“Ok, ok, enough about the GDPR laws already!
I don’t even live in Europe, so who cares?”
If this is how you have been thinking about the GDPR laws and regulations that went into effect on May 25, 2018, you could still be at risk…$20M worth of risk.
And, no one can afford that kind of mistake.
You, like the rest of the world, are probably still getting emails from every company with an “updated privacy policy.” Even companies you haven’t contacted or bought from in what seems like ages.
You are probably wondering: “Do the GDPR laws apply to ME?”
Like everything else about the GDPR laws, the answer is not very clear. We explained basics of the GDPR laws in a previous post. Let’s take a closer look at how these regulations from the EU affect you and your business if you are not located in the EU.
As far as your location and territorial jurisdiction, GDPR laws apply in a few ways:
- You are established in the EU and conducting data processing in the context of that business’ activities.
- You are offering goods or services, for free or for a fee, to individuals in the EU.
- You are monitoring the behavior of individuals within the EU.
In a nutshell, no matter where you are, if you do international business with ANYONE in the EU, you should pay attention to the GDPR laws.
Article 3(1) states that if you have some sort of “establishment” in the EU that handles personal data, you will be governed by GDPR laws. This gets confusing because GDPR does not exactly define what an “establishment” means to them. However, Recital 22 explains by stating that an establishment “implies the effective and real exercise of activity through stable arrangements.”
If your organization has a sales office located in the EU, promotes, sells, or markets to EU residents, and there is an “inextricable link” between the establishment and the processing activities, GPDR laws apply. This could mean a single representative of your company working physically from the EU, but not a single server.
Now, what if you don’t live in the EU or have anyone working for you there?
Article 3(2) contains an extraterritorial or “long-arm” provision that includes the processing of personal data of people who are in the EU by a non-EU organization if the processing involves:
- the offering of goods or services, regardless of whether a payment of the data subject is required, to people who live in the EU; or
- the monitoring of their behavior as far as their behavior takes place in the EU.
To take it one step further, GDPR laws apply to you if you are even thinking about offering goods and services to people in the EU. If your website is accessible to people in the EU, and there are any indications (such as testimonials) that you plan to or would like to do business in the future with people in the EU, you will be under GDPR scrutiny.
You are monitoring behavior if “natural persons are tracked on the internet including the potential subsequent use of personal data processing techniques which consist of profiling a natural person, particularly in order to take decisions concerning her or him or for analyzing or predicting her or his personal preferences, behaviors and attitudes.”
What?
In simple terms, this means that you are monitoring behavior if you are using behaviorally targeted advertising for marketing purposes. If you are profiling people to evaluate behavior, whether automated or not, GDPR applies.
One last thing: if you offer services B2B only, you don’t get off the hook.
Organizations offering goods and services to businesses rather than individuals are not exempt if they are processing any personal data of people who live in the EU.
It’s pretty obvious that if you live in the EU, you must comply with the GDPR laws. But, as we have tried to make clear above, you may be under the jurisdiction of the GDPR if your website is accessible to folks in Europe.
No matter where you live, you must first comply with the laws of your own country. Do some research of your own and ask questions. You do not want to find out the hard way that you should have taken steps to comply with GDPR laws.
As a disclaimer, neither JVZoo nor any employee or representative of the Company is an expert on GDPR regulations. For the most accurate info on details of the laws, contact an attorney who is familiar with the GDPR, or visit:
31 replies to "HOW DO I KNOW IF GDPR REGULATIONS APPLY TO ME? PART 2"
Yes I have an account with JVZoo and I want comply withe the GDPR but who is my representative I don’t understand what to put for this question.
i have account but how i comply GDPR AND HOW I FILL MY FORM
We’ve listed many official resources for you to use to educate yourself on GDPR, however, if you are still confused it may be beneficial for you to speak to an expert in GDPR.
