HOW DO I KNOW IF GDPR REGULATIONS APPLY TO ME_ PART 1

There has been a flurry of activity worldwide due to the GDPR regulations that went into full effect on May 25, 2018. You may be wondering:
“Do I need to be concerned about the GDPR regulations?”

It’s an important question to ask because a violation of GDPR compliance could result in fines of up to $20M or 4% of your gross annual revenue. And, who can afford that?

So, how do you know if the GDPR regulations actually affect you and how you conduct business? Or, if we use GDPR-speak: “What is the material scope of the regulation?”

Article 2(1) states that GDPR regulations apply to:

“The processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system.”

GDPR regulations apply if:

  • Something is done with or to data
  • The above-mentioned data belongs to a person
  • The person is identified or capable of being identified

And, what is being done to or with the data is either:

  • Fully or partly automated,
  • The data is or will be part of a filing system.

The GDPR regulations are focused on business being conducted in Europe.

The laws are in place to protect the personal data of consumers who are located in the EU; However; because the worldwide web is…well…worldwide, you could still be affected if you run an online business even if you are not based in Europe.

We will go into the ways that GDPR regulations affect those who conduct business from locations outside of EU in a separate blog post. For now, let’s stick to the general principles of the GDPR regulations.

Here is a breakdown of some of the terms used within the GDPR regulations:

  • Processing – “Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”
  • Personal Data –  “Any information relating to an identified or identifiable natural person.”
  • Identified or identifiable person – “A person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
  • Automated vs. Manual – Fully automated means that there is no human involvement, whereas party automated uses some degree of human involvement. Manual means that only humans are involved in the processing, without any form of computer technology (meaning hard copies including someone’s personal data also fall under GDRP regulations.)
  • Filing System – “Any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis.” This could be online or in hard copies.

In a nutshell, the GDPR regulations apply to use of or anything being done to data that relates to a human being. Pretty broad, right?

These confusing laws have thrown companies who process personal data into a frenzy of changes and updates on how they handle personal data. Whether a company is big or small, the GDPR regulations apply in the same way. You have probably seen a ton of emails from various service providers notifying you about “updates to our privacy policy,” some of whom you forgot that they had your data at all. That’s the proof companies worldwide have been scrambling behind the scenes to get their systems compliant with GDPR.

According to the GDPR regulations, a business entity is either a data controller or a data processor. GDPR Article 4 states that:

  • ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
  • ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller

Within JVZoo, many sellers market and sell their products to EU consumers. The sellers decide what to do with that data, which makes them data controllers who are directly bound by the GDPR. Since the sellers may share some of the personal data obtained from EU buyers with their affiliates via the JVZoo platform, affiliates are also subject to the GDPR and they are also data controllers because they choose how to use the data.

JVZoo provides a platform for its sellers to offer their products and as a service provider who processes personal data on behalf of its customers. This makes JVZoo a data processor and is indirectly regulated by the GDPR by virtue of the fact that sellers and affiliates need to comply with the law.

JVZoo supports users all over the world, so of course, we have been working hard to be sure we are compliant with GDPR regulations working with VeraSafe and our corporate council. For more info on the actions JVZoo has taken to protect personal data, Click Here.

Still wondering if GDPR regulations apply to you?

Start by asking yourself the following about yourself and your business:

  • Do I collect people’s names?
  • Do I collect people’s email addresses?
  • Do I collect info on my clients’ location?
  • Do I collect data on any physical characteristics of my clients?

If you answered ‘YES’ to one or more of the above questions, you might want to look closer at the GDPR regulations. It’s worth it to protect yourself. Even though these laws are out of the EU and primarily affect people in the EU, it is likely that regulations of a similar nature will be rolled out in other areas of the world very soon. Be prepared.

As a disclaimer, neither JVZoo nor any employee or representative of the Company is an expert on GDPR regulations. For the most accurate info on details of the laws, contact an attorney who is familiar with the GDPR, or visit:

Watch for our next blog on GDPR where we will look closer at how GDPR regulations affect you depending on where you live and conduct business.


