy of changes and updates on how they handle personal data. Whether a company is big or small, the GDPR regulations apply in the same way. You have probably seen a ton of emails from various service providers notifying you about “updates to our privacy policy,” some of whom you forgot that they had your data at all. That’s the proof companies worldwide have been scrambling behind the scenes to get their systems compliant with GDPR.
According to the GDPR regulations, a business entity is either a data controller or a data processor. GDPR Article 4 states that:
- ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
- ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
Within JVZoo, many sellers market and sell their products to EU consumers. The sellers decide what to do with that data, which makes them data controllers who are directly bound by the GDPR. Since the sellers may share some of the personal data obtained from EU buyers with their affiliates via the JVZoo platform, affiliates are also subject to the GDPR and they are also data controllers because they choose how to use the data.
JVZoo provides a platform for its sellers to offer their products and as a service provider who processes personal data on behalf of its customers. This makes JVZoo a data processor and is indirectly regulated by the GDPR by virtue of the fact that sellers and affiliates need to comply with the law.
JVZoo supports users all over the world, so of course, we have been working hard to be sure we are compliant with GDPR regulations working with VeraSafe and our corporate council. For more info on the actions JVZoo has taken to protect personal data, Click Here.
Still wondering if GDPR regulations apply to you?
Start by asking yourself the following about yourself and your business:
- Do I collect people’s names?
- Do I collect people’s email addresses?
- Do I collect info on my clients’ location?
- Do I collect data on any physical characteristics of my clients?
If you answered ‘YES’ to one or more of the above questions, you might want to look closer at the GDPR regulations. It’s worth it to protect yourself. Even though these laws are out of the EU and primarily affect people in the EU, it is likely that regulations of a similar nature will be rolled out in other areas of the world very soon. Be prepared.
As a disclaimer, neither JVZoo nor any employee or representative of the Company is an expert on GDPR regulations. For the most accurate info on details of the laws, contact an attorney who is familiar with the GDPR, or visit:
- The Official EU Government Site
- This neatly arranged final text of GDPR
- One more easily readable text on GDPR
Watch for our next blog on GDPR where we will look closer at how GDPR regulations affect you depending on where you live and conduct business.
98 replies to "HOW DO I KNOW IF GDPR REGULATIONS APPLY TO ME? PART 1"
Excellent detailing of GDPR over view and possible adverse impact on every affiliates/Vendors in
absence of GDPR knowledge! We may not be aware of exact and minute provision of GDPR but the knowledge
of it’s existence and the broad guidelines is enough to be cautious and self compliant. Thank you
Hi there,am new to jvzoo affiliate, What to opt in gdpr fill option??,am from India, what we have to choose yes or no??, if yes it ask for gdpr officer,what to do please reply, i just want to promote affiliate links and earn commissions
THANKYOU, for the simple breakdown.
Thanks for such a helpful article.
You’re very welcome. Thanks for stopping by!
So, Is it applicable to Indians?/Working from India?
What to opt in gdpr fill option??,am from India, what we have to choose yes or no??, if yes it ask for gdpr officer,what to do please reply
You are your own GDPR Officer unless you have someone else do it for you.
Let’s say I have a contact form on my website that collects a persons name and email address so I can contact them. I must also have a way for them to ask me to delete their information if it is stored some where. And I must delete it if they ask me to.
I am not a GDPR expert but that is my basic understanding after looking into GDPR for my web clients.
GDPR is basically just trying to protect people from having their personal information abused by a company that may be reckless with that information. The person under the law has the right to ask you to not store their information and delete it if they ask you to.
As JVZoo has stated you should learn more about it. I too have a question like what if they buy from me and PayPal obviously stores that information because it was recorded. Not sure how that fits into the law as PayPal most likely has to keep that information for the reasons of other filing laws or such. Any how I have some digging myself on that part.
How do I know who is my GDPR officer ?
That is someone who a data controller or processor would designate to fulfill that role.
As an affiliate of JVZoo… Who is our GDPR officer? How do we find this info? I’m sorry still confused
Is JVZoo GDPR regulated?
Hi Julian,
When one has a website and this captures some personal data there must be a person in charge of supervising compliance with the provisions of the GDPR law and is called DPO (Data Protection Officer) Delegate of data protection. This DPO can be the owner of the website or the person the owner chooses. There is a video that talks about this, if you search it on YouTube with the name of solutiongdpr
Thank you finally smone is answering bcause JVZoo/DIddlyPay has not… why do we hv t bcm Attys now AFTER we’ve paid❗️❗️❗️I’m NOT N O T happy bout that. Opt In or Out Yes OR NO❗️freagin’ ANNOYED – we should b BURDENED w this!
thank you for short and smart reply,
Thanks a billion for the clear and simple explanation clarifying this information, You are much appreciated.
You’re very welcome!
So if you use auto responder will this effect us?
Yes, because you are collecting names/emails from people.
Thanks u … I am NOW at ease…
eu coloquei sim ,mas não sei se estar correto!
