Quick disclaimer: the information below is only to be used as suggestion, not actual legal advice. I am not an attorney or qualified to give you legal advice.
Today is May 25th, the day GDPR goes into effect. You’ve probably heard it mentioned over the last few months, mostly in headlines or in reference to internet privacy. If you’re like me, you skimmed over it thinking, “I’ll read more about that later.”
Well, we’re at later, and if you have a website or blog, you might want to get into gear. It doesn’t matter whether you have 100,000 or just twenty monthly viewers, because it could affect you. With the high fines possible if you’re noncompliant, you don’t want to ignore this.
GDPR (General Data Protection Regulation) is (in really generic terms) a new law in the EU (European Union) that focuses on the privacy and collection of data, specifically personal data. This means you probably should update your privacy policy, whether on your author website or elsewhere. It doesn’t matter whether you’re in the EU or not because it could affect you.
For instance, I’m an American writer but have collected email addresses from European readers. I’m a little sketchy on the nitty-gritty of it all but I suspect that pulls me under part of GDPR too.
Doesn’t matter whether you fall under it or not, because it’s best to be safe, right?
So, what are a few things you can do?
I’m not giving you legal advice, so please take my suggestions as just that: suggestions. Every situation is different, but I realized while working on my own policies that a lot of writers out there, especially indies, might be caught by surprise by GDPR. I understand because I’m still slightly confused, but like many things, I’m researching and learning as I go.
- The Collection of Information
That email list you have? You might have a few problems.
I’ve always received email addresses for my newsletter via my website. I use a pop-up and opt-in form. The information then goes into TinyLetter, Mailchimp, or the preferred email automation service. I did it this way because it seemed most ethical, and it turns out that’s how it should be for GDPR. This is a snapshot of my opt-in form on my homepage. Notice it says there that we don’t share info? That’s important.
Recently, I’ve heard more and more stories of authors gathering email addresses by swapping lists with other writers (Eek!). Just don’t do that. If you have, remove all of those email addresses from your list immediately or you are in a serious breach of privacy.
Another thing that happens is gathering info at book signings and other events. That’s not bad at all! The problem is you need a clear record of when the person requested to be put on the list to be GDPR compliant. If you use a form that connects to your email service (like my form on my website links to TinyLetter), you’ll have a clear list of dates/times and etc. when someone signed up. You probably won’t have that if you manually entered their info.
Also, if you keep all those email addresses in unlocked files on your laptop, such as in Word or a spreadsheet, you need to change that. All of those files are too easy to get to if, say, your laptop was stolen.
Last but not least you need to make it easy for your subscribers to unsubscribe. Make sure they have the option to leave the email list at any time. The easiest way is to have an unsubscribe button at the bottom of your email (typically near your address, but that’s debatable). I also have a contact form on my website that they can use to leave as well, so having more than one method is a good idea.
2. Your Privacy Policy
This will differ, but here are a few things to include:
*Who sees and collects the information?
*What is this information used for?
*How is the information protected?
*Is the information shared, and if so, how? (Hopefully, the answer is no, you’re not sharing it.)
*Where is this information kept? (Such as what email service you put it into. This is kind of up to you whether you want to be this transparent or not with your readers. From what I’ve researched, some say to share and others say it doesn’t matter.)
*Can they unsubscribe at any time and how?
*Does your site use cookies? If so, why? How can they get rid of it if they want to? (This is pretty simple. Usually, you can get by with saying something like, “Cookies allows us to collect marketing information. If you wish to use our site without it, change your browser settings.”)
That’s not a perfect list, but that gives you a start. This is what my new policy reads on my author website (and I’m still working on it):
All information gathered through this website, whether through the newsletter sign up, contactform or giveaways is never shared. It is solely for the purpose of sending you emails or contacting you via preferred method, such as phone or text if given, and we will not contact you unless you give permission for us to do so (such as signing up for the newsletter).
Email addresses and names are collected and placed in a software such as TinyLetter, Mailchimp, orother email services. THIS DOES NOT give those companies the right to share, or in anyway use, the information you give us.
We never share,swap or otherwise give out your information.
This site uses cookies, but only for marketing insights and other similar purposes. You can turn off cookies via your browser settings or opt out on the bottom of our homepage.
At any time you are free to opt out of emails or other contact methods. Simply go to the bottom of one of our emails and click unsubscribe, or contact us via our form below with the comment “opt out.”
Again, this isn’t perfect and I’m sure it has a few problems. I figure it’s a good starting point if nothing else. You can use my policy for ideas, but please do not copy and paste it on your site, and again, do not take this post as legal advice. Thanks!
As always, hope this helps.
Alexa M.
Writer in Sweatpants 