Let me start by saying: this is not a guide on how to implement GDPR in your business.

In this article, I want to highlight some of the more practical things. GDPR has so many facets … if I hadn’t been forced to comply with it, I wouldn’t have looked at it at all. So this article is intended to be a list of facts and resources, and I am also adding some funnies to it at the end.

Also, I am not saying I am providing full and complete information in this post. What I am rather intending to do here is to give you – as the owner of an online business – some practical clues what to think about and what to work on, on your journey of complying with this new regulation. Note that I am not a lawyer, nor do I mean to provide advice in replacement of one. It is highly recommended that you seek legal advice for anything that seems unclear.

 

It’s an awful lot of work that is required from us. Many of us won’t have everything completed on this magical date (May 25th, 2018) — but you know what: it’s not the end of the world. We will get there over time. We will make mistakes. But we will also grow with it.

With that having said, let’s begin.

 

GDPR is a big deal. It’s maybe not as bad as people have made it out to seem. But it is something that shouldn’t be ignored. Here are some quick links what to expect to be included in this article:

What you have to do now as a website owner

When you run an online shop on your website

Get a free Web Audit & check your website for GDPR Compliance

Question Pool: your questions answered

What are the consequences if you do not comply?

Offering freebies in exchange for subscribing to your newsletter doesn’t work any longer

Checklists

Roundup Posts & Resources about GDPR

Privacy Policy Templates

The funniest Tweets about GDPR

GDPR - and now what?

Disclosure: Behind a few of the links are affiliate links. This means, if you click on them and decide to purchase something, I may earn something. (Thanks!)

What you have to do as a Website Owner

As a site owner, it is up to you to communicate how your customers’ information is being used. It’s more of a communication and process question, rather than something that can be solved with technology.

 

EU has discretion to issue warnings or overlook violations. If you deal with 99% non EU information and a few EU people slip in and you are not compliant they are not likely to seek any punishment.

 

☞ If your visitors only read your blog / site, you don’t need to do anything, however, if they sign up for a newsletter, then you need to add some information to your Terms and Conditions. It then depends on the service you use for your email subscription. Often, the data is not stored on your WordPress blog, but on the email server. Most companies (like Mailchimp) include an unsubscribe link into all of your messages, so customers can delete themselves from the list at any time – just make sure to use double opt-in (as in: users need to confirm that they really do want to get on that list).

 

☞ If you are doing high volume sales and intentionally targeting EU residents/citizens, you may be subject to penalties. Do not assume this cannot be enforced outside of the EU. It is not true. Some companies will be required to have a legal representative in the EU if they are large enough.

just to be GDPR safe im gonna text everyone in my phone contacts list and tell them I hold their phone number and email address and ask if they want to continue receiving texts from me

— Chris Greene (@HateChrisGreene) May 17, 2018

When You Run an Online Shop on Your Website

GDPR is applicable to everybody who collects data from visitors from the EU.

When you sell via your website, you’re collecting even more data. Not only will you need people’s names and email addresses, you’ll also need credit card details and possibly physical addresses too.

If you collect emails when making a sale on your website and then add those email addresses to your mailing list, you must tell people, and gain their specific consent to you holding their data and using it in this way.

Run a Website Audit to Check for GDPR Compliance

Get started with a free web audit of your website and check if it is compliant with the General Date Protection Regulation and the ePrivacy Directive.

GDPR Website Audit

I’ve literally never had more spam since GDPR came out.

— Scouse Bird: Steph B (@ScouseBirdBlogs) May 23, 2018

Question Pool: Your Questions Answered

Since the consequences of not complying seem so dire, we all are asking ourselves a lot of questions. What if this / what if that …

Looking for answers myself, I have found some trustworthy material on YouTube that I feel is worth sharing with you. The Bitesize Marketing Channel answers questions most of us are looking for answers to, like:

Ironic that the GDPR has almost certainly unleashed the biggest torrent of spam in the history of the internet.

— Alistair Cunningham (@Cunningham_UK) May 23, 2018

What Are The Consequences If You Do Not Comply?

The maximum sanction for non-compliance with the GDPR is 20,000,000 Euros or up to 4% of your annual worldwide turnover (based on figures from the the preceding financial year), whichever is the greater.

The future of email is just receiving GDPR privacy notices until your inbox fills up and you no longer have the will to use email anymore.

— Aaron Levie (@levie) May 24, 2018

Offering a Freebie in Exchange for Subscribing to Your Newsletter Doesn’t Work Any Longer

Old times. The purpose of you creating an awesome freebie was so that you could add your new user to your list of subscribers – in exchange for your freebie. Right?

