You’ve properly heard the acronym flying around, GDPR, but like most of us, you probably heard the rumblings and turned a blind eye and thought “this doesn’t affect me and my creative business, I’m based in the US and this is a European Union regulation.” Right?
Wrong.
The internet is a crazy place that easily connects us to people halfway around the world, including, you guessed it, Europe.
Well, if I’ve already lost you or you’re sitting there shaking your head because I just called you out, not to worry. I’m breaking it down and sharing some helpful resources that made sense of all this nonsense.
SO, WHAT IS THE GDPR?
The GDPR stands for General Data Protection regulation, and what this essentially means is the European Union is ensuring that companies, both large and small, are protecting their citizens and residents information from security hacks and breeches.
This regulation is holding companies accountable for the safekeeping of a customer’s personal data.
Personal data doesn’t just mean credit card information, this includes name and email address.
That means, even bloggers who collect data on their site to build their email list have to ensure they are following the rules and regulations of the GDPR.
There are a few caveats here, this is only applicable to citizens and residents in the EU. As a precautionary step, I am treating my US subscribers the same way, with the anticipation that the US will follow suit in adopting some of these regulations. The other major caveat is that we as business owners and bloggers are not necessarily the ones storing the data. This regulation is specifically geared towards large companies like Facebook and Google who store lots of personal data.
What I’m saying is, if you use a third-party email marketing platform like MailChimp or Convertkit, they are the ones liable for the security of the personal data stored on their servers. Same goes for an e-commerce shop. If you have a shop set up on platforms like Shopify or WooCommerce, once again these companies are responsible for securing the personal data that is collected and stored on their platform.
WHAT YOU’RE RESPONSIBLE FOR
Hopefully, you’re able to breathe a little easier knowing that the GDPR is mainly focused on the safekeeping of data that we don’t typically house as creative business owners or bloggers. If for whatever reason, you host or save the data locally, and don’t use a third-party site like the ones mentioned above, you’ll have additional steps you need to take to be compliant with the GDPR regulations.
GETTING CONSENT
MOVING FORWARD
As part of the updated General Data Protection Regulations, the consent for email marketing must be clearer than ever to add subscribers to your email marketing list.
This was already a no-no when it comes to email marketing, but the updated regulations are a good reminder to avoid doing this in the future, regardless of the subscribers’ location, this is not allowed: Adding people to your email marketing list who did not consent to join it.
Simply put, just because someone is a client or purchases a product from you, they are not consenting to receive your email marketing newsletters, so don’t add them to your list!
The new regulations take this same thought and build upon it a little further.
With the new rules, we have to provide an option for subscribers to have a clear yes or no option to subscribe to your newsletter, even if they are providing their personal information (name and email) to get one of your free downloads.
I believe this update is the one that affects most of us, creative business owners and bloggers. We’ve been taught (with good reason, because they work!) to have some sort of lead magnet on your site to get people to subscribe to your email list. This is no longer an acceptable way to gain consent. As I mentioned before, if we provide a free download, lead magnet or piece of content in exchange for someone’s email address, they explicitly have to state and agree to sign up for your marketing newsletter – the two are not the same.
Luckily, platforms like MailChimp have made it super easy for us to do this.
Admittedly, I procrastinated on making these updates in my business as well. I’ve been reading and educating myself, but I was definitely dragging my bootay on implementing these changes. And, despite dragging butt, I was able to easily update my email sign up forms to include the new GDPR consent options with the tools MailChimp has rolled out.
All I had to do was select the GDPR settings on my email list to enable the new GDPR-friendly form. Get full step-by-step MailChimp instructions here, navigate to the section “Setup Your GDPR-friendly sign up form”.
UPDATING YOUR CURRENT SUBSCRIBERS
With all the new features MailChimp and other email marketing platforms have rolled out, it was super simple to enable the correct features for collecting new email subscribers.
But, if you already have a list, you need to be able to prove that each subscriber provided consent to receive your email marketing newsletter. So, the best option here is to send a re-subscription email to your list. Remember, you only have to do this for EU citizens and residents. As I mentioned, I am taking precaution and have decided to do this for all of my subscribers to ensure I have clear consent for my entire list.
MailChimp has a GDPR theme setup with some copy to help you get this email started, but it felt very sterile and legal to me, so I took a softer approach with my re-subscription email and referenced doing a little spring cleaning with a clear call to action button to subscribe or unsubscribe.
With MailChimp’s GDPR updates, they now capture date, time, and location of consent and subscription. Making it easy to prove consent was given if it is ever in question.
WEBSITE PRIVACY POLICY AND TERMS + CONDITIONS
This is another great reminder for all business owners and bloggers, if you have a website, legally there must be a terms and conditions contract and privacy policy on your site. This is nothing new, however, there have been a few updates that should be reflected on your terms and conditions and privacy policy pages.
If you’ve already purchased these contracts in the past, there is a chance, the company you purchased it from has sent you an updated version to include the new GDPR compliant contracts.
If you didn’t already have these contracts and pages on your site – no worries, now’s a great time to make sure you are taking the right steps to cover your business. I personally love The Contract Shop, where she sells GDPR Compliant Terms and Conditions + Privacy Policy contracts for your website.
Please note, if you click on the link above and purchase from her site, I may make a commision. As always, I only share products I truly love and use in my business.
KEEPING YOUR ACCOUNTS SECURE
The other key takeaway from all of this is keep all of your business accounts secure. Aside from wanting to keep your site and information safe, the more information we collect from others, the more responsible we are of their data.
Enabling 2 Factor Authentication and utilizing different passwords are a great start for ensuring your accounts are secure. MailChimp is even offering discounts to users who enable 2 Factor Authentication!
If you’re looking for additional ways to secure your website and other online platforms, read this post.
HELPFUL RESOURCES
I am by no means an expert on GDPR. I’m just sharing some simple tips and tricks that can help you easily implement it for your creative business.
I found Amy Porterfield’s Podcast with Bobby Klinck really helpful, listen to it here.
This guest blog post on HoneyBook | Rising Tide by Christina Scalera, creative attorney who owns The Contract Shop was also really helpful.
Have additional questions about the GDPR? Let me know in the comments below! If you found this article helpful, I’d love it if you shared it with other creative business owners!
xo,
Sianne