As an affiliate, how do we respond to the questions as to who is the controller, and who is the processor? This is where I get confused. I am an individual and not a company.
According to the GDPR regulations, a business entity is either a data controller or a data processor. GDPR Article 4 states that:
‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
Within JVZoo, many sellers market and sell their products to EU consumers. The sellers decide what to do with that data, which makes them data controllers who are directly bound by the GDPR. Since the sellers may share some of the personal data obtained from EU buyers with their affiliates via the JVZoo platform, affiliates are also subject to the GDPR and they are also data controllers because they choose how to use the data.
Huh? I’m so confused about GPDR! Do I need to worry about it or what? What do I do?
We’ve listed many official resources for you to use to educate yourself on GDPR, however, if you are still confused it may be beneficial for you to speak to an expert in GDPR.
So what must one do to become compliant so is this also affect those on line selling platforms on facebook??
Please refer to our series on GDPR and the corresponding resources listed in each blog.
As I understand, you are always bound to the GDPR. For instance, just by managing names you will be or a “controller” or a “processor”, and that will always make you compliant.
That would be correct. If you collect any personal information at all, you are bound by the GDPR.
So what’s a good example of what not to do, and how to not commit GDPR to avoid being sued or pay fines?
If I sell Jvzoo products and use paypal to collect the payment, will I be given the name of the person that is buying the product. It seems the solution is to not collect names,email addresses and just sell the product. Can you respond to this as I am just starting with Jvzoo. Thanks
Whether it is the goal to collect personal information or not, if you DO collect it in any way, you are bound by GDPR. Affiliates are also subject to the GDPR and they are also data controllers because they choose how to use the data.
Please refer to our series on GDPR and the corresponding resources listed in each blog.
I have no idea about this, I also don’t know how to fill out that form please explain me.
Please refer to our series on GDPR and the corresponding resources listed in each blog.
If you need help filling out any forms on JVZoo, please contact our support department at [email protected]
Basically, I don’t do any of these things. 1) collect people’s names 2) collect people’s email addresses
3) collect info on my clients’ location or 4) collect data on any physical characteristics of my clients
Even as a JVZoo affiliate, at least for now, I will only be doing the traffic. All the emails will go directly to JVZoo. From what I read, it wouldn’t apply to me at this time. I have no other business at this time either.
Am I wrong in thinking this?
Hi, Janet. Since we do not know the intricate details of your business, we cannot really answer your question. It is up to individual business owners, such as yourself, to do their due diligence and make the necessary changes to comply to GDPR as they see fit. We can only provide the information given here on the blog and direct you to further official documents in order to do so.
Can I sell only to United States residents?
No, you can sell to anyone.
Can you direct me to the GDPR knowledge department or whom I may communicate to the understanding of this regulation please?
For the most accurate info on details of the laws, contact an attorney who is familiar with the GDPR.
So what is the answer yes or no to sale products to people out of country?
You can sell products to anyone, however, you must be GDPR compliant when doing so. If you are unsure whether you are or not, we recommend contacting an attorney who is familiar with the GDPR.
Do you know if GDPR applies in Australia?
It applies to anyone who collects data.
Thank you for this GDPR compliance information. It has all been very helpful. I do have to agree with Gladys regarding her post here: “As I understand, you are always bound to the GDPR. For instance, just by managing names you will be or a “controller” or a “processor”, and that will always make you compliant.”
Yes, If you collect any personal information at all, you are bound by the GDPR and would need to make sure you are compliant.
Thank you for youe excellent guidelines.
Bud jenkings (felix guerrero)
You’re welcome 🙂
Just joined, and this question is confusing the heck out of me. Ok, obviously we are all selling and collecting data, therefore the answer would be YES.
With that being said (answering YES), what happens after that?
We’ve listed many official resources for you to use to educate yourself on GDPR, however, if you are still confused it may be beneficial for you to speak to an expert in GDPR.
Definitely still confused. Was looking forward to getting started asap and now I need to figure this out.
Thanks
All ready posted here. Speak to an expert in GDPR.
If I work as an affiliate by promoting products sold on the JVZoo website and I apply with GDPR regulations, can I be held liable if I promote a product and the owner of that product fails to comply? Can I argue that that is outside my control, or is that an issue every affiliate is required to address? I would love to hear your opinion on this. I will read the information provided on your blog, but this makes this a difficult process for people just starting with limited resources. Thanks.
We’ve listed many official resources for you to use to educate yourself on GDPR, however, if you are still confused it may be beneficial for you to speak to an expert in GDPR.
Still confused. If I’m selling a product and sending people directly to the sale page, am I bound to the GDPR?
So now as an affiliate what are expected to do regarding the GDPR ? I await your responds. Thanks
As an affiliate, you are still bound by the GDPR. We’ve listed many official resources for you to use to educate yourself on GDPR, however, if you are still confused it may be beneficial for you to speak to an expert in GDPR.
okay, so our work is both controller and processor. how do we comply with GDPR? in our business transactions, what instances can one say that he/she violated GDPR?
