This note is for informational purposes only and should not be considered legal advice. I am not a lawyer, but I will binge an entire afternoon of Law and Order episodes. Especially the old ones. Man, I miss Lenny. That said, I am not responsible for any changes you make to your site or your business. Do your research and get your ducks in a row. If possible, consult with a real-life legit lawyer who understands your online business.
Unless you’ve been living under a rock, you’ve probably been inundated with emails from various companies asking you to review their privacy policies. And, if you’re like me, you’ve either immediately deleted the email or thought you never subscribed to this list and unsubscribed.
So here’s what’s going on.
If you have a business based in the EU, or you have customers or collect data from any persons in the EU, you might already be aware of GDPR – the General Data Protection Regulation.
It doesn’t matter if your company is based in or outside the EU – if you process any personal data of EU citizens, GDPR will apply to you and your company. If you are found to be in non-compliance with this regulation, you can potentially be assessed a large financial penalty.
And yes, this impacts you even if you’re based in the US and have ANY EU customers or readers.
What is personal data?
Personal data is any information that could be used to identify an individual – this includes commonly collected information like names, IP addresses, location data, physical addresses and email addresses.
Got a site? You’re collecting more data than you think.
Every bit of software that tracks or stores user info makes you subject to this regulation. I’m talking everything from contact forms, opt-ins, analytics software to what you use to take payments and more!
So how will this affect you with regards to your site, newsletters and opt-ins?
1. You must ensure that user consent is obtained in accordance with the GDPR’s strict new requirements
2. Users must explicitly choose to consent to get info – and pre-checked boxes do not imply consent (so no more pre-filled boxes at checkout!)
3. You must obtain separate consent for each unique opt-in offering – and you can ONLY send info regarding that topic.
4. You must be clear how you will use their data when you obtain consent.
5. Users should be able to delete or modify their information at any time.
6. You must keep detailed records so you can prove how you got user consent.
7. You can no longer add just people to your main marketing list when they signup for your special freebie (Yes, this one is a game changer).
Here’s how I’m handling it for myself.
As a reminder, THIS POST DOES NOT CONSTITUTE LEGAL ADVICE.
There’s more to GDPR than this list below. But it’s a start.
Your situation may vary. Do not poke the bear.
*DENOTES AFFILIATE LINKS
PRIVACY NOTICE & COOKIE POLICY
I’ve updated the privacy policy on my site to include all the services I use. Here’s a tool to do this yourself – if you have more services you want to add, you can upgrade to the premium version (I did to cover my bases – and FYI, this is an affiliate link). The great thing is as I add or remove services to my site using their tool, this policy automatically updates.
I’ve also added a cookie notification – this displays the first time a user comes to my site and it’s easy to add with their plugin.
*IUBENDA PRIVACY AND COOKIE POLICY TOOL
SEGMENT YOUR LIST
I’ve segmented my list into EU subscribers and am asking just that segment to re-consent to my marketing emails. Keep in mind, you’re likely going to lose subscribers. But you don’t want to keep any EU folks in your files after May 25th where you don’t have clear opt-in consent. I’ve always had double opt-in my site, but I’ve used a variety of lead generation tools to build my list. So that’s why I’m asking again. Consider it a way to clean your list.
Here’s how to segment your geographic list in ConvertKit.
- Click on subscribers
- Click on create segment
- Click Add Filter > Subscribed to > Within a country or region > European Union
NOTE: Do keep in mind that this segmentation isn’t 100% foolproof- you may not have geographic info for ALL of your subscribers, so if you’re really worried, you may consider getting re-consent from your whole list.
OPT-IN FORMS
With each embedded opt-in form, I’m showing a special consent screen ONLY to those folks in the EU – this is a special ConvertKit feature and it DOES not work with 3rd party apps. You can find this EU setting underneath your account info. And you need to embed the raw HTML ConvertKit form directly on your site – the plugin or javascript code won’t work for this. More info on how to do this here: https://convertkit.com/gdpr/
OPT-IN POPUPS
I’ve updated my OptinMonster* pop-ups to include a link to my privacy policy AND I’m giving folks the option to opt-in to my main marketing list. Want to get super fancy? Optin Monster has a great feature called Geo-location targeting. This allows you to target OR exclude the EU for each pop-up campaign you create. So if you want to ask only EU folks for explicit consent in your pop-ups you can do that. That feels like even more work, so I’m choosing to just update my pop-ups in one place.
TECHY INFO
You know I love me a click-to-popup for freebies and wait lists. I create the ones on my site using OptinMonster’s* Monsterclick feature. In order to add the special checkboxes to add GRPR consent here’s what I needed to do (note: I use ConvertKit* as my newsletter provider and this method gets a bit techy, so you may need to hire a dev to do this for you).
- In ConvertKit create a tag for GDPR consent (If you’ve turned GDPR functionality in your account settings, this tag will get automatically created for you.)
- Next, grab the ID of the tag.
- Next, go to your form and grab the raw HTML Code.
- Add the checkboxes with the special tag ID to your form code before the button.
Mine looked something like this:
<label>
<input type="checkbox" name="tags[]" value="47967" />
YES! Get emails with my best ninja digital strategy tips, products and services for your online business. You can unsubscribe at any time. Privacy Policy.
</label> - Next, inside of your OptinMonster Pop-Up editor, choose “custom HTML” for the integration type (DO NOT select your newsletter provider).
- Paste in the raw HTML code. You may need to modify font styles and sizes to make everything fit in the box.
- Publish the new pop-up and test the live version on your site. Make sure your subscriber gets tagged correctly.
More info on this method of customizing ConvertKit forms to add checkboxes here: https://help.convertkit.com/article/815-adding-checkboxes-to-your-form-to-tag-subscribers
CONTACT FORM
I add the option for people to join my newsletter on my contact forms – and I use Gravity Forms* to create these forms. I’ve also added a simple required checkbox to my contact form asking for consent to store data submissions.
There are some other GDPR things you’ll want to review if you’re collecting data via forms – more info here: https://docs.gravityforms.com/wordpress-gravity-forms-and-gdpr-compliance/
GOOGLE ANAYLTICS
Make sure to accept the new user agreement inside of your Google Analytics account if you haven’t already. To confirm this, go to Google Analytics / Analytics 360: > Admin > Account > Account Settings (scroll to bottom of page) and agree to the terms.
I’ve also chosen to anonymize IP addresses in my Google Analytics tracking script that on my site
(note: this gets techy and will vary based on your GA setup).
What else can you do to best prepare for the changes?
1. Get informed!
Read regulation guides created by your specific newsletter and software services. Here’s a few great overviews:
https://help.convertkit.com/article/786-gdpr-faq
https://blog.mailchimp.com/gdpr-forms-and-more-tools/
2. Check out other great resources
Suzanne Dibble’s Free GDPR Checklist for Online Businesses*
GDPR For Entrepreneurs: What You Need to Know from Amy Porterfield
3. Don’t panic.
It’s gonna be ok. We’re all in this together!
Leave a Reply