A few weeks ago I set aside a couple hours to work on getting the See Jane Write website ready for the General Data Protection Regulation (or GDPR) set to go into effect May 25. I figured it would take me about an hour to read up on GDPR and figure out exactly what it is and another hour to make whatever changes were necessary.

Three hours later I found myself in tears, drowning in legal information I didn’t understand and declaring that I was going to shut down See Jane Write LLC so I wouldn’t have to deal with this mess!

So if you’ve been wondering exactly what GDPR is and how it affects you I’m going to try to explain but first a quick disclaimer: I AM NOT A LAWYER and this is not legal advice. I’m just going to share some of what I’ve learned and point you toward some resources that might help you.

What is GDPR and why should I care?

GDPR is a new privacy law approved by the European Union Parliament that covers how you collect, use, and process personal data of anyone based in the EU. Personal data is anything that can be used to identify a person including their name, email address, bank or credit card information, IP address, location, cookie strings, etc.

You may be thinking that since See Jane Write is based in the United States I don’t have to worry about this. Think again.

This law applies to you even if you have just one client based in the EU or just one person in the EU on your email list! I have hundreds of people on my email list who live outside the U.S. and because we live in the age of the world wide web, you probably do, too.

There are three main things you need to do to get GDPR-compliant and they are things you can actually do before May 25.

Create or update your website’s privacy policy. Your privacy policy needs to spell out (in plain English) the kind of personal data you might collect on your site, how you collect it, why you’re collecting it, how you use it, how you secure it, any third parties who have access to it, if your site uses cookies, how users can request to change or delete their data, and contact information for the “data controller” (which is most likely just you). You’ll also want to send an email to your list letting them know you updated your privacy policy. 

I would NOT recommend trying to write your privacy policy on your own unless you are a lawyer. I purchased a privacy policy template by Lisa Fraley and Gena Shingle Jaffe and customized it to fit my needs, which took less than an hour to do. You can check out my new privacy policy here but don’t copy it because that’s illegal. You’ll need to purchase and customize the template for yourself at damselgoesbare.com/privacy. This is not an affiliate link. I am recommending this template because it is very easy to read and understand and is no more expensive than other templates being sold by other lawyers.

Update how you get consent. Here’s the part of the GDPR that’s going to affect you most. Under this new law, you can’t add someone to your main email list simply because they signed up for your webinar or opt-in freebie (if they’re based in the EU). You now have to get explicit consent to add them to your email list. Most marketing email providers (such as MailChimp and ConvertKit) have updated forms to help you be GDPR compliant. You can take a look at my new opt-in form here. You’ll notice that there’s now a checkbox for folks to click to give me consent to send them marketing emails and I’ve included a link to my privacy policy.

Side note: To be clear, if someone in the EU signs up for your webinar you can send them emails about the webinar (this would fall under what the new law calls “legitimate interest”) and you can email clients and customers in the EU about whatever product or service they purchased from you (as this would be considered necessary to “fulfill a contract”), but you can’t add them to your general email list.

In their extremely helpful webinar, Lisa Fraley and Gena Shingle Jaffe said you can still offer freebies but you have to change your marketing language. Instead of “Sign up here to get my free checklist” you need to say “Sign up for my email newsletter and I’ll send you my free checklist.” In other words, you have to lead with the email newsletter thanks to this new law.

Get fresh consent and clean up your list. Once you’ve updated your privacy policy and opt-in form you’ll need to email the people on your list to get fresh consent because most likely there’s a lot of folks on your list because of an opt-in freebie you offered or a webinar your hosted and starting May 25 you’ll need their permission to continue to email them things not related to that freebie or webinar (if they’re in the EU). So I’ve been sending emails to my list asking them to update their settings and check that checkbox. I decided to email my entire list (not just folks in the EU) because I figured this would be a good time to clean up my list and delete contacts who aren’t bothering to read my content. But you don’t have to do that. You can segment your list and just email people who are based in the EU. Anyone based in the EU who has not given you fresh consent needs to be deleted before May 25.

Before you freak out, keep in mind that the GDPR police aren’t waiting to pounce on every blogger and coach who isn’t fully compliant by May 25. If you do run into trouble it will most likely be because a disgruntled client based in the EU reported you. And if they do you could face some hefty fines, so you should take this seriously. But don’t have a panic attack over it like I did.

Let me stress again that I am not a lawyer and this is not legal advice and, honestly, this just scratches the surface of all the information I’ve been taking in over the past few weeks, but I didn’t want you to feel as overwhelmed as I did, so I just stuck to the basics. Below are some other resources you might want to check out:

Replay of a GDPR webinar by Lisa Fraley and Gena Shingle Jaffe

Are you GDPR Ready? What Marketers Need to Know by Kim Garst

How to Get Your Website Ready for GDPR by Shannon Mattern