How To Get GDPR Compliant

General Data Protection Regulation (GDPR) is an EU privacy law that went into effect on May 25, 2018.

Even though most email service providers have super helpful GDPR-compliant tools as part of their services, you might still be confused about what to do in your business to make sure that you’re following the GDPR rules and aren’t doing anything that could land you in legal hot water.

If you’ve been wondering…

Can I email my list to find out who lives in the EU (am I actually allowed to ask people that?!)?

Should I just reach out to everyone, or only people I think live in the EU?

Can I just require double opt-in and call it a day? (Hint: no, double opt-in doesn’t have anything to do with GDPR and it doesn’t put you in compliance).

Sit back and relax, because I’ve got your back!

Here are 3 things you can do right away if you haven’t gotten into GDPR compliance yet (either because you put it off for a good long time, OR you’re just starting your business and need to know what to do)…

1. Get a Privacy Policy

Honestly, you should have had one already thanks to United States email marketing laws like CAN-SPAM or California’s CAL OPPA law, which requires you to have a solid privacy policy already.

A privacy policy basically tells people who you are, what kind of info you collect from them, and when you collect it (i.e., browsing history via Google Analytics, forms, opt-ins, etc.) so that they can control or erase their personal info.

Thanks to a few U.S. privacy laws, California’s law, and now the GDPR, you’re required not just to HAVE a privacy policy — but have one that covers a number of important elements in a way that’s tailored to you and your business.

Copying and pasting someone else’s privacy policy won’t cut it. Thanks to laws like CAL OPPA and the GDPR, your policy needs specific-to-you language that tells people how you go about your business.

Plus, with my privacy policy template, you’ll have your own custom privacy policy ready to go in less than 30 minutes. It’s so not worth the haggle of taking someone else’s policy that doesn’t apply to you!

(P.S. Need more than just a privacy policy? If you haven’t gotten your website disclaimer or terms & conditions up yet either, check out my Total Website Solution bundle, which includes all 3 website policies at a huge savings!)

2. Segment Your List

If you’re a member of The Ultimate Bundle™, then you know that the #1 step to the GDPR is to segment your list. “Segment” means to corral. Ok, maybe not officially. You basically want to use your email service (i.e., ConvertKit, MailChimp, AWeber, etc.) to group those on your email list based on their location.

IF YOU’RE OUTSIDE THE EU: If you can, segment those on your list who are located within the EU or whose location is unknown. You figure out their location data based on what your email service provider tells you. For example, in ConvertKit, I created a new segment on my list called “EU SUBSCRIBERS” and I filtered by “Location: European Union”.

This is super important for those of you who haven’t quite complied with the GDPR yet.

At the very least, and I’m not saying it’s the most “legally legit” thing in the world, segmenting will prevent you from continuing to email EU people whose consent you didn’t get by the deadline in 2018.

For now, just exclude your entire EU segment each time you send an email. Once you get a system in place, you’ll be able to add in those who give you their consent.

3. Add in Consent Tools

Even if you didn’t comply by the May 25th, 2018 deadline, or you’re brand new to the whole email marketing game, you can still make sure that people entering your email list from now on get there the right way.

In case you missed it, the basic gist of the GDPR is to give people an idea of exactly what they’re opting into. That means that the old way of doing this (having someone opt in for your freebie and then adding them to your email list), won’t work anymore for your subscribers based in the EU.

Inside of my Ultimate Bundle™, I include a 3-part GDPR video training where I show you exactly how to do this, and even how I have this setup in my own business.

If you’re outside of the EU and need to set up a system to get EU people’s consent, here are a few ideas:

Checkboxes // 

When possible, add unchecked checkboxes to your opt-in forms, landing pages, etc. that ask people for specific, affirmative consent to receive promotional emails from you in the future. This is PERFECT to use on freebie opt-ins, where you want to add this person to your regular email list or sequence moving forward.

Freebie Delivery Email //

Since you’ve segmented your email list, consider creating a separate email sequence for those people who enter your list who are IN the EU. That way, they still get the freebie delivery email, but you can add a section to that email that asks them for consent to send promotional emails moving forward. You could do by a link that tags them, taking them to a landing page, or sending them to fill out a form. Either way, you have to be explicit and specific about what you’re going to email them about (promotions/advertising vs. content newsletters).

Privacy Policy Link //

No matter what option or route you choose, you need to include a link to your spiffy privacy policy where ever you ask for EU people’s consent or personal info. That means in your delivery email to EU people, on forms, landing pages, etc.

Ask It Where You HAVE To //

As much as you can – limit these tools to be shown to EU people ONLY (if you’re not in the EU yourself). You don’t need to get these level of consent from everyone, if you’re an American/Canadian entrepreneur. So doing so will put an unnecessary filter on your subscribers, and will seriously hurt your opt-in rate. I use ConvertKit and they gave us the option to show the checkboxes on opt-in forms and pages to those located within the EU only. I took it : )

So, there you have it! These are just a few ideas of some of the quick-action steps you can take to tackle the GDPR this late in the game. And if you want even more insight, I have an in-depth video about GDPR that you can watch on YouTube by clicking here.

If you have any questions, get in touch! I’d love to hear from you.

If you haven’t already, learn more about my privacy policy template (which is most certainly updated with GDPR language and sections!) or my DIY Total Website Solution bundle, which includes your privacy policy, website disclaimer, and terms & conditions templates at a huge savings.

PS. IMPORTANT: Remember, this isn’t legal advice that pertains to you, your personal situation, or your exact business situation. This is general information and education meant to help you learn what areas of your business need legal attention. This information, or anything else on my site, is not meant to replace, or be a substitute for, legal advice from your own attorney licensed to practice law in your area. Always consult a local attorney in your area for legal advice regarding your exact situation.

xo,