    98 replies to "HOW DO I KNOW IF GDPR REGULATIONS APPLY TO ME? PART 1"

    • Udaya Shankar Datta

      Excellent detailing of GDPR over view and possible adverse impact on every affiliates/Vendors in
      absence of GDPR knowledge! We may not be aware of exact and minute provision of GDPR but the knowledge
      of it’s existence and the broad guidelines is enough to be cautious and self compliant. Thank you

      • Rahul

        Hi there,am new to jvzoo affiliate, What to opt in gdpr fill option??,am from India, what we have to choose yes or no??, if yes it ask for gdpr officer,what to do please reply, i just want to promote affiliate links and earn commissions

    • Haywood

      THANKYOU, for the simple breakdown.

    • Koli Bandyopadhyay

      Thanks for such a helpful article.

      • JVZoo Staff Writer

        You’re very welcome. Thanks for stopping by!

      • Jesuraj Chettiar

        So, Is it applicable to Indians?/Working from India?

        • Rahul

          What to opt in gdpr fill option??,am from India, what we have to choose yes or no??, if yes it ask for gdpr officer,what to do please reply

          • William Preston

            You are your own GDPR Officer unless you have someone else do it for you.

            Let’s say I have a contact form on my website that collects a persons name and email address so I can contact them. I must also have a way for them to ask me to delete their information if it is stored some where. And I must delete it if they ask me to.

            I am not a GDPR expert but that is my basic understanding after looking into GDPR for my web clients.

            GDPR is basically just trying to protect people from having their personal information abused by a company that may be reckless with that information. The person under the law has the right to ask you to not store their information and delete it if they ask you to.

            As JVZoo has stated you should learn more about it. I too have a question like what if they buy from me and PayPal obviously stores that information because it was recorded. Not sure how that fits into the law as PayPal most likely has to keep that information for the reasons of other filing laws or such. Any how I have some digging myself on that part.

    • Julian F. Dampies

      How do I know who is my GDPR officer ?

      • JVZoo Staff Writer

        That is someone who a data controller or processor would designate to fulfill that role.

        • Madelline V

          As an affiliate of JVZoo… Who is our GDPR officer? How do we find this info? I’m sorry still confused

        • Mdelline V

          Is JVZoo GDPR regulated?

      • Narciso Flores

        Hi Julian,
        When one has a website and this captures some personal data there must be a person in charge of supervising compliance with the provisions of the GDPR law and is called DPO (Data Protection Officer) Delegate of data protection. This DPO can be the owner of the website or the person the owner chooses. There is a video that talks about this, if you search it on YouTube with the name of solutiongdpr

        • Shi

          Thank you finally smone is answering bcause JVZoo/DIddlyPay has not… why do we hv t bcm Attys now AFTER we’ve paid❗️❗️❗️I’m NOT N O T happy bout that. Opt In or Out Yes OR NO❗️freagin’ ANNOYED – we should b BURDENED w this!

        • Rachna

          thank you for short and smart reply,

    • G Baird

      Thanks a billion for the clear and simple explanation clarifying this information, You are much appreciated.

    • Chance

      So if you use auto responder will this effect us?

      • JVZoo Staff Writer

        Yes, because you are collecting names/emails from people.

        • shi

          Thanks u … I am NOW at ease…

        • Kelly

          eu coloquei sim ,mas não sei se estar correto!

    • Jana Rudisill

      As an affiliate, how do we respond to the questions as to who is the controller, and who is the processor? This is where I get confused. I am an individual and not a company.

      • JVZoo Staff Writer

        According to the GDPR regulations, a business entity is either a data controller or a data processor. GDPR Article 4 states that:

        ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
        ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
        Within JVZoo, many sellers market and sell their products to EU consumers. The sellers decide what to do with that data, which makes them data controllers who are directly bound by the GDPR. Since the sellers may share some of the personal data obtained from EU buyers with their affiliates via the JVZoo platform, affiliates are also subject to the GDPR and they are also data controllers because they choose how to use the data.

