Most likely, your inbox has been flooded with notifications updating Privacy Policies. You’ve probably seen the term “GDPR” a lot, too. If you have a website, hopefully you’ve also been informed that this is something you do need to know about.
Personally, I wonder if this is a virtual security measure, much like the annoying body scanner at the airport which requires that I undress practically to the nude and hold my hands above my head like I’m a captive. I wonder if these measures are more for the appearance of security than actual prevention… But, that’s another story for another day.
In the meantime, I want to share with you a recap of a few articles I’ve found that explain this new standard much better than I could.
So here’s what’s going on.
Here’s how digital strategist Michelle Martello, founder of Minima Design, explains it in her recent post (worth reading!!):
If you have a business based in the EU, or you have customers or collect data from any persons in the EU, you might already be aware of GDPR – the General Data Protection Regulation.
It doesn’t matter if your company is based in or outside the EU – if you process any personal data of EU citizens, GDPR will apply to you and your company. If you are found to be in non-compliance with this regulation, you can potentially be assessed a large financial penalty.
And yes, this impacts you even if you’re based in the US and have ANY EU customers or readers.
What is personal data?
Personal data is any information that could be used to identify an individual – this includes commonly collected information like names, IP addresses, location data, physical addresses and email addresses.
Got a site? You’re collecting more data than you think.
Every bit of software that tracks or stores user info makes you subject to this regulation. I’m talking everything from contact forms, opt-ins, analytics software to what you use to take payments and more!
So how will this affect you with regards to your site, newsletters and opt-ins?
1. You must ensure that user consent is obtained in accordance with the GDPR’s strict new requirements
2. Users must explicitly choose to consent to get info – and pre-checked boxes do not imply consent (so no more pre-filled boxes at checkout!)
3. You must obtain separate consent for each unique opt-in offering – and you can ONLY send info regarding that topic.
4. You must be clear how you will use their data when you obtain consent.
5. Users should be able to delete or modify their information at any time.
6. You must keep detailed records so you can prove how you got user consent.
7. You can no longer add just people to your main marketing list when they signup for your special freebie (Yes, this one is a game changer).
Where do you start?
While this certainly isn’t legal advice, and you should consult with your trusted legal advisor to cover your bases, the best general business advice any of us can give is to become informed. Here are excellent resources which break everything down step by step, offer links to direct resources, and make you feel like you can approach this transition with grace.
They also provide a handy cookie notification – this displays the first time a user comes to our site and it’s easy to add with their plugin.
SEGMENT AND CLEAN YOUR LISTS
Yes, it’s time to clean your lists. The general direction is a wonderful world where people opt in for lists they actually want to be on! I personally think this is a positive direction, and is worth the time and attention.
We have segmented our mailing lists into EU subscribers and we will ask just that segment to re-consent to our marketing emails. Keep in mind, you’re likely going to lose subscribers. But you don’t want to keep any EU folks in your files after May 25th, 2018 where you don’t have clear opt-in consent. Martello recommends a tool she uses, ConvertKit. “I’ve always had double opt-in my site, but I’ve used a variety of lead generation tools to build my list. So that’s why I’m asking again. Consider it a way to clean your list.”
OPT-IN FORMS AND POPUPS
Consider showing a special consent screen ONLY to those folks in the EU. ConvertKit provides this feature, or you may speak with your website developer for recommendations. This will be the direction of the future with optins, so worth implementing now. More info on how to do this here: https://convertkit.com/gdpr/
Here is how this now looks on Minima Design’s website:
Gone are the days of adding names to lists without consent. Yay! We have added a checkbox to our contact forms – unchecked by default – asking for genuine consent to be added to our mailing lists. We use Contact Form 7 (WordPress) and Gravity Forms to create these forms. Here’s an example from Minima Design, which includes a simple required checkbox to her contact form asking for consent to store data submissions.
There are some other GDPR things you’ll want to review if you’re collecting data via forms – more info here: https://docs.gravityforms.com/wordpress-gravity-forms-and-gdpr-compliance/
You’ll discover a new prompt within Google Analytics to accept the new user agreement inside of your Google Analytics account. Make sure to do this if you haven’t already. To confirm this, go to Google Analytics / Analytics 360: > Admin > Account > Account Settings (scroll to bottom of page) and agree to the terms.
What else can you do to best prepare for the changes?
1. Get informed!
Read regulation guides created by your specific newsletter and software services. Here’s a few great overviews:
2. Check out other great resources
Minima Design founder Michelle Martello’s article, “A Designer’s Take On Implementing GDPR On Your Site”
Suzanne Dibble’s Free GDPR Checklist for Online Businesses
GDPR For Entrepreneurs: What You Need to Know from Amy Porterfield
3. Don’t panic.
It’s gonna be ok. We’re all in this together!
Special thanks to Michelle Martello for her original post on the subject! To read it, click here.