[image error]
I’ve been busy over the last few weeks accumulating information to share on the latest changes coming out of the EU on Data Privacy – generally known as the GDPR.

I’m sure your eyes are rolling with one more thing you need to figure out. It isn’t all that difficult to figure out and I’ve got some information to share and some suggestions to implement.

First of all, for any of you who have read my Newsletter/Mailing List book will realize, as authors who send out newsletters, we need to follow all the available anti-spam laws (or data security laws) not just the one for the country we live in. The charge comes from the country of the person laying the complaint, not the country you happen to live in.

[image error]

As one of my authors recently said:

I dare them to try to enforce them overseas. Good luck with that. The lawyers will have a field day.

I don’t disagree. However, we need to at least do our best to follow the various laws that are in place.

I fully admit that these data security/anti-spam laws seem overwhelming, they aren’t really. With respect to data privacy, in the US anyone can be added to a list, but they need to be able to opt-out – often by unsubscribing. In every other civilized country, the law is considered to be an opt-in law. This means that people must give permission before you can communicate with them in an electronic fashion (regular emails, newsletters, etc.)

Both these laws were fairly straightforward to follow. Anything that our readers signed up to (subscribe to the blog or a newsletter), we confirmed their choice with a confirmation email.

The new rules coming into the EU go a further couple of steps. They require people to give permission to be contacted freely. The implication of this statement is that we can’t tie a free book, or giveaway offering, to a signup to a mailing list. Although stretching things a bit, the thought is, if we tie a free book or giveaway to a sign-up, the consent isn’t truly freely given.

Because of this, I’m going to suggest that whatever words are used on your signup form, they be reviewed. What used to be phrased as “Signup to get a copy of X free book,” should now be more along the lines of “Sign up to receive your free copy of X book. I would love to keep in touch with news, etc that I think you would be interested in. Check here [ ] if you would be happy to receive emails from me.”

These new rules also require us to be able to respond to requests for people wanting to know how much of our information we have and also requests to change that or completely remove their data. By law you will need to respond to that. Although seemingly overwhelming again, it is quite easy. I’ve put in place on my site a Privacy Policy and Cookie Policy. I simply copied modified already existing templates. (You can find templates here or here for privacy or here for cookies.) These policies will allow people to understand what my sites collect and how to contact me to remove their information.

As the screenshot below shows, MailChimp provides the ability to unsubscribe as well as change information in their footer automatically. Not all the email marketing services do this, but many do as long as you don’t delete it.

[image error]

Next, I’m going to suggest that you put a Cookie notification on your site and allow people to opt-out of Cookie collection. This is a functionality that has been mandatory for websites housed in the EU for some time, but I think it is an easy addition. I have one currently on all my sites.

Next, with respect to already existing names on your mailing lists – there is advice making the rounds that everyone needs to re-opt-in to your mailing lists. Not only is this not true, it is actually in contravention of the new law. What is generally suggested is if everyone has opted in through the newsletter service, then leave them alone. If you have people whom you have collected through mailing list growth exercises – have a look and see if they are opening, clicking, or otherwise responding to notes they have received from you. If they have, consider this implied consent. Ones that are not responding in any fashion, most newsletter services will let you see where they are from. If they are from the EU, consider deleting them.

With regards to the collection of information going forward, I like the quote I found here:

“The GDPR simply says you have to tell people why you need it. If you’re asking for their first and last name, tell them why. If you ask their birthdays, make it clear that you send out coupons as birthday gifts for example. Due to GDPR, there is no more asking for info “just in case” or “for future, undetermined projects.””

The blog post then goes on to say:

“But your #1 goal is to take nothing by default. And honestly, take as little as possible when you do get explicit permission.”

 



Focus on the deliberate choice of the reader – not assuming they would love to join you. To do that, they need to express choices by checking off check boxes or spelling out their wishes.

Going forward, there are a lot of questions about mailing list building activities. Because these companies will want to stay in business, I am assuming they will be changing how they do business and how they collect names. Look for more communication from them to help you understand what changes they are making.

Lastly, if you are using WordPress plugins for various signup functions on your website, changes to be GDPR compliant will automatically go into place. If you are using a newsletter collection service plugin, I am assuming they will all make available changes to their embedded signup forms

Ultimately, it is assumed that the EU will only go after big corporations in their enforcement actions. We don’t actually know this to be true. I know of several authors who have been sanctioned via previously existing laws and time will tell as to what will actually happen.

For now, consider yourself armed with accurate information. Feel free to ask questions in the comments and I’ll do my best to answer and/or refer you to accurate resources.

*****

This past week I published my latest book – focused at Self-Publishing in my typical no-technobabble kind of way.

[image error]

I’ve gotten several outstanding reviews already! Here are 2:

Barb Drozdowich in her new book “How to Self-Publish a book” has produced something lovely. Its easy to read and is packed with well researched information as well as practical advice. This is also very reasonably priced. I highly recommend this to anyone who is interested in publishing a book, even if you don’t self publish. This book gives you a great lay of the land with up to date information that will help you assess the best way to make your work sell. ~ Willy Marz

This book is not just for beginning authors it is also for the seasoned author who wants to try indie publishing. Not only does Barb go over all the key points she includes links and explains what each item is. If you forget why you go along you can use the glossary at the end of the book. Easy step by step to keep an author on track of what to do. She even assigns homework that helps you get use to doing specific things you might not already know. It is a laid back kind of style so a new person will not feel overwhelmed. ~Barbara Hightower

Available from Amazon

If you are looking to subscribe to this blog and have helpful articles like this one appear in your inbox a couple of times a month, the signup widget is just over to the right on the sidebar –>

The post Thoughts on GDPR and authors appeared first on Bakerview Consulting.