Although we would love to help you further, Cecilia, you should consult an attorney who has knowledge about GDPR for the best advice on how to protect yourself and your business.
It appears GDPR is wide ranging and covers almost every aspect of an affiliate’s undertaking from collecting emails to personal info of the customer’s data base ! Would you agree ? So because of these factors I would make myself compliant and suggest that all JV Zoo affiliates should as well !!!
Definitely a great idea! Thanks for the good advice, Bruce.
A votre avis quelle sera la réponse à la question de savoir si: Votre utilisation du service JVZoo est-elle réglementée par le GDPR?
je suis nouveau dans le domaine de l’affiliation j’aimerai me conformer vu que je suis hors l’UE. Merci de bien vouloir me répondre
This is all very confusing to a newbie, but, I think I need the GDPR. I will become compliant just to cover myself and so I won’t take any chances of violating any rules.
I’m new to this I’m n Texas. How do you do the GDPR I need some help.
has anyone completed or have an officer or could share on how and what they did, the EU is 88 pages long, I dont understand why this company would sell us this stuff and not give us heads up or step by step ways to make it happen if they know about it
With all due respect.
The term GDPR must be defined by you guys at Nzoo. I am a newbie to the.program.
Please help telling me what is the correct response. If I don’t hear from you, I will.have no choice but to CANCEL my membership.
Thanking you in anticipation…
Updating my information
Thanks
Do I need a lawyer for GDRP and happens if I do not do it?
It looks like JV Zoo has it all covered so if I sign this final page, is there anything I need to do further?
ok i read questions and read the reply…now here’s my question. is JVZoo service regulated by GDPR and how so that i can do the same if need be or how did they do it. which will get date or just let someone worry about it. i’m here to make money.
Is everything going to be registered and regulated by jvzoo gdpr
Ultimately I got to this page while trying to fill out the GDPR form, It started me off with “As required by law, please answer the following questions Usage: Is your use of the JVZoo service regulated by GDPR?”
The question here is “Is your use of the JVZoo service regulated by GDPR?” I’m an American…so is it or not?
The answer would be yes. Does not matter who has the service it is the person using the data that has to be compliant.
I just joined and I’m having such a tough time understanding all of this. I was excited about getting started but then after joining I was left with trying to figure out how to complete all this. I read all information jvzoo has provided and i still don’t know how to answer this question about GDPR ????
Thank you for the information. Definitively is very useful.
Bud
Thanks for the info. It is so vital and useful.
What to opt in gdpr fill option??,am from India, what we have to choose yes or no??, if yes it ask for gdpr officer,what to do please reply
Hi,
Where do I find information on who my officer would be?
My location is Kent, United Kingdom.
Best Regards
Aaron Agius
The info is of benefit! I want to find out! Is the country for the Representative Officer chosen by default!
Please
I need to know who my data protection officer is so I can comply to GDPR.
please I am waiting for this so I can continue with my registration. I am outside the EU so how do I consult the attorney? Please help
no comment at this time
Thanks for the informations it is very helpfully thanks
I like in the United States; is there a “Data Protection Officer”? For the “Union Representative” field, the United States wasn’t on the pull down list. I just trying to complete all required forms so that I have no trouble; last time I’d really been to my back office was in December of 2016.
I live in the United States; is there a “Data Protection Officer”? If so, who is this person and what information to I input for the required field? For the “Union Representative” field, the United States wasn’t on the pull down list. I just trying to complete all required forms so that I have no trouble; last time I’d really been to my back office was in December of 2016.
Reply
Leave a Reply
I live in the United States; is there a “Data Protection Officer”? If so, who is this person and what information do I input for the required field? For the “Union Representative” field, the United States wasn’t on the pull down list. I’m just trying to complete all required forms so that I won’t have any trouble working at JVZoo; the last time I’d really been to my back office here was in December of 2016.
we only hear when it is neccessary to be compliant with gdpr; can you tell me in which cases it is not neccessary to be gdpr compliant, relating from a us resident-view and also from a eu-resident view, who is not active in the eu.
Hey,
does this apply to people who are outside US?
I don’t collect any data, I only promote the JVzoo products so that would be a no for me right?
Hi,
I have read all the exchanges above and I still don’t know whether to say yes or no. The vendor is setting up the product for me to sell and so the process involves collecting the buyer’s email to email the products to them every month. All this is automated by the vendor. So in my case ‘yes’ or ‘no’ ?
I understand the information, and I live in Africa, Zambia. I am still not sure whether this applies to me. Please confirm whether I can do this in Zambia, Central/southern Africa.
Time to update my privacy policies.
It’s nice getting back into the game!
do we put our own name as data protection officer or put we dont have one ? or who is our officer ?
what about in the US states like i’m in Org. so what in my stats too
hi people, dont forget to read part 2 to cear your doubs.
https://blog.jvzoo.com/gdpr-regulations-part-2/
Will this all apply to me since, I’m just starting out, here in North America?
Yes, it will If you want to sell or promote products to anyone in the world it will apply.
Thank you for arming us with this information. Some information, is better than no information…right?