1. “I didn’t realise GDPR applied to me”
The biggest trap Network Marketers could fall into is to assume that “the GDPR is only for big companies; it doesn’t apply to my network marketing business because that’s just me”. Alternatively, it might be assumed that if your business just uses email addresses and phone numbers of friends, family and others you know personally, the GDPR does not apply because this data is used in routine “household activity” anyway.
Both these assumptions are incorrect. It doesn’t matter where your business is based, how big it is, how much personal data you collect or what you use it for. The only thing that matters is whether you collect EU residents’ personal data. Likewise, whilst using data solely for personal use does fall outside of the GDPR, as soon as you start using the data for your network marketing business, such as communicating with your contacts about your products or services and the business opportunity, then the GDPR regulations will apply to you.
2. “You don’t always need consent?!”
Many businesses owners think they need consent to process people’s data lawfully and this requirement can certainly be seen as getting in the way of building new relationships when you are prospecting to build your network.
What’s less well known is that there are 6 ways in which you can establish a legal ground for processing personal data in your business. Not all of these are relevant to a network marketing business but one is and it can be easier than establishing “consent”. This would be the case where you enter into a contract with an individual to supply goods or services they have requested. Remember, a business contract does not need to be written – it can just be a verbal undertaking between you and your customer that they will pay for products or services that you will be supplying. This gives you a legitimate reason for holding necessary personal data about your customer.
3. “Am I a controller or a processor?”
The GDPR splits the legal responsibilities for handling personal data into two categories: data controllers, who determine the purpose for collecting personal data and how it will be processed, and data processors, who are responsible for processing personal data on behalf of data controllers.
- Am I data controller? Yes, if you…
…collect and record personal data about your customers, prospects or other business contacts… Personal data includes even basic information such as names, telephone numbers, email addresses and so on. So, as a network marketer, you most likely will be a data controller.
- Am I a data processor? Yes, if you…
…process personal data. If you use your own systems, such as spreadsheets or other database applications, then you could be a data processor as well as a data controller.
This might seem simple enough, but the relationship between controllers and processors is not usually straightforward. Businesses are often data controllers in some scenarios and processors in others. The responsibilities for data controllers and data processors are different, so it’s essential that everyone involved in data collection is aware of their role. There also might be multiple data processors for the same data, for example, if you use an app or CRM system to process your network’s personal data. What will really help with your compliance is to make sure that any platform that you use is also GDPR compliant, such as Pamtree, which offers a GDPR-compliant contract between it (as your data processor) and you as the data controller. However, remember that this will only fulfil part of your data protection responsibilities under GDPR.
Are you struggling to get your head around GDPR? If so, what would make your life simpler? Here at Pamtree, we’re all about making it as easy as possible to run your network marketing business, so let us know and we’ll be happy to help where we can.