    • Nikoal Aggers

      Huh? I’m so confused about GPDR! Do I need to worry about it or what? What do I do?

      • JVZoo Staff Writer

        We’ve listed many official resources for you to use to educate yourself on GDPR, however, if you are still confused it may be beneficial for you to speak to an expert in GDPR.

    • Ruben

      So what must one do to become compliant so is this also affect those on line selling platforms on facebook??

      • JVZoo Staff Writer

        Please refer to our series on GDPR and the corresponding resources listed in each blog.

    • Gladys

      As I understand, you are always bound to the GDPR. For instance, just by managing names you will be or a “controller” or a “processor”, and that will always make you compliant.

      • JVZoo Staff Writer

        That would be correct. If you collect any personal information at all, you are bound by the GDPR.

        • Vince Huynh

          So what’s a good example of what not to do, and how to not commit GDPR to avoid being sued or pay fines?

    • David

      If I sell Jvzoo products and use paypal to collect the payment, will I be given the name of the person that is buying the product. It seems the solution is to not collect names,email addresses and just sell the product. Can you respond to this as I am just starting with Jvzoo. Thanks

      • JVZoo Staff Writer

        Whether it is the goal to collect personal information or not, if you DO collect it in any way, you are bound by GDPR. Affiliates are also subject to the GDPR and they are also data controllers because they choose how to use the data.

        Please refer to our series on GDPR and the corresponding resources listed in each blog.

    • Rahidul

      I have no idea about this, I also don’t know how to fill out that form please explain me.

      • JVZoo Staff Writer

        Please refer to our series on GDPR and the corresponding resources listed in each blog.
        If you need help filling out any forms on JVZoo, please contact our support department at [email protected]

    • Janet

      Basically, I don’t do any of these things. 1) collect people’s names 2) collect people’s email addresses
      3) collect info on my clients’ location or 4) collect data on any physical characteristics of my clients
      Even as a JVZoo affiliate, at least for now, I will only be doing the traffic. All the emails will go directly to JVZoo. From what I read, it wouldn’t apply to me at this time. I have no other business at this time either.
      Am I wrong in thinking this?

      • JVZoo Staff Writer

        Hi, Janet. Since we do not know the intricate details of your business, we cannot really answer your question. It is up to individual business owners, such as yourself, to do their due diligence and make the necessary changes to comply to GDPR as they see fit. We can only provide the information given here on the blog and direct you to further official documents in order to do so.

    • Karima Muhammad

      Can I sell only to United States residents?

    • Eileen

      Can you direct me to the GDPR knowledge department or whom I may communicate to the understanding of this regulation please?

      • JVZoo Staff Writer

        For the most accurate info on details of the laws, contact an attorney who is familiar with the GDPR.

    • Jason

      So what is the answer yes or no to sale products to people out of country?

      • JVZoo Staff Writer

        You can sell products to anyone, however, you must be GDPR compliant when doing so. If you are unsure whether you are or not, we recommend contacting an attorney who is familiar with the GDPR.

    • Hannah Green

      Do you know if GDPR applies in Australia?

    • Janis

      Thank you for this GDPR compliance information. It has all been very helpful. I do have to agree with Gladys regarding her post here: “As I understand, you are always bound to the GDPR. For instance, just by managing names you will be or a “controller” or a “processor”, and that will always make you compliant.”

      • JVZoo Staff Writer

        Yes, If you collect any personal information at all, you are bound by the GDPR and would need to make sure you are compliant.

    • Felix R Guerrero

      Thank you for youe excellent guidelines.

      Bud jenkings (felix guerrero)

    • Jeff L.

      Just joined, and this question is confusing the heck out of me. Ok, obviously we are all selling and collecting data, therefore the answer would be YES.