Hi Phillis Spencer
When one has a website and this captures some personal data there must be a person in charge of supervising compliance with the provisions of the GDPR law and is called DPO (Data Protection Officer) Delegate of data protection. This DPO can be the owner of the website or the person the owner chooses. There is a video that talks about this, if you search it on YouTube with the name of solutiongdpr
We recommend studying the actual GDPR documentation and/or obtaining legal advice to completely answer all your questions on complying with GDPR.
Can we just not sell anything to people in the EU bt ticking a box somewhere in the JV product page and totally avoid this problem?
Yes I have an account with JVZoo and I want to comply with the GDPR too, but who is my representative? Im a citizen in the pacific island of Nauru and we do not pay tax direct from our income or salary, however Government taxed everything that is imported since most of our living resources are inported. I don’t understand what to do at this point since with GDPR
We recommend studying the actual GDPR documentation and/or obtaining legal advice to completely answer all your questions on complying with GDPR.
Hi I want to be a JVZOO Affiliate and Vendor. Where do I sign up to be GDPR Complaint?
Hi, John. You have to make sure that all your systems and processes are compliant to the GDPR yourself. We cannot do that for you. Please refer to our articles on GDPR compliance and visit the recommended resources for further information.
so if i collect email addresses from the customers im not under the GDPR regulation ???
If you collect any information at all you must abide by the GDPR.
does this apply to us citizen also??
If there is any chance that you could collect info from anyone in the EU, then yes.
I’m planing to open jvzoo vondor account ,but my business will not target users from EU is still I have to worry about GDPR ?
THnks
Yes
What if I just block all European traffic from my website… is that good enough to be compliant?
Hi, David. While you can set up customer filtering that prevents people from certain countries from purchasing, we cannot advise you in regards to whether or not you are GDPR compliant. You should contact legal counsel to ensure that you are in compliance with GDPR.
I just signed up for JVZoo. How can I find out who my officer is and the rest of the information asked for on the form?
Thank you.
For the most accurate info on details of the laws, contact an attorney who is familiar with the GDPR.
I do not know HOW in the WORLD (literally) a foreign country (continent apparently) can impose laws upon anyone outside of their jurisdiction. It should be on THEM to find a way to block any foreign individual/website from outside their jurisdiction if said website is not compliant with their standards. That’s just my opinion for whatever 2 cents that may be worth. I don’t even know who or what a Data Protection Officer is here in my country! Most TOS should already be placing the fact that the site (and third parties) collects data anyway. I don’t think they should write laws threatening those outside their jurisdiction. Instead, they should be blocking foreign websites that don’t meet their DEMANDS. Ugh… #Frustrating
Hi. Darrell. Thanks for your feedback.
The USA has been doing to other countries for years. i.e. ex-pats living for years overseas now have to file US income tax unless they renounce their citizenship! And various tax deductions from these countries are rejected by US and added as income.
Like most here, in reference to question who have asked: ‘Who is or how is it we find the representative to the GDPR?’ As an ‘affiliate’ only, my Vendor for JVZoo here, advised me that I as an affiliate (promoters to their/vendor product/services) do not have to apply to the GDPR (only the Vendors do). Is that correct?
We recommend studying the actual GDPR documentation and/or obtaining legal advice to completely answer all your questions on complying with GDPR.
I have just started my business and don’t know if JVZoo gives me any of the personal info that a buyer uses to make a purchase. My question is, do I get any of the pertinent info as an Affiliate when someone makes a purchase?
I am waiting on a response to James Moss’ question. I just sign up and was wondering the same thing. Will we have access to the data or just a transaction number?
Thanks for covering me bum !!! As I can tell, WP is the easiest way to Comply with a GREAT plug-in at this point! I will certainly be en-guard in ALL affiliate-ing & publisher-ing arenas!! Peace JvZoo!!
I want to work just as an affiliate so am I regulated by gdpr?
I want to work just as an affiliate, does this law still apply to me?
Is there a link to a page where one can get a “boilerplate” privacy policy that one can cut/paste to use for their data collection, like saving email addresses?