HOW DO I KNOW IF GDPR REGULATIONS APPLY TO ME_ PART 1

There has been a flurry of activity worldwide due to the GDPR regulations that went into full effect on May 25, 2018. You may be wondering:
“Do I need to be concerned about the GDPR regulations?”

It’s an important question to ask because a violation of GDPR compliance could result in fines of up to $20M or 4% of your gross annual revenue. And, who can afford that?

So, how do you know if the GDPR regulations actually affect you and how you conduct business? Or, if we use GDPR-speak: “What is the material scope of the regulation?”

Article 2(1) states that GDPR regulations apply to:

“The processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system.”

GDPR regulations apply if:

  • Something is done with or to data
  • The above-mentioned data belongs to a person
  • The person is identified or capable of being identified

And, what is being done to or with the data is either:

  • Fully or partly automated,
  • The data is or will be part of a filing system.

The GDPR regulations are focused on business being conducted in Europe.

The laws are in place to protect the personal data of consumers who are located in the EU; However; because the worldwide web is…well…worldwide, you could still be affected if you run an online business even if you are not based in Europe.

We will go into the ways that GDPR regulations affect those who conduct business from locations outside of EU in a separate blog post. For now, let’s stick to the general principles of the GDPR regulations.

Here is a breakdown of some of the terms used within the GDPR regulations:

  • Processing – “Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.”
  • Personal Data –  “Any information relating to an identified or identifiable natural person.”
  • Identified or identifiable person – “A person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
  • Automated vs. Manual – Fully automated means that there is no human involvement, whereas party automated uses some degree of human involvement. Manual means that only humans are involved in the processing, without any form of computer technology (meaning hard copies including someone’s personal data also fall under GDRP regulations.)
  • Filing System – “Any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis.” This could be online or in hard copies.

In a nutshell, the GDPR regulations apply to use of or anything being done to data that relates to a human being. Pretty broad, right?

These confusing laws have thrown companies who process personal data into a frenzy of changes and updates on how they handle personal data. Whether a company is big or small, the GDPR regulations apply in the same way. You have probably seen a ton of emails from various service providers notifying you about “updates to our privacy policy,” some of whom you forgot that they had your data at all. That’s the proof companies worldwide have been scrambling behind the scenes to get their systems compliant with GDPR.

According to the GDPR regulations, a business entity is either a data controller or a data processor. GDPR Article 4 states that:

  • ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
  • ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller

Within JVZoo, many sellers market and sell their products to EU consumers. The sellers decide what to do with that data, which makes them data controllers who are directly bound by the GDPR. Since the sellers may share some of the personal data obtained from EU buyers with their affiliates via the JVZoo platform, affiliates are also subject to the GDPR and they are also data controllers because they choose how to use the data.

JVZoo provides a platform for its sellers to offer their products and as a service provider who processes personal data on behalf of its customers. This makes JVZoo a data processor and is indirectly regulated by the GDPR by virtue of the fact that sellers and affiliates need to comply with the law.

JVZoo supports users all over the world, so of course, we have been working hard to be sure we are compliant with GDPR regulations working with VeraSafe and our corporate council. For more info on the actions JVZoo has taken to protect personal data, Click Here.

Still wondering if GDPR regulations apply to you?

Start by asking yourself the following about yourself and your business:

  • Do I collect people’s names?
  • Do I collect people’s email addresses?
  • Do I collect info on my clients’ location?
  • Do I collect data on any physical characteristics of my clients?

If you answered ‘YES’ to one or more of the above questions, you might want to look closer at the GDPR regulations. It’s worth it to protect yourself. Even though these laws are out of the EU and primarily affect people in the EU, it is likely that regulations of a similar nature will be rolled out in other areas of the world very soon. Be prepared.

As a disclaimer, neither JVZoo nor any employee or representative of the Company is an expert on GDPR regulations. For the most accurate info on details of the laws, contact an attorney who is familiar with the GDPR, or visit:

Watch for our next blog on GDPR where we will look closer at how GDPR regulations affect you depending on where you live and conduct business.


