Missed the GDPR Deadline? 3 Easy Fixes to Make Now To Avoid Legal Trouble

what is a privacy policy gdpr

do i need a privacy policy gdpr

So unless you live under a rock, you got blasted with 8 bajillion emails in the last few weeks about the General Data Protection Regulation (GDPR) — the EU privacy law that went into effect last Friday, May 25, 2018.

Everyone and their grandmother emailed you to let you know about their updated privacy policy, maybe asked for your consent, and definitely clogged up your inbox.

Meanwhile, you’re just trying to run your own business — trying to keep up with creating content, writing posts, answering emails, engaging on social media, and actually coaching or doing work for clients.

So you decided to shove that little GDPR thing off for a bit.

And then time got away from you.

You realized how overwhelming and annoying it was (don’t blame you ONE bit!) and felt like you were too far behind to do anything in time with the May 25 deadline. So why even bother?

You might have even wondered whether the GDPR was even a big deal. “Do I really need to comply? How many people from the EU are even on my list anyway?!”

But since then, you might have seen how everyone in the online space, for the most part, is trying to comply — so doubt started to creep in about whether you did, too.

Now, it’s almost a week later and you haven’t done anything. Mostly because you’re still busy… but also because now you’re SUPER confused about what to do.

Can you email your list after the May 25th deadline?

Should you just reach out to everyone?

Can you just require double opt-in and call it a day? (Hint: no, double opt-in doesn’t have anything to do with GDPR and it doesn’t put you in compliance).

I wanted to write this post for you today. I wanted to write to the woman who “accidentally” forgot to get her GDPR stuff in order, and is now sitting here wondering what the heck to do.

Don’t get me wrong — this isn’t the ultimate, best, most-legally-prudent thing to do. That would have been complying by the May 25th deadline.

But the reality is that I hear from so many of you that one thing lead to another, and you just didn’t make the deadline.

So your current truth is that you need help. And it might not be pretty or perfect, but that’s exactly what we’re going to do today.

Here are 3 things you can do right away if you haven’t gotten into GDPR compliance yet…

1. Get a Privacy Policy

Honestly, you should have had one already thanks to United States email marketing laws like CAN-SPAM or California’s CAL OPPA law, which requires you to have a solid privacy policy already.

A privacy policy basically tells people who you are, what kind of info you collect from them, and when you collect it (i.e., browsing history via Google Analytics, forms, opt-ins, etc.) so that they can control or erase their personal info.

Thanks to a few U.S. privacy laws, California’s law, and now the GDPR, you’re required not just to HAVE a privacy policy — but have one that covers a number of important elements in a way that’s tailored to you and your business.

Copying and pasting someone else’s privacy policy won’t cut it. Thanks to laws like CAL OPPA and the GDPR, your policy need specific-to-you language that tells people how you go about your business.

Plus, with my privacy policy template, you’ll have your own custom privacy policy ready to go in less than 30 minutes. It’s so not worth the haggle of taking someone else’s policy that doesn’t apply to you!

(P.S. Need more than just a privacy policy? If you haven’t gotten your website disclaimer or terms & conditions up yet either, check out my Total Website Solution bundle, which includes all 3 website policies at a huge savings!)

2. Segment Your List

If you’re in my course, Fearlessly Legal, then you know that the #1 step to the GDPR is to segment your list. “Segment” means to corral. Ok, maybe not officially. You basically want to use your email service (i.e., ConvertKit, MailChimp, AWeber, etc.) to group those on your email list based on their location.

IF YOU’RE OUTSIDE THE EU: If you can, segment those on your list who are located within the EU or whose location is unknown. You figure out their location data based on what your email service provider tells you. For example, in ConvertKit, I created a new segment on my list called “EU SUBSCRIBERS” and I filtered by “Location: European Union”.

This is super important for those of you who haven’t quite complied with the GDPR yet.

At the very least, and I’m not saying it’s the most “legally legit” thing in the world, segmenting will prevent you from continuing to email EU people whose consent you didn’t get by the May 25th deadline.

For now, just exclude your entire EU segment each time you send an email. Once you get a system in place, you’ll be able to add in those who give you their consent.

3. Add in Consent Tools

Even if you didn’t comply by the May 25th deadline, you can still make sure that people entering your email list from now on get there the right way.

In case you missed it, the basic gist of the GDPR is to give people an idea of exactly what they’re opting into. That means that the old way of doing this (having someone opt in for your freebie and then adding them to your email list), won’t work anymore for your subscribers based in the EU.

Inside of my course, Fearlessly Legal, I include a 3-part GDPR video training where I show you exactly how to do this, and even how I have this setup in my own business. Haven’t checked out Fearlessly Legal yet? Learn more HERE.

If you’re outside of the EU and need to set up a system to get EU people’s consent, here are a few ideas:

Checkboxes // 

When possible, add unchecked checkboxes to your opt-in forms, landing pages, etc. that ask people for specific, affirmative consent to receive promotional emails from you in the future. This is PERFECT to use on freebie opt-ins, where you want to add this person to your regular email list or sequence moving forward.

Freebie Delivery Email //

Since you’ve segmented your email list, consider creating a separate email sequence for those people who enter your list who are IN the EU. That way, they still get the freebie delivery email, but you can add a section to that email that asks them for consent to send promotional emails moving forward. You could do by a link that tags them, taking them to a landing page, or sending them to fill out a form. Either way, you have to be explicit and specific about what you’re going to email them about (promotions/advertising vs. content newsletters).

Privacy Policy Link //

No matter what option or route you choose, you need to include a link to your spiffy privacy policy where ever you ask for EU people’s consent or personal info. That means in your delivery email to EU people, on forms, landing pages, etc.

Ask It Where You HAVE To //

As much as you can – limit these tools to be shown to EU people ONLY (if you’re not in the EU yourself). You don’t need to get these level of consent from everyone, if you’re an American/Canadian entrepreneur. So doing so will put an unnecessary filter on your subscribers, and will seriously hurt your opt-in rate. I use ConvertKit and they gave us the option to show the checkboxes on opt-in forms and pages to those located within the EU only. I took it : )

So, there you have it! These are just a few ideas of some of the quick-action steps you can take to tackle the GDPR this late in the game.

If you have any questions, get in touch! I’d love to hear from you.

If you haven’t already, learn more about my privacy policy template (which is most certainly updated with GDPR language and sections!) or my DIY Total Website Solution bundle, which includes your privacy policy, website disclaimer, and terms & conditions templates at a huge savings.

PS. IMPORTANT: Remember, this isn’t legal advice that pertains to you, your personal situation, or your exact business situation. This is general information and education meant to help you learn what areas of your business need legal attention. This information, or anything else on my site, is not meant to replace, or be a substitute for, legal advice from your own attorney licensed to practice law in your area. Always consult a local attorney in your area for legal advice regarding your exact situation.


Join The Conversation

So What Do you think?

Share Your Thoughts

Your email address will not be published. Required fields are marked *

want to learn how to legally
protect your business?

Watch My
Free Legal Workshop to Learn How

Get Instant Access Now

You May also like