So unless you live under a rock, you got blasted with 8 bajillion emails in the last few weeks about the General Data Protection Regulation (GDPR) — the EU privacy law that went into effect last Friday, May 25, 2018.
Meanwhile, you’re just trying to run your own business — trying to keep up with creating content, writing posts, answering emails, engaging on social media, and actually coaching or doing work for clients.
So you decided to shove that little GDPR thing off for a bit.
And then time got away from you.
You realized how overwhelming and annoying it was (don’t blame you ONE bit!) and felt like you were too far behind to do anything in time with the May 25 deadline. So why even bother?
You might have even wondered whether the GDPR was even a big deal. “Do I really need to comply? How many people from the EU are even on my list anyway?!”
But since then, you might have seen how everyone in the online space, for the most part, is trying to comply — so doubt started to creep in about whether you did, too.
Now, it’s almost a week later and you haven’t done anything. Mostly because you’re still busy… but also because now you’re SUPER confused about what to do.
Can you email your list after the May 25th deadline?
Should you just reach out to everyone?
Can you just require double opt-in and call it a day? (Hint: no, double opt-in doesn’t have anything to do with GDPR and it doesn’t put you in compliance).
I wanted to write this post for you today. I wanted to write to the woman who “accidentally” forgot to get her GDPR stuff in order, and is now sitting here wondering what the heck to do.
Don’t get me wrong — this isn’t the ultimate, best, most-legally-prudent thing to do. That would have been complying by the May 25th deadline.
But the reality is that I hear from so many of you that one thing lead to another, and you just didn’t make the deadline.
So your current truth is that you need help. And it might not be pretty or perfect, but that’s exactly what we’re going to do today.
Here are 3 things you can do right away if you haven’t gotten into GDPR compliance yet…
2. Segment Your List
If you’re in my course, Fearlessly Legal, then you know that the #1 step to the GDPR is to segment your list. “Segment” means to corral. Ok, maybe not officially. You basically want to use your email service (i.e., ConvertKit, MailChimp, AWeber, etc.) to group those on your email list based on their location.
IF YOU’RE OUTSIDE THE EU: If you can, segment those on your list who are located within the EU or whose location is unknown. You figure out their location data based on what your email service provider tells you. For example, in ConvertKit, I created a new segment on my list called “EU SUBSCRIBERS” and I filtered by “Location: European Union”.
This is super important for those of you who haven’t quite complied with the GDPR yet.
At the very least, and I’m not saying it’s the most “legally legit” thing in the world, segmenting will prevent you from continuing to email EU people whose consent you didn’t get by the May 25th deadline.
For now, just exclude your entire EU segment each time you send an email. Once you get a system in place, you’ll be able to add in those who give you their consent.
3. Add in Consent Tools
Even if you didn’t comply by the May 25th deadline, you can still make sure that people entering your email list from now on get there the right way.
In case you missed it, the basic gist of the GDPR is to give people an idea of exactly what they’re opting into. That means that the old way of doing this (having someone opt in for your freebie and then adding them to your email list), won’t work anymore for your subscribers based in the EU.
Inside of my course, Fearlessly Legal, I include a 3-part GDPR video training where I show you exactly how to do this, and even how I have this setup in my own business. Haven’t checked out Fearlessly Legal yet? Learn more HERE.
If you’re outside of the EU and need to set up a system to get EU people’s consent, here are a few ideas:
When possible, add unchecked checkboxes to your opt-in forms, landing pages, etc. that ask people for specific, affirmative consent to receive promotional emails from you in the future. This is PERFECT to use on freebie opt-ins, where you want to add this person to your regular email list or sequence moving forward.
Freebie Delivery Email //
Since you’ve segmented your email list, consider creating a separate email sequence for those people who enter your list who are IN the EU. That way, they still get the freebie delivery email, but you can add a section to that email that asks them for consent to send promotional emails moving forward. You could do by a link that tags them, taking them to a landing page, or sending them to fill out a form. Either way, you have to be explicit and specific about what you’re going to email them about (promotions/advertising vs. content newsletters).
Ask It Where You HAVE To //
As much as you can – limit these tools to be shown to EU people ONLY (if you’re not in the EU yourself). You don’t need to get these level of consent from everyone, if you’re an American/Canadian entrepreneur. So doing so will put an unnecessary filter on your subscribers, and will seriously hurt your opt-in rate. I use ConvertKit and they gave us the option to show the checkboxes on opt-in forms and pages to those located within the EU only. I took it : )
So, there you have it! These are just a few ideas of some of the quick-action steps you can take to tackle the GDPR this late in the game.
If you have any questions, get in touch! I’d love to hear from you.
PS. IMPORTANT: Remember, this isn’t legal advice that pertains to you, your personal situation, or your exact business situation. This is general information and education meant to help you learn what areas of your business need legal attention. This information, or anything else on my site, is not meant to replace, or be a substitute for, legal advice from your own attorney licensed to practice law in your area. Always consult a local attorney in your area for legal advice regarding your exact situation.