    56 replies to "HOW DO I KNOW IF GDPR REGULATIONS APPLY TO ME? PART 1"

    • Udaya Shankar Datta

      Excellent detailing of GDPR over view and possible adverse impact on every affiliates/Vendors in
      absence of GDPR knowledge! We may not be aware of exact and minute provision of GDPR but the knowledge
      of it’s existence and the broad guidelines is enough to be cautious and self compliant. Thank you

    • Haywood

      THANKYOU, for the simple breakdown.

    • Koli Bandyopadhyay

      Thanks for such a helpful article.

    • Julian F. Dampies

      How do I know who is my GDPR officer ?

      • JVZoo Staff Writer

        That is someone who a data controller or processor would designate to fulfill that role.

        • Madelline V

          As an affiliate of JVZoo… Who is our GDPR officer? How do we find this info? I’m sorry still confused

        • Mdelline V

          Is JVZoo GDPR regulated?

    • G Baird

      Thanks a billion for the clear and simple explanation clarifying this information, You are much appreciated.

    • Chance

      So if you use auto responder will this effect us?

    • Jana Rudisill

      As an affiliate, how do we respond to the questions as to who is the controller, and who is the processor? This is where I get confused. I am an individual and not a company.

      • JVZoo Staff Writer

        According to the GDPR regulations, a business entity is either a data controller or a data processor. GDPR Article 4 states that:

        ‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data
        ‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller
        Within JVZoo, many sellers market and sell their products to EU consumers. The sellers decide what to do with that data, which makes them data controllers who are directly bound by the GDPR. Since the sellers may share some of the personal data obtained from EU buyers with their affiliates via the JVZoo platform, affiliates are also subject to the GDPR and they are also data controllers because they choose how to use the data.

    • Nikoal Aggers

      Huh? I’m so confused about GPDR! Do I need to worry about it or what? What do I do?

      • JVZoo Staff Writer

        We’ve listed many official resources for you to use to educate yourself on GDPR, however, if you are still confused it may be beneficial for you to speak to an expert in GDPR.

    • Ruben

      So what must one do to become compliant so is this also affect those on line selling platforms on facebook??

      • JVZoo Staff Writer

        Please refer to our series on GDPR and the corresponding resources listed in each blog.

    • Gladys

      As I understand, you are always bound to the GDPR. For instance, just by managing names you will be or a “controller” or a “processor”, and that will always make you compliant.

      • JVZoo Staff Writer

        That would be correct. If you collect any personal information at all, you are bound by the GDPR.

    • David

      If I sell Jvzoo products and use paypal to collect the payment, will I be given the name of the person that is buying the product. It seems the solution is to not collect names,email addresses and just sell the product. Can you respond to this as I am just starting with Jvzoo. Thanks

      • JVZoo Staff Writer

        Whether it is the goal to collect personal information or not, if you DO collect it in any way, you are bound by GDPR. Affiliates are also subject to the GDPR and they are also data controllers because they choose how to use the data.

        Please refer to our series on GDPR and the corresponding resources listed in each blog.

    • Rahidul

      I have no idea about this, I also don’t know how to fill out that form please explain me.

      • JVZoo Staff Writer

        Please refer to our series on GDPR and the corresponding resources listed in each blog.
        If you need help filling out any forms on JVZoo, please contact our support department at [email protected]

    • Janet

      Basically, I don’t do any of these things. 1) collect people’s names 2) collect people’s email addresses
      3) collect info on my clients’ location or 4) collect data on any physical characteristics of my clients
      Even as a JVZoo affiliate, at least for now, I will only be doing the traffic. All the emails will go directly to JVZoo. From what I read, it wouldn’t apply to me at this time. I have no other business at this time either.
      Am I wrong in thinking this?

      • JVZoo Staff Writer

        Hi, Janet. Since we do not know the intricate details of your business, we cannot really answer your question. It is up to individual business owners, such as yourself, to do their due diligence and make the necessary changes to comply to GDPR as they see fit. We can only provide the information given here on the blog and direct you to further official documents in order to do so.

    • Karima Muhammad

      Can I sell only to United States residents?