      With that being said (answering YES), what happens after that?

      • JVZoo Staff Writer

        We’ve listed many official resources for you to use to educate yourself on GDPR, however, if you are still confused it may be beneficial for you to speak to an expert in GDPR.

        • Jeff L.

          Definitely still confused. Was looking forward to getting started asap and now I need to figure this out.

          Thanks

          • Jimmie W.

            All ready posted here. Speak to an expert in GDPR.

    • Marcia Ming

      If I work as an affiliate by promoting products sold on the JVZoo website and I apply with GDPR regulations, can I be held liable if I promote a product and the owner of that product fails to comply? Can I argue that that is outside my control, or is that an issue every affiliate is required to address? I would love to hear your opinion on this. I will read the information provided on your blog, but this makes this a difficult process for people just starting with limited resources. Thanks.

      • JVZoo Staff Writer

        We’ve listed many official resources for you to use to educate yourself on GDPR, however, if you are still confused it may be beneficial for you to speak to an expert in GDPR.

    • Theresa Lovelace

      Still confused. If I’m selling a product and sending people directly to the sale page, am I bound to the GDPR?

    • Omoghan Mason

      So now as an affiliate what are expected to do regarding the GDPR ? I await your responds. Thanks

      • JVZoo Staff Writer

        As an affiliate, you are still bound by the GDPR. We’ve listed many official resources for you to use to educate yourself on GDPR, however, if you are still confused it may be beneficial for you to speak to an expert in GDPR.

    • Cecilia Padul

      okay, so our work is both controller and processor. how do we comply with GDPR? in our business transactions, what instances can one say that he/she violated GDPR?

      • JVZoo Staff Writer

        Although we would love to help you further, Cecilia, you should consult an attorney who has knowledge about GDPR for the best advice on how to protect yourself and your business.

    • Bruce Wilson

      It appears GDPR is wide ranging and covers almost every aspect of an affiliate’s undertaking from collecting emails to personal info of the customer’s data base ! Would you agree ? So because of these factors I would make myself compliant and suggest that all JV Zoo affiliates should as well !!!

      • JVZoo Staff Writer

        Definitely a great idea! Thanks for the good advice, Bruce.

        • LUCY ABDON FILANKEMBO

          A votre avis quelle sera la réponse à la question de savoir si: Votre utilisation du service JVZoo est-elle réglementée par le GDPR?

          je suis nouveau dans le domaine de l’affiliation j’aimerai me conformer vu que je suis hors l’UE. Merci de bien vouloir me répondre

    • Joe D Hill

      This is all very confusing to a newbie, but, I think I need the GDPR. I will become compliant just to cover myself and so I won’t take any chances of violating any rules.

    • Sharon A Moore

      I’m new to this I’m n Texas. How do you do the GDPR I need some help.

    • Hiram D Smith

      has anyone completed or have an officer or could share on how and what they did, the EU is 88 pages long, I dont understand why this company would sell us this stuff and not give us heads up or step by step ways to make it happen if they know about it

    • A. Sahraye

      With all due respect.
      The term GDPR must be defined by you guys at Nzoo. I am a newbie to the.program.
      Please help telling me what is the correct response. If I don’t hear from you, I will.have no choice but to CANCEL my membership.
      Thanking you in anticipation…

    • Rodney Everett

      Updating my information

    • Michael Deitsch

      Thanks

    • Lester

      Do I need a lawyer for GDRP and happens if I do not do it?

    • Deborah Rolon

      It looks like JV Zoo has it all covered so if I sign this final page, is there anything I need to do further?

    • Isaiah Simmons

      ok i read questions and read the reply…now here’s my question. is JVZoo service regulated by GDPR and how so that i can do the same if need be or how did they do it. which will get date or just let someone worry about it. i’m here to make money.

    • Jeffrey p Johnson

      Is everything going to be registered and regulated by jvzoo gdpr

    • Richard DuFour

      Ultimately I got to this page while trying to fill out the GDPR form, It started me off with “As required by law, please answer the following questions Usage: Is your use of the JVZoo service regulated by GDPR?”

