Published on February 23rd, 2021 | by Sunit Nandi0
GDPR Basics For International Freelancers
In 2016, the European Union passed a General Data Protection Regulation or GDPR, a wide-reaching act meant to protect individuals’ privacy online. After a two-year transitional period, GDPR is now required for everyone based in the EU.
However, even if you aren’t based in the EU, you must abide by the law if you wish to offer your services to anyone living in the EU. Follow this basic guide for freelancers when creating your Indy profile or redesigning your website, and you can grow your business internationally.
The GDPR is a comprehensive privacy protection law based on the idea that customers have a right to their information, and companies must follow specific steps to ensure their customers’ information is safe.
Besides traditional personal information like name, address, and phone number, the GDPR also protects cookie data and IP addresses. Other information the GDPR protects includes:
- Ethnic or racial information
- Information about health, including genetic information
- Sexual identity
- Political statements, including opinions and voting history
Who Must Comply with the GDPR?
Almost every company that interacts with the data of EU citizens must comply with the GDPR. Because some companies with fewer than 250 employees do not need to follow the GDPR, many non-European freelancers believe they are exempt.
However, if you ever store any client information, including their banking information for future transactions or their email, to stay in touch for future projects, you must protect it following the GDPR guidelines.
This means that most freelancers who contract with someone based in the EU must comply with the GDPR. While it’s a hassle, it’s worthwhile to set up your information storage to comply since the fines can be substantial. If you don’t comply with the GDPR, you may also lose potential customers in the EU who are concerned about the safety of their information.
Each country in the EU determines fines, although the EU has laid out guidelines. The fines must be proportional and appropriate to the level of damage caused. If you haven’t attempted any damage control after a customer’s information was stolen, your fine will likely be higher than if you do your best to mitigate the problem as soon as it’s discovered.
For large-scale failures, the fines can rise to 20 million euros. While a freelancer likely won’t face fines of this scale, it’s worth ensuring you are fully compliant to avoid legal and financial problems.
How to Ensure Compliance
While large companies have a full team of data protection experts to rely on, freelancers have to handle all aspects of their business themselves. It can help to narrow down exactly what information you store and focus on protecting that.
Go through any physical paperwork or software systems you use to store information, and write them down. Use a program like Indy Tasks to ensure you keep all the information in one place.
If you use any third-party software systems, check that it complies with GDPR, and investigate who has access to the data you store with it.
Next, take steps to protect any data you collect. Ensure you have anti-virus software, high-security passwords and that any software you use is up-to-date since older versions are more vulnerable to hacks. Ensure you keep your passwords secure and all your information encrypted. Using a password manager can help you keep track of ultra-secure passwords and also allows you to change them regularly. If you ever work on public Wi-Fi, invest in a VPN to protect your connection from hackers.
Mailing Lists and GDPR
Many freelancers keep their past customers up-to-date with mailing lists. To comply with the GDPR, you need to ensure your mailing list is opt-in rather than opt-out, and there is an easy way to unsubscribe. You also must clearly state what your mailing list entails. How often will it go out, is it informational, or does it contain marketing information?
Protect Yourself and Your Clients
Because the fines can be significant, it’s worth consulting with a lawyer familiar with the GDPR if you aren’t sure what steps to take. If you’re worried about cost, do as much as you can without legal advice and go into your meeting prepared with specific questions. This could help reduce the length and cost of your meeting.
Whether you have hundreds of clients across the world, or only work with one client in Europe, you likely need to comply with GDPR as a freelancer. However, after putting in the work to comply, you can expand your business internationally, increasing your client base and revenue.