GDPR & Therapists: What Do You Need to Do?
Just like you, every hour my inbox dings with a new email about how Company X has updated their terms or done this, or that, for GDPR compliance.
And just like you, with each email that pops in along those lines, I get a tang of anxiety.
But, is this something you, as therapists, need to be concerned about? Is this something you, as therapists, actually need to do anything about? As with everything complicated, the answer is, “It depends”. But there’s a lot of FUD (Fear, Uncertainty, Doubt), and so I’d like to add Brighter Vision’s 2 cents here to help provide you with an outline of what, if anything, you should do.
FIRST — This is *not* legal advice. We are not attorneys, we are not experts on GDPR, but we have done our best to understand the requirements of the law and how it pertains to both Brighter Vision specifically and our customers.
PLEASE, if you have any questions whatsoever, invest in your business and talk with an attorney.
OK, moving on…
What is GDPR?
GDPR is the European Union’s legislation designed to protect user privacy and data.
In theory, this is a great idea. At Brighter Vision, we are very strongly in favor of encrypted data, respecting your users, and respecting the privacy and data of your customers/clients.
In theory, companies like Facebook and Google have far too much knowledge of you. And you, as a user, should be able to opt in or out of things easily, to have all your data deleted from these companies, and to see what data they have on you.
In theory.
In practice, the legislation technically targets every business & website, regardless of size, that markets to, or has customers in, the EU. This does not apply to US consumers.
OK. I Am Just a Private Practice… What Do I Do?
Well, it depends :).
First, review your business and how you use your website.
- Do you have any EU clients?
- Do you target the EU market?
- Have any of your clients asked you to be GDPR compliant?
Most likely, you said “No” to all of those questions. If that’s the case, you likely don’t need to do anything. Again, we aren’t attorneys, and you still should consult with an attorney on these points.
This article from Forbes explains things very clearly:
Targeted Marketing And The Web
U.S. companies without a physical presence in an EU country collect most of the personal data belonging to EU data subjects over the Web. Are users in, say, Amsterdam who come across a U.S. website automatically protected by the GDPR?
Here’s where the scope of requirements becomes a little more complicated.
The organization would have to target a data subject in an EU country. Generic marketing doesn’t count. For example, a Dutch user who Googles and finds an English-language webpage written for U.S. consumers or B2B customers would not be covered under the GDPR. However, if the marketing is in the language of that country and there are references to EU users and customers, then the webpage would be considered targeted marketing and the GDPR will apply.
Accepting currency of that country and having a domain suffix — say a U.S. website that can be reached with a .nl from the Netherlands — would certainly seal the case.
What About If I Sell Downloadable Products?
If you sell downloadable products, and I know that a number of Brighter Vision clients do, things are a little trickier.
I’d recommend speaking with an attorney about this. Whatever suggestions she recommends, Brighter Vision is here to help implement for you.
OK. I Get It. But I Still Want to Ensure I’m in Compliance with GDPR
Totally understand.
First, speak with an attorney :).
Next, not every Brighter Vision customer uses their website in the same way. One of the great things about our service with you is that we are here to support you, to install tools at your request, and customize your website and brand to function the way you want it to. Consequently, there isn’t a one-size-fits-all strategy we can implement for all of our customers. However, we are here to make any changes that we can make for you, upon request.
Finally, there are a few things here at Brighter Vision we can do for you and/or have done for you.
- You already have a great Privacy Policy
- All Brighter Vision clients have a professionally written, extremely detailed privacy policy. For most of our clients who just run a private practice in their community, this privacy policy should be perfectly adequate for your needs.
- All Brighter Vision websites are secure with SSL certificates
- As a last result/precaution, we can block EU traffic. This is actually something a lot of companies and publishers are doing.
- Right now, this seems like the best tool for this. You can use the free version and send us the Javascript code needed.
Final Words on GDPR
We are your partners in this and want to assist however we can.
If you use your Brighter Vision website for any purposes other than a beautifully branded, online business card to attract local clients to your private practice, we strongly encourage you to consult with an attorney and receive professional guidance on what you should do as a business owner. And we will do everything we can on our end to implement your counsel’s suggestions.
To your success,
Perry Rosenbloom
CEO & Founder – Brighter Vision