GDPR: 7 Changes You Can Make Toward GDPR Compliance Today
Disclaimer: We are not lawyers. Do not take this as true legal advice. Talk with actual lawyers, if you have questions about GDPR.
If you gather data online, you’re responsible for managing that data well, with clear purposes and with a darn good reason why you have it.
This would include: email opt-ins for newsletters or freebies, IP address tracking through Google Analytics, a Facebook Pixel for advertising online, the works.
If there’s a chance your site would serve anyone in the European Union (EU), whether you’re marketing directly in that geographic region or not, it’s best to understand the General Data Protection Regulation (GDPR) guidelines (the best you can!) and put measures in place to become compliant.
We read through this phenomenal article by Smart Blogger and wrote up some go-to tips for building GDPR compliance into your business. It’s a great article — seriously — and we recommend taking the time to read through it yourself, so that you can be on top of what the new regulations require.
“A US-based [site or blog] can be caught within the scope of the GDPR if it in any way targets consumers in the EU.” - Smart Blogger
The best you can do is inform yourself, become somewhat familiar and then make an effort to meet the requirements the best you can. If that means talking with a lawyer to make sure you're good-to-go, that's a great idea!
7 Changes You Can Make Toward GDPR Compliance Today
01 | Know What Data You’re Tracking Online
Are you delivering opt-in freebies, tracking users through Google Analytics or have a Facebook Pixel embedded on your site?
These sources collect data to make things happen. We like when things happen!
But before you go thinking you’re “not tracking data” online, you probably are. I’m going to refer you to this article again, so you can learn more about Google Analytics and website hosting compliance issues. Especially if you use WordPress, be sure to review this article to make sure your site and plug-ins are managing this data responsibly.
03 | Be Clear About How You’re Using Someone’s Data — Like, Very Clear — From the Start
If you’re giving someone a free report in exchanged for their email address, but you’re also adding them to your email list, make it crystal clear at the site of opt-in.
Smart Blogger says,
You must only use personal data for the specific purposes that you have declared.
Closely related to the concept of transparency, this principle demands that you may not collect data for one purpose, and then go on to use it in a different way.
Let’s take the example of a “Sign Up to Receive This Free Report” offer.
On the face of it, the individual is providing their email address so that you can send them the report. That’s it.
You cannot then add their email to your mailing list and send them other promotional material unless you’ve made it clear at the point of sign-up that that’s what you intend to do.
Go to each of you opt-ins and add language or additional check-boxes to clarify that they understand what they’re signing up for.
04 | Use the Double Opt-in Feature for All New Subscribers
Similar to the last tip, you’ll want to make it clear that new subscribers are joining your mailing list when they agree to join your email list or download an incentive.
Social Blogger says, “Double opt-in requires the individual to confirm their initial request before their data is added to your mailing list. It will also usually give you a means of demonstrating when consent was given.”
Make sure that any new sequence subscribers are required to receive a double opt-in email to confirm their subscription before they get added to your automated sequence. This feature should be easy to implement with your email service provider, like MailChimp or ConvertKit.
05 | Ask Your Current EU Subscribers to Confirm Their Consent
Send an email or two to existing EU subscribers on your list asking them to update their consent — this can send them to a landing page where they’ll be sent a follow-up confirmation email (the double opt-in) to make sure they’re all good to go.
If subscribers don’t confirm their consent, remove them from your list.
06 | Get Rid of Extraneous Personal Information
If you’re selling something online, great! If you’re delivering a freebie, awesome! But if you’re holding onto extra personal identification data that you don’t need to make those things happen — like more than their name or email address — you’ll want to delete that information or unsubscribe those contacts.
It’s one thing to have someone’s name and email address, but do you need their birthdate or physical address saved too?
07 | Remove Old Email Subscribers
If you’ve been collecting email addresses for a while, for whatever purpose, it’s always a good idea to do a little Spring cleaning of your list.
Smart Blogger says, “You must take all reasonable steps to ensure that any data you collect is accurate and kept up-to-date...Periodically checking your list and removing bounced addresses is highly recommended.” The longer you have emails on your list, the higher the likelihood that those email addresses or personal information is no longer accurate or up-to-date.
On a marketing note, removing “cold subscribers” from your list is also just a good way to make sure your email list is healthy. It also helps improve your open and click rate if your subscribers are only active readers.
For more information on GDPR, here are articles you can read to learn more: