So you might have seen the phrase “GDPR” tossed around a lot recently…and the biggest things all marketing people (and bloggers!) seem to be asking is “What on EARTH is GDPR compliance? Does it affect me? If so, what do I need to do?? We’re answer ALL those questions and more today! Read on…
May 6, 2018 UPDATE: THE FOLLOWING PARAGRAPH IS IMPORTANT for further GDPR compliance:
It has been pointed out to me by several people that most GDPR experts ARE recommending that we take specific action with regards to our existing list.
This stinks.
Click here to check out Amy Porterfield’s podcast interview (w/ transcript) on the subject, and I’ve updated the bullet points below to reflect their opinions! Read on…
May 24, 2018 Update: I just sent my GDPR consent email to my subscribers via ConvertKit, see below!
This was incredibly easy, as ConvertKit now has a feature to locate/segment/tag your EU subscribers!
I used CK’s FAQ guide here, which includes email copy, and a way to link to the consent page. (Hint: You can just use {{ gdpr_consent_url }} where you would usually type in a URL, and that links to the consent page. Sweet!)
Here’s my email copy:
Disclaimer:
Pete McPherson cannot be held liable for anything you do. I am NOT a lawyer or a GDPR expert, nor do I pretend to be one on the internet.
The following is simply a summary of my findings on the subject. Consult with an attorney for your business for proper legal advice.
Listen to this post via podcast or YouTube video
or listen on \\ iTunes \\ Stitcher \\ Google Play \\ Overcast \\ Spotify
To be frank, the topic of GDPR is boring as all get out (and apparently “all get out” is a lot so I’m told).
So in an effort not to fry your brain, I’d like to do the following:
- Present you LINKS for the uber-boring technical and legal speak
- Just boil things down in plain English for this post.
You cool with that? I thought so.
What is GDPR?
The General Data Protection Regulation (GDPR) is a digital privacy regulation being introduced on the 25th May, 2018. It standardizes a wide range of different privacy legislation’s across the EU into one central set of regulations that will protect users in all member states.
And here’s what that means in english:
Anybody who collects data from people living in the EU needs to put in place more privacy settings.
Furthermore, this isn’t “suggestion,” this is LEGALLY BINDING stuff…meaning if you don’t take certain measures to comply, you’ll be doing illegal things.
And illegal things are bad, especially when it concerns our business 🙂
Frequently asked questions for bloggers:
1 – Does GDPR apply to bloggers who mainly write for non-European audiences?
Actually, it applies to ANYONE who will have EU people on their email list! Doesn’t matter the audience you write for…if you have EU folks opting in…this GDPR stuff is for you.
2 – What do I need to DO to be compliant for GDPR before May 25?
4 things!
- Enable GDPR opt-in forms in your Email Service Provider (ConvertKit, Mailchimp, Drip, Aweber, etc)
- Make sure your INTENTIONS are explicitly clear on ALL your opt-in forms and landing pages.
- Don’t collect irrelevant data from subscribers 🙂
- Make DANG SURE all EU folks on your existing list have given you proper content (see below for more)
For now, that’s your only to-do list.
3 – What do you mean by “make sure my intention is clear?”
Anybody who uses your opt-in forms should KNOW what they’re getting themselves into, and you need to tell them!
Example: If they’re signing up for a free PDF, and they will ALSO be added to regular email communications…you’ll need to make that clear before they opt-in!
Two ways to do this:
- Add a sentence like “You’re opting in the weekly Do You Even Blog newsletter!” or something like that.
- Add this language to your double opt-in confirmation email.
If you don’t want to add it to the forms, you can use language like this in a double opt-in email.
Make it clear what they’re actually signing up for. That’s all.
HUGE UPDATE: My friend Ross works on GDPR, and corrected me on this!
From the ICO, “Avoid making consent to processing a precondition of a service”. We’ve been told that we can’t make signing up to a mailing list a requirement to receive something (a free PDF, a discount coupon, access to a course/site or whatever).
Requiring someone to receive an emails they may not want in order to receive a book/coupon/whatever that they do, is apparently not OK. It’s a massive pain as everyone does this.
4 – I use [fill-in-the-blank] email marketing platform, what do I need to do?
GDPR Compliance for ConvertKit
Here is the ConvertKit article detailing how they’re complying, and a full feature list!
For now, just make sure the “intention” thing is clear, then go enable this!
GDPR Compliance for Mailchimp
Here is a blog post from MC explaining all their new GDPR tools!
Pretty easy!
GDPR Compliance for Drip and Aweber
Here is Drip’s article and guide 🙂, and here is Aweber.
Easy enough.
5 – Do I need to RESEND opt-ins or a confirmation email to my existing list?
In general, no. You do not.
WARNING: This does assume, however, two things:
- You got their permission to be added to the list in the first place…via opt-in, etc
- If you can’t show evidence people gave clear consent to receive your crap, they’re not valid.
Here’s what my friend Ross says again:
You don’t need to just have got their permission, you also need to be able to demonstrate it. We’re being told that any email list that wasn’t double opt-in and, thus we can not prove they have opted in on purpose, is not valid.
The interpretation we’ve been given is that if you can’t show evidence of opt-in, it’s not valid.
Submitting a form without explicitly checking a box saying you wanted to receive emails would not be considered opting in, and without the double opt-in it’s hard to see how you could ever prove this. If you’ve ever moved mailing providers this becomes harder still, as there is a good chance that data like that wouldn’t come over.
In fact, MOST authorites on GDPR are saying that we DO need to…
- Segment our email lists into EU and non-EU people
- Send a “reengagement” campaign to the EU people to get their explicit consent.
This sucks.
If it sounds really annoying, that’s because it is.
6- If we are brand new, does GDPR have impact on us? Or does it really only matter once you are selling products?
If you plan on letting anybody from the EU subscribe to your stuff, it matters. Age doesn’t. Products doesn’t. (However, if people are getting on your email list via buying a product, you need to make your intent clear! Tell them they’re ALSO getting on the regular newsletter!
7 – What if I’m collecting peoples’ data in another way (outside an email marketing list)?
I CAN’T HELP YOU. Please check out this article for further info there…
This particular article is geared towards email marketers and bloggers who open their communications to people in the EU. That’s it.
But in general, the GDPR laws DO apply to tons of other ways that we interact with people in the EU…and their data.
This could be contact forms on your website, or even a comments plug-in (*COUGH Disqus).
Conclusion
Here’s what you need to do RIGHT NOW:
1 – Go to your ESP and enable GDPR compliant forms! It’s so simple. No reason not to do it.
2 – Make sure you’re clear to any potential subscribers WHAT they’re getting themselves into.
Here’s what I’m doing, personally.
- I use ConvertKit religiously, so I enabled the GDPR checkbox on my forms 🙂
- Next, I am updating ALL of my landing pages and forms to be double opt-in, and reworking my confirmation email to be explicitly clear what subscribers are signing up for.
- I’m witty and snarky, so the email copy won’t dissuade people from joining (at least not from a GDPR standpoint. They may because I’m witty and snarky).
That’s pretty much all bloggers need to know about GDPR Compliance.
Wanna see my new GDPR-ready opt-in language? Use the form below 😉
