The deadline for GDPR compliance is quickly approaching. The European privacy law, General Data Protection Regulation (GDPR), will take effect May 25, 2018. This new regulation imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), as well as those that collect and analyze data tied to EU residents.
The GDPR applies no matter where you are located. You should also note the new regulation will drastically impact your existing email marketing list regarding the forms and methods used to get them ON your list, and what you need to do to make those on your existing list compliant!
The “spirit” of this post was the content of my tips ezine last Friday. But it seems as if I need a rewind button … because it appears more we learn about the new GDPR rules and regulations, the less we really know. At least about how it impacts email marketing. Not so much the part about website compliance.
According to one of the people I trust most about website security and the other really, super techy things we have to do to be compliant with all of the new rules and regulations popping up here and there, there are 6 steps you need to take to be GDPR Compliant.
- Document all the ways you collect personal data on your site and any 3rd party vendors you share it with.
- Determine your legal basis for the right to process that personal data with regard to the Lawful Grounds rules section of the GDPR.
- Determine the best places to post your new policies on your site.
- Determine the best ways to gather consent from visitors and supply requested info on how you track them, as well as a way to anonymize that data upon request.
- Develop a system to safeguard all data you collect.
But before you start freaking about everything that has to be done before GDPR takes effect on May 25 … understand that this new regulation was just passed in April, and NO ONE knows everything they need to know regarding the subject. So don’t jump the gun and start doing things that might impact your site and data negatively!
MaAnna Stephenson of BlogAid, is working diligently to help us figure it all out in an easy to digest manner. This Tips Tuesday GDPR Guide explains what the GDPR is, what you need to know, and how to start the process of becoming compliant … without losing your mind and freaking out. The GDPR Guide is a living, breathing document that will be updated as things become clearer and more information is known. So my best advice to you would be to keep referring back to this document for updated information. That’s one of the things we are doing, so we can be as up-to-date on the information as we can so we can get our own websites and email marketing practices in compliance, and help our clients do the same.
The website stuff will be different for each business owner, based on the specifics of their business, how and why the collect personal data – and what they do with it, and a few other things. When it comes to email marketing though, it’s not really clear regarding what we need to do and how. Just that GDPR is not just for those in the EU, or those who market to EU citizens, but everyone. Everyone includes all of us in the US and Canada whether we specifically or actively market to EU citizens or not.
Depending on the email marketing platform you use, the who, what, where and how of it all can be quite different. Here are a just a few links that point out some of those differences regarding some of the most popular platforms:
And then there is this: https://www.eugdpr.org/
As you can see, the information varies. And sadly, it seems the more we learn, the less we know.
What I’m doing: I use MailChimp as my email marketing platform. Updating my opt-in forms to be GDPR compliant was super easy according to their instructions for making my list and optin forms compliant. However, MailChimp’s stance regarding email communication after May 25, is that you can’t email anyone who hasn’t updated their information to confirm they still want to receive content. If you follow their instructions, when someone updates their information, they are thrown into a permission-based segment on your list. That’s the list you can continue to use after May 25. This, however, is NOT specific in some of the other platforms. So you can see where the confusion sets in.
And … if you look at this blog post from aWeber, it addresses this particular point, and the spirit of the law behind it.
Either way, I followed the instructions so my contacts are thrown into the permission-based segment when they reply to the “let’s keep in touch” email when I send it. It works for me, because I have a ton of people who never open my weekly newsletter … not even the re-engagement emails I’ve sent letting them know they can unsubscribe from my list. So for me, this will be a good thing because only those who truly want to be on my list will confirm.
As it’s been pointed out by many … once the GDPR compliance deadline of May 25 passes, the dust will most likely settle a bit, and things will become clearer. It’s probably safe to say things will continue to change, and this will be an ongoing process – at least for those of us in the US who seem to have less information than anyone else.
Do I sound confused? Yes. That’s because I am … but more about the email marketing part than anything else. For me, right now is about doing what I can to be as compliant as I know how to be with the information I have. And the information I have is from the instructions and information the various email marketing platforms continue to provide. Then I take a deep breath … breathe in, breathe out, and carry on! At least until new information is brought to light.
How has your GDPR compliance journey been? Are you panicking? Are you putting it aside because you think it’s a lot like Y2K was? Or are you simply taking it all in stride, going with the flow with what you know, and waiting for the dust to settle as you do what you can with what you have?
Tell me … inquiring minds really do want to know.
Also published on Medium.
In business since 1991, Terry Green is the founder/CEO/President of BizEase Support Solutions, an American-based, online marketing support company comprised of a team of talented professionals from around North America. BizEase excels at providing speakers and business coaches worldwide with seamless online marketing solutions, from setting up shopping carts and editing video, to writing blog posts and managing Social Media and PR campaigns. BizEase clients (who span five continents) take great joy in allowing the BizEase team to take care of the details so they can get back to doing what they do best! Click here to get our weekly tips ezine delivered to your inbox every other Friday, with tips on plugins, apps, and tools to make you more productive today!