What is GDPR? And are you wondering if it affects you as a blogger?
Well, they most likely do. And in this article, I will explain what GDPR is and how it pertains to us bloggers.
Disclaimer: I’m not a legal professional nor do I play one on the internet. Consult an attorney to make decisions for your blog/business related to GDPR.
Side note: Yes – this is a long article. If you'd prefer to be lazy, you can jump to my summary for lazy people at the end in the form of an infographic.
Don't worry, when I say lazy, I say it with love, lol.
The Privacy Problem
It's the buzzword these days – privacy. Everyone wants it, but nobody seems to have it.
Sites like Facebook seem to throw privacy out the door with the baby and the bathwater.
So many news agencies are up in an uproar over Cambridge Analytica. Russia seemingly undermined the U.S. elections.
What's a country to do? Well, the continent of Europe has decided to do something big, and it's called GDPR.
What is GDPR?
GDPR stands for General Data Protection Regulation. According to the GDPR website, the goal is “to protect and empower all EU citizens data privacy and reshape the way organizations across the region approach data privacy.”
In simple terms, Europe wants their citizens to have more control over how and when companies use their personal data.
A VERY Brief History
Back in 1995, Europe established the Data Protection Directive. This had some general guidelines for data protection.
But every European state could create its own local laws based on the directive. As you can imagine, this resulted in a messy situation with laws that were difficult to enforce.
Some states had very strict privacy laws. Others were more lenient.
The EU parliament wasn't feeling this and wanted something more uniform.
So on April 14th, 2016 they approved the GDPR, and the world turned upside down (hat tip to the Hamilton soundtrack).
There is one HUGE difference between the GDPR and the data protection directive of old.
The GDPR governs ALL member states.
So Does it Affect You as a Blogger?
The GDPR affects any blogger who collects any data from EU citizens.
It doesn't matter if your blog or business is in Europe or Timbuktu.
Let's say you're building an email list (which you should be doing). If you collect ONE email address from ONE EU citizen, the GDPR applies to you.
In other words, if you're a blogger, it's safe to say that it applies to you.
I mean – I'm an EU citizen (bet you didn't know that). If I'm on your email list and you don't uphold the GDPR, I can probably report you ;).
So what exactly does this mean for you? I'm Glad you asked.
Get Consent and Make it CLEAR!
This is one of the most significant tenets of the GDPR. They are very explicit in their statements on how you should get consent.
Let me make it clear for you. Let's say you're collecting email addresses to build your email list. Make sure to follow these guidelines:
- Be clear about who you are. They should know who they are transacting with.
- People must opt-in to receive your messages (HALLELUJAH). If you've been adding people to your list, STOP IT NOW.
- Consent must be “freely given, specific, informed and unambiguous.” Use clear and plain language letting them know what they signed up for.
- If you are using their personal data in any way, let them know how.
- Silence is NOT consent. In other words, they have to actively show that they want to join your list. Do not use any pre-checked boxes or anything like that.
- Only collect what's necessary (they call this Data Minimisation). Don't collect any data that's not needed for the intended purposes.
- “It must be as easy to withdraw consent as it is to give it.” In other words, don't have those hidden unsubscribe links that nobody can find.
The Burden of Proof Lies with YOU
It is now your responsibility to be able to prove that you have consent. You have to keep a good record of this.
Fortunately, good service providers are aware of these changes. They should be taking steps to be compliant. To be on the safe side, check with your email service providers to see what they are doing.
I use Drip. They are aware of the situation and working on making sure that they are compliant by the deadline.
But it doesn't end there. You are the one that needs to make sure that everything is being done to meet the regulation.
What About Existing Subscribers?
So Leslie, what about my existing email subscribers? Surely I don't have to do anything about them since they subscribed before the GDPR took effect. Right?
Based on the GDPR, you have to bring those subscriptions up to the current standards.
If the EU citizens on your list have not given the kind of consent required based on the GDPR, you have two options:
- Get the kind of consent I spoke about earlier. It must be “freely given, specific, informed and unambiguous.”
- Remove them from your list.
How do you know if you have EU citizens on your list? Most email service providers will allow you to search by Time Zone.
In Drip, you can search for anyone with a Time Zone in Europe.
Just to give you an idea, I have 16,880 people on my email list. 1,507 of those people are in European time zones.
But this doesn't account for EU citizens living outside of Europe.
So What if I Do Nothing?
I know – it's tempting to think this. I mean, what's the big deal? Nobody's coming after me, right Leslie?
Well, they are taking this seriously. Not following the regulations can lead to some pretty significant fines.
How big? Up to €20 Million, which is almost $25 Million US, or 4% of global annual turnover – whichever is HIGHER. I read that and chuckled.
The exact thought that came to mind was – DANNNGGGGGG, these EU people are SERIOUS.
And yes – they are. Will they come after you? Technically, they can. But I would imagine that coming after small bloggers would be quite an undertaking.
So What do YOU Think About this Leslie?
Yes, this is a HUGE change for the industry. Yes, the requirements are stricter. But you know what?
I LOVE IT!
Does it make it harder to grow your email list? Yes. But I believe it gives you a much higher quality subscriber.
Instead of using shady tactics to boost our subscription rates, we have to do it by providing value.
- We have to be more transparent about what we're collecting. Transparency breeds trust, and I love it.
So I won't complain about the GDPR. Instead, I will embrace it as an opportunity to up my game. I look at it as a challenge to become better at what I do.
And I always love those kinds of challenges.
But it's not all about me.
What are your thoughts? Let me know in the comments section below.