You’ve probably heard about it by now — that thing that has every online entrepreneur around the globe scrambling to overhaul their current email management systems, privacy policies, and lead gathering strategies. What am I talking about?
I’m talking about the GDPR.
In case you haven’t heard about it yet, GDPR stands for General Data Protection Regulation, and what some people don’t realize is that it’s actually not new. The GDPR was actually created on April 14, 2016. (Yes, it’s been around that long!)
So what is all the fuss about now if the GDPR isn’t actually new?
Well, up until this point, online entrepreneurs didn’t really have to do anything to become GDPR compliant because the GDPR wasn’t enforceable.
But as of May 25, 2018, it will be.
What is the GDPR?
To break it down into layman’s terms, the GDPR governs how you collect, store, and use data gathered from anyone living within the European Union. Now, before you click away and think, “Well, I don’t live in the EU, so this doesn’t apply to me,” think again.
If you have anyone on your email list that resides in the European Union or you collect any data (via cookies, opt-in forms, order forms, etc.) from anyone that resides in the EU, you are 100% affected by this new law.
The GDPR was created as a way to protect the rights of European Union residents with regard to how their data is gathered, stored, and used.
This new law affects any online business (yes, even blogs) that collect, store, and use data gathered from anyone residing in the EU. So if you have someone who lives in France opt into your email list, you need to make sure you’re GDPR compliant.
Getting GDPR Compliant
Getting GDPR compliant can be, let’s say, a bit complicated. So I’m going to break down a few of the key points of focus for us bloggers to hopefully make this a bit easier for you. Here goes:
Your Email List
According to the GDPR, you need something that’s called “explicit consent” before you send any mass emailings out to subscribers on your list (more specifically, to anyone on your list residing in the EU). The kicker is that a simple opt-in form is not considered enough to constitute explicit consent.
What this means is that putting up a simple opt-in form with a freebie on your site will not automatically give you the right to add them to your email list. So what does give you the right to email them?
You’ll need to add a checkbox on your opt-in form that says something like, “Yes! Please add me to your email list so I can receive exclusive updates, promotions, and offers only available to subscribers!”
Wait, there’s more.
You’ll need to make sure this checkbox follows two very specific rules:
- The checkbox cannot be checked by default. You need to make sure the checkbox is unchecked by default so subscribers can manually check it themselves.
- The checkbox, when checked, needs to add a tag to your subscriber within your email service provider that signifies that they have given you consent to send them marketing emails, including email newsletters. This will help you identify who on your email list has given you permission to email them, and who hasn’t.
Right to Be Forgotten
Within the GDPR is something called the Right to Be Forgotten. This article within the GDPR basically gives the subscriber the right to say, “I don’t want to be on your list anymore, and I want you to remove all of my data from your systems.”
What this means is that you are required to do two things:
- Make sure they know where/how they can request to be erased from your system.
- Erase all of their data as soon as you receive their request.
Right to Access
Another important article within the GDPR is the Right to Access, which gives the subscriber the right to receive a copy of all of the data you have that’s owned by them. So if someone emails in and says, “I’d like to see all of my data that’s housed in your systems,” you need to be able to provide that to them.
What this means is that you’ll need to do two things:
- Make sure they know where/how they can request to get access to the data that you keep in your system.
- Make sure you send it to them promptly.
Here’s an example of what a GDPR compliant opt-in form may look like:
Want More Help Getting Compliant?
These are a few of the ways you can start getting your site and email GDPR compliant before the May 25th deadline. I am not a GDPR expert, nor is this post to be interpreted as legal advice. If you would like some legal advice from a GDPR trained attorney, I highly recommend Bobby Klinck’s FREE GDPR training.
Bobby is a highly esteemed attorney who specializes in online entrepreneurship (especially blogging) and the laws surrounding it. He is offering his GDPR training for FREE for anyone who wants to sign up.
His training videos take a very complicated law and breaks it down into understandable bite-sized pieces so you can focus more on implementing the important changes you need to get compliant, and less on trying to understand legalese.
His Website Forms package even includes helpful videos so you know exactly what’s in your disclosures, why they’re there, and how they protect you and your visitors!
Getting GDPR compliant may feel tedious and complicated, but with the right guidance, you’ll be able to get your site and your list compliant in no time!