I think it’s safe to say that one of the most sweeping events that impacted the online entrepreneurial world this year was the GDPR, a regulation passed by the European Union on May 25th. Aimed at protecting the privacy of EU “internet users”, it initially caused panic in much of the online world, but I’d like to argue the opposite: in all actuality, it just enhanced privacy systems that needed to eventually be put in place eventually.
How do you know if the GDPR applies to you?
Even if you reside in the US, it does. GDPR jurisdiction stretches across every person using the internet in the EU. For example, if a German citizen is traveling into the US, the GDPR will not apply. If that German citizen has a US citizen friend come visit them in Germany, the GDPR will apply, when that US citizen logs into their computer using EU Wifi. For simplicity’s sake, let’s define jurisdiction as those using internet while in the EU, regardless of citizenship. (If you’re looking for more information on the what, why, “hows” of the GDPR, I’d encourage you to check out these posts: My Most Common GDPR Questions, Answered, What Creatives Need To Know About The GDPR).
That seems simple, right?
…Until you start to actually think about the practicalities of compliance if you are conducting an email list in the US- after all, we all know you can segment your list into EU citizens vs. not; but as I mentioned already, its location that matters. How do you know who is traveling where?
For that reason, I want to clarify one of the major concerns that has arisen since the GDPR came into effect: how to conduct email marketing, legally (GDPR compliant). But more than that? How you can operate your email list without worry of the GDPR hanging over your shoulder.
First, hear me out: you should view the GDPR as positive. It allows people who actually want to join your list to join; shows that you are transparent and conduct your business honestly, without them having to feel like you’re “tricking” them into joining.
How to conduct your email list (legally)
First, by “Conducting your email list”, I really mean “How to build your email list through freebies and opt-ins” legally.
Regardless of whom on your list resides in the EU, I would strongly suggest that you operate your entire list to be GDPR compliant. After all, you never know who may be in the EU (even if they’re traveling through on vacation); and more importantly, as a business owner, you have much more important things to do than constantly adjust your list.
So how do you so, legally?
- Ask for consent.
- You must get consent from your email subscribers. Consent must be clear, concise, and freely given. In other words, the subscriber must simply know what you’re asking for, why you’re asking for it, and what you’ll do with it. In other words, if you offer someone a “freebie”, and want them to opt in to your email list in the process, they must know you are doing so, why you’re asking to do so (ie, to continue their education around that area), and what they’ll receive in return (ie, a series of welcome emails, or, perpetual subscription?)
- It’s important to note that you must ask for this consent each time you request a separate processing activity (processing defined as anything you do with the data, such as collection, analysis, etc). You must ask for separate consent for each processing activity.
- Again, I want to make this as practical as possible: this means that you should:
- Get consent for them using your website, if you are tracking data through something like Google Analytics (ie, put a cookie notice on your website);
- Gain consent for each piece of downloadable content;
- Ask for frequency of email preferences;
- Require affirmative consent in each instance- meaning, make them click something like “I agree to the terms and conditions”, etc in each instance. This consent must be “unambiguous”, which again means that requiring an affirmative click to “consent” is satisfactory.
- The Double Opt-in
- Simply put, this means that in the instance of an email opt-in, you must require consent for the opt-in itself (ie, the freebie download), and then consent to be added to the email list moving forward. This is where much of the stress and anxiety has come in from the creative world; however, all this does is require that you effectively communicate what’s to be expected. Make it absolutely clear how the data will be used and ask for consent by affirmative action, and provide options for them to unsubscribe (ie, withdraw their consent) from your email list.
- 5. Back to my original point; and how I’m handling the GDPR myself: I require double opt-ins from all email subscribers; and why? Aside from not wanting to create extra work for myself, the GDPR merely requires clarity in communication, which creates integrity in the content you produce. It may require a little extra educate and effort on your part initially, but at the end of the day, that’s a burden I will happily take on.
What are your thoughts? Does the GDPR (in terms of email marketing), still seem a bit overwhelming to you? Please don’t let it- by using an email marketing system such as Mailchimp, Convertkit, etc, you’ll have clear-cut, easy-to-use directions on how to operate legally (and as someone who has recently switched to Mailchimp, I can tell you, they walk you through the exact steps of compliance. It makes it so easy)
Don’t let the uncertainty of the unknown deter you from creating- make sure your email opt-ins comply with this list, and keep on creating.