      The question here is “Is your use of the JVZoo service regulated by GDPR?” I’m an American…so is it or not?

      • Rebecca

        The answer would be yes. Does not matter who has the service it is the person using the data that has to be compliant.

    • Teresa

      I just joined and I’m having such a tough time understanding all of this. I was excited about getting started but then after joining I was left with trying to figure out how to complete all this. I read all information jvzoo has provided and i still don’t know how to answer this question about GDPR ????

    • bud

      Thank you for the information. Definitively is very useful.

      Bud

    • Andrew

      Thanks for the info. It is so vital and useful.

    • Rahul

      What to opt in gdpr fill option??,am from India, what we have to choose yes or no??, if yes it ask for gdpr officer,what to do please reply

    • Aaron Agius

      Hi,
      Where do I find information on who my officer would be?
      My location is Kent, United Kingdom.

      Best Regards

      Aaron Agius

    • Wezzy

      The info is of benefit! I want to find out! Is the country for the Representative Officer chosen by default!

    • Patrick Litana

      Please
      I need to know who my data protection officer is so I can comply to GDPR.
      please I am waiting for this so I can continue with my registration. I am outside the EU so how do I consult the attorney? Please help

    • Russell Eyman

      no comment at this time

    • Russell Eyman

      Thanks for the informations it is very helpfully thanks

    • David Shipp

      I like in the United States; is there a “Data Protection Officer”? For the “Union Representative” field, the United States wasn’t on the pull down list. I just trying to complete all required forms so that I have no trouble; last time I’d really been to my back office was in December of 2016.

    • David Shipp

      I live in the United States; is there a “Data Protection Officer”? If so, who is this person and what information to I input for the required field? For the “Union Representative” field, the United States wasn’t on the pull down list. I just trying to complete all required forms so that I have no trouble; last time I’d really been to my back office was in December of 2016.

      Reply
      Leave a Reply

    • David Shipp

      I live in the United States; is there a “Data Protection Officer”? If so, who is this person and what information do I input for the required field? For the “Union Representative” field, the United States wasn’t on the pull down list. I’m just trying to complete all required forms so that I won’t have any trouble working at JVZoo; the last time I’d really been to my back office here was in December of 2016.

    • sick sid

      we only hear when it is neccessary to be compliant with gdpr; can you tell me in which cases it is not neccessary to be gdpr compliant, relating from a us resident-view and also from a eu-resident view, who is not active in the eu.

    • Femstic Marketing Media

      Hey,
      does this apply to people who are outside US?

    • Jason Descheneaux

      I don’t collect any data, I only promote the JVzoo products so that would be a no for me right?

    • Eric

      Hi,

      I have read all the exchanges above and I still don’t know whether to say yes or no. The vendor is setting up the product for me to sell and so the process involves collecting the buyer’s email to email the products to them every month. All this is automated by the vendor. So in my case ‘yes’ or ‘no’ ?

    • Hazinji

      I understand the information, and I live in Africa, Zambia. I am still not sure whether this applies to me. Please confirm whether I can do this in Zambia, Central/southern Africa.

    • Kevin Puls

      Time to update my privacy policies.

      It’s nice getting back into the game!

    • Dolores

      do we put our own name as data protection officer or put we dont have one ? or who is our officer ?

    • Eddie

      what about in the US states like i’m in Org. so what in my stats too

    • Anubhav Sharma

      hi people, dont forget to read part 2 to cear your doubs.
      https://blog.jvzoo.com/gdpr-regulations-part-2/

    • Jody Anthony Thompson

      Will this all apply to me since, I’m just starting out, here in North America?

      • SimonHarries

        Yes, it will If you want to sell or promote products to anyone in the world it will apply.

    • Shahbaz Alexis

      Thank you for arming us with this information. Some information, is better than no information…right?

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.