    • Eileen

      Can you direct me to the GDPR knowledge department or whom I may communicate to the understanding of this regulation please?

      • JVZoo Staff Writer

        For the most accurate info on details of the laws, contact an attorney who is familiar with the GDPR.

    • Jason

      So what is the answer yes or no to sale products to people out of country?

      • JVZoo Staff Writer

        You can sell products to anyone, however, you must be GDPR compliant when doing so. If you are unsure whether you are or not, we recommend contacting an attorney who is familiar with the GDPR.

    • Hannah Green

      Do you know if GDPR applies in Australia?

    • Janis

      Thank you for this GDPR compliance information. It has all been very helpful. I do have to agree with Gladys regarding her post here: “As I understand, you are always bound to the GDPR. For instance, just by managing names you will be or a “controller” or a “processor”, and that will always make you compliant.”

      • JVZoo Staff Writer

        Yes, If you collect any personal information at all, you are bound by the GDPR and would need to make sure you are compliant.

    • Felix R Guerrero

      Thank you for youe excellent guidelines.

      Bud jenkings (felix guerrero)

    • Jeff L.

      Just joined, and this question is confusing the heck out of me. Ok, obviously we are all selling and collecting data, therefore the answer would be YES.

      With that being said (answering YES), what happens after that?

      • JVZoo Staff Writer

        We’ve listed many official resources for you to use to educate yourself on GDPR, however, if you are still confused it may be beneficial for you to speak to an expert in GDPR.

        • Jeff L.

          Definitely still confused. Was looking forward to getting started asap and now I need to figure this out.

          Thanks

          • Jimmie W.

            All ready posted here. Speak to an expert in GDPR.

    • Marcia Ming

      If I work as an affiliate by promoting products sold on the JVZoo website and I apply with GDPR regulations, can I be held liable if I promote a product and the owner of that product fails to comply? Can I argue that that is outside my control, or is that an issue every affiliate is required to address? I would love to hear your opinion on this. I will read the information provided on your blog, but this makes this a difficult process for people just starting with limited resources. Thanks.

      • JVZoo Staff Writer

        We’ve listed many official resources for you to use to educate yourself on GDPR, however, if you are still confused it may be beneficial for you to speak to an expert in GDPR.

    • Theresa Lovelace

      Still confused. If I’m selling a product and sending people directly to the sale page, am I bound to the GDPR?

    • Omoghan Mason

      So now as an affiliate what are expected to do regarding the GDPR ? I await your responds. Thanks

      • JVZoo Staff Writer

        As an affiliate, you are still bound by the GDPR. We’ve listed many official resources for you to use to educate yourself on GDPR, however, if you are still confused it may be beneficial for you to speak to an expert in GDPR.

    • Cecilia Padul

      okay, so our work is both controller and processor. how do we comply with GDPR? in our business transactions, what instances can one say that he/she violated GDPR?

      • JVZoo Staff Writer

        Although we would love to help you further, Cecilia, you should consult an attorney who has knowledge about GDPR for the best advice on how to protect yourself and your business.

    • Bruce Wilson

      It appears GDPR is wide ranging and covers almost every aspect of an affiliate’s undertaking from collecting emails to personal info of the customer’s data base ! Would you agree ? So because of these factors I would make myself compliant and suggest that all JV Zoo affiliates should as well !!!

    • Joe D Hill

      This is all very confusing to a newbie, but, I think I need the GDPR. I will become compliant just to cover myself and so I won’t take any chances of violating any rules.

    • Sharon A Moore

      I’m new to this I’m n Texas. How do you do the GDPR I need some help.

    • Hiram D Smith

      has anyone completed or have an officer or could share on how and what they did, the EU is 88 pages long, I dont understand why this company would sell us this stuff and not give us heads up or step by step ways to make it happen if they know about it

    • A. Sahraye

      With all due respect.
      The term GDPR must be defined by you guys at Nzoo. I am a newbie to the.program.
      Please help telling me what is the correct response. If I don’t hear from you, I will.have no choice but to CANCEL my membership.
      Thanking you in anticipation…

    • Rodney Everett

      Updating my information

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.