New times. With the GDPR in effect, you are only obtaining consent from your users to process their personal data to send them the freebie. They did not give you consent to be added to your newsletter list – and you cannot just add them.

If you would like to add them to your newsletter, you’ve got two options:

  1. You request a separate consent (maybe in the same sign-up form), or
  2. You use a double opt-in, and request separate consent in the email you are sending to confirm their sign up.

 

However, it’s important to keep in mind that under the GDPR, when you are requesting consent for separate matters, each request must be distinguishable. You are not allowed to bundle requests. Bundled requests are not compliant with the regulation.

 

This means, freebies are now really freebies. They are not conditional freebies, aka: “If you give me your email address, I send a giveaway your way”.

Checklists

❏  With a form, say why you’re collecting the data and how you will use it.

❏  Provide a double opt-in to ensure you have informed consent.

❏  When sending out emails, provide an unsubscribe option and a ‘forget me’ option. If someone asks to be forgotten, delete their data – don’t just stop sending them emails.

❏  If you share data, tell the owners of the data and ask for their consent. Don’t share without consent.

❏  Use forms plugins and mailing list providers that are GDPR-compliant.

❏  Include a privacy policy on your website with details of the data you process and hold, what you do with it, whether you share it, how people can access their data and how they can delete it or have it deleted.

 

There is also a GDPR Compliance Checklist for purchase.

Roundup Posts & Resources about GDPR

Shaylee Smith shares in her Roundup of GDPR resources to get compliant, checklists, email marketing insights (MailerLite + ConvertKit), resources for privacy policy templates and cookie notifications.

 

Very useful I found Robert Partridge’s article GDPR: Does your blog need to be compliant? In his honest article, he dives into the GDPR law and extracts the important points. I also appreciated that he translated that back into plain English. Another thing that really stands out in this article is the compliance test that you can do yourself in order to determine whether or not you are subject to the GDPR as a blogger: 8 questions, yes/no answers. Easy.

 

GDPR eBook

Chances are you don’t actually have to worry at all about GDPR, because you don’t need to be compliant with it.

With this eBook, The Blogger’s Guide To Avoid Being Subject To GDPR, makes you understand the criteria for determining if your blog is required to be GDPR compliant along with actual strategies you can implement to keep your blog from being subject to GDPR. Read more here.

Privacy Policy Templates

Here are a few resources where to get a privacy policy from. Please be considerate and decide yourself whether a publicly available privacy policy would be a good fit for your business. At the very least, it is something to get you started. — Here are a few free and paid resources for privacy policies:

 

Free Privacy Policy Generator from Shopify

Free GDPR compliant Privacy Policy template (from a lawyer)

GDPR compliant Terms & Conditions + Privacy Policy for your Website (paid)

At GetTerms.io you can generate a simple Terms of Service and Privacy Policy for your website. The basic version is for free, whilst the custom and comprehensive version do require a small investment from you.

The Funniest Tweets About GDPR

Because it’s better to laugh than cry, let’s try to find some humor in this situation.

remember folks: if your ex contacts you out of the blue in the next week, it’s probably only because of GDPR compliance

— Casey Kolderup (@ckolderup) May 16, 2018

My entire inbox is beginning to feel like the ramblings of a desperate ex-boyfriend #GDPR pic.twitter.com/3sFe5B09LC

— Sarah O’Connor (@sarahoconnor_) May 23, 2018

My mum is leaving it awfully close to the GDPR deadline to ask if I want to opt in to receive her emails, calls and texts.

— Sharon O’Dea (@sharonodea) May 15, 2018

“WARNING. In our butcher’s shop we might ask your name and remember your meat-related preferences. If you are worried about this, please enter the shop while shouting ‘I DO NOT AGREE!’, and we will henceforth pretend we don’t know you.”#GDPR HT @PhRoose cc @bobnease pic.twitter.com/sDhveLiBqj

— Koenfucius (@koenfucius) May 19, 2018

A joke.

Do you know a good GDPR expert?
I do.
Can I have their email?
No.

— Grant Tucker (@GrantTucker) May 23, 2018

My granny just emailed to confirm I’d still like to receive;

Birthday cards ◻️
Lynx sets◻️
Phonecalls about nothing ◻️
Updates on who has died ◻️#GDPR

— Mick (@Mi_Bonn) May 15, 2018

Just received an email from a wealthy Nigerian Prince.
He told me that he doesn’t have any fortune to share with me at the moment but he would appreciate if I could let him know before May 25th if I wish to continue receiving emails….#GDPR

— Paul Binning (@StarrdLtd) May 8, 2018

gdpr inspirITIng tech bundle online services
gdpr inspirITing video business training
gdpr inspirITing Workflow Kit Master-Project
GDPR - And Now What?

Pin It on Pinterest