GDPR: What is it and how does it work?

If you haven't heard yet, BIG changes are coming this week to how marketers and businesses are allowed to collect, market to, and store data of those in the EU.

So, you may be thinking, "Well, I don't do business in Europe, so I clearly don't have to worry about this." And you're right, you most likely will never run into an issue with it. However, by some off chance that someone living in (or even just visiting) Europe happens to fill out your contact form, it's better to cover your butt and ensure everything is compliant to avoid the hefty fines that can come even from one email address.

The general concept behind GDPR is that you have to have clear and concise language that outlines how you are going to use and store their information. It also must clearly explain what kind of communication they will receive from you if they give you their information, and how they can opt out if they don't want to hear from you any more.

So, what do you need to do to be GDPR compliant? While it's an annoying process, for most people it's something that can be done in an afternoon.

1. Get a GDPR compliant Privacy Policy. Even if you already have one on your site, you must have an updated one to fit the new requirements. Talk to your lawyer, or utilize an online resource like TermsFeed, to get a new, customized one written for you. Include a link to it in the footer of your website (or in the footer on any of your lead pages).

2. Update your opt in forms and email forms. No longer can someone just be added to your email list without giving explicate (not implied) consent. This means that on your website, or on your lead page forms, you must clearly inform someone that they will be added to your mailing list if they fill out the form. There are a few ways to do this:

  • Add a checkbox to your form that someone must click on to be added. If they do not check off the box you CAN NOT market to them.
  • Add language, above the submit button, that clearly states that they will be added to your mailing list if they fill out the form. Language like: "Join my mailing list for this free download..." or "By filling out this form, you will be added to the [company name] mailing list. You can opt out at any time by hitting the "unsubscribe" button." qualifies as giving consent.

3. Link to the privacy policy on ANY form that collects data. Put something like: "We may collect, use and process your data according to our privacy policy." at the bottom.

4. Get consent from your current email list. Unfortunately, even if someone is already on your list, the new law requires you to get their consent to stay on the list (bummer, I know). How to go about this can depend on how many, if any, European's you currently have your list.

  • If you're pretty sure you do not have any European email addresses on your list, you should be pretty safe to send a simple email outlining your new privacy policy and how people can opt out if they wish. This is the option I chose, so feel free to copy the language from my email (no judgement here!) if this is the route you choose as well. 
  • If you know you have a ton of EU addresses on your list, you may want to take the extra step and ask for new consent. Send an email specifically requesting people to opt in or out of your list. Here is a great example.

5. Clean out your current list. According to GDPR, you can not store email addresses from those that have opted out or unsubscribed from your list. Take some time to clean out those unsubscribed or bounced emails that are just sitting there not being used. Another good practice is to clean out addresses that haven't interacted with any of your emails after a certain set amount of time (I usually do six months). These are people who may have signed up for your list at some point, but haven't opened or clicked on ANY of your emails in the past 6 months. While you may see your list get cut down, these are emails that are worthless to you anyways, and are actually just reducing your open rates (which can affect email delivery).

While we are not lawyers, and will always advise you contact one for advice or for any questions, staying GDPR compliant is something that you can get yourself and your business on board with, whether or not you explicitly do business in the EU. Better safe than sorry!

Want more information and trainings on all things growing your business online? Check out The Digital Marketing Hub where you can get access to full Masterclasses, Guest Expert Trainings and answers to your digital marketing questions!