If you've got a blog going, or even if you've been thinking about starting up a blog, then you need to know the current regulations. The General Data Protection Regulations (GDPR) is big — one of the biggest changes to hit the blogosphere in a decade. While a quick search on Google may have you convinced that GDPR only affects people in the United Kingdom or in the European Union (EU), in reality, GDPR reaches far wider. It has a significant effect on US bloggers, influencers, and businesses as well as other countries.
So let's break this down to see just how does GDPR affects US Bloggers and small business owners.
What does GDPR Stand For?
GDPR stands for General Data Protection Regulations — and it means exactly how it sounds. It is a set of regulations aimed at protecting the data we collect from our UK and EU audience. While there are already laws in effect in many countries, including here in the United States, that require data protection, the GDPR will create uniform regulations to ensure the rights of UK and EU citizens are protected no matter where the business on the other end of their Internet connection is based. In a nutshell, the GDPR will regulate:
- How you store and protect the data you collect
- How easy it is for people to find the data you store on them
- How you will edit and correct any data that is no longer accurate
Does GDPR affect US?
GDPR affects anyone who collects personal data on any person living in the UK or EU. This means that while you may be living in the United States if any person from the UK or the EU sign up for your newsletter, you need to be GDPR compliant. As a direct seller, your company will likely be affected by GDPR if any of their site visitors are from the UK or the EU.
Set and Reach Your Goals with the Ultimate Goal Setting Guide for Direct Sellers!
Grab this and more when you sign up for the **FREE** Ultimate Direct Sales Starter Kit!
What is Personal Data?
The term “Personal Data” refers to any piece of information that can be used to identify an individual. Sharing our personal data online has become second nature. We hardly think about it anymore: want that free ebook? Enter your name and email address. Want to sign up for that class? Name, email address, and credit card information. That lipstick you want to buy? Name, mailing address, email address, and birthday.
I'm just a Blogger, I'm not Even Selling Anything
GDPR doesn't only apply to businesses selling products or services, it has to do with collecting data. And as a blogger or influencer, you do collect data from your visitors. Chances are, you don't collect as much data as other businesses do. The good news is, as a blogger, if you're currently compliant with your local US privacy laws, then it won't be a huge jump for you to become GDPR compliant.
For example, you probably already have a privacy policy that details how you handle and store data from your audience (and if you don't, then you need to get working on that right away). Which means you can go in and amend your existing privacy policy to bring that into GDPR compliance.
What Does my Privacy Policy Need to Say?
Your privacy policy doesn't need to be big and scary and filled with legalese to be compliant with the GDPR laws. In fact, it's probably better if you stay away from legalese altogether. GDPR compliance is about transparency and data handling. The easier your privacy policy is for your audience to understand, the better.
- letting people know you are collecting data
- the type of data you are collecting
- how you will be using that data
- how they can see the data you have on them
- how they can request for you to change or delete the data you have stored on them
What About my Newsletters? Do I Need to Rebuild my Email List?
Good news: as long as everyone currently on your newsletter list consented to be on your list, you don't need to rebuild. However, the consent must have been received separately from all other requests, and not made a condition to receive other products or services (unless being on your newsletter is necessary for those products and services). It must also be an active consent, meaning that it didn't happen because a checkbox was pre-filled in on your form. You must also provide an easy way for people to unsubscribe from your newsletter. Finally, you need to be able to document what each person consented to, how they consented, and when.
I Used Lead Magnets to Build My Email List, Will Those Count?
If you used a lead magnet to sign people from the UK or the EU up for your newsletter, they must be removed from your newsletter list unless the consent was issued separately and actively. The only exception is if a emailing list is necessary to deliver the content of the lead magnet (but even then, if they don't consent to receive further contact from you after receiving the content of your lead magnet, you cannot add them to your newsletter list).
For example, if you are offering an ecourse as a lead magnet, you will need two checkboxes for consent: the first to receive the ecourse through email, and the second to be added to your main newsletter. If someone does not consent to the newsletter, you can email them their ecourse, but you will not be permitted to transfer their data to your main newsletter list nor will you be allowed to contact them again outside of the scope of that ecourse.
What a Pain!! I'm Just Going to Stop Doing Business in the UK and EU.
That is an option — but that's not necessarily going to stop you from having to be GDPR compliant. If you use any software that collects personal data, including Google Analytics, then you must assume some of your visitors are citizens of the UK and the EU and you must make sure your privacy policy and data handling policies are compliant to avoid fees and penalties.
And besides, with data and security such a hot topic, trending reports suggest that similar laws will soon be in effect even in areas outside of the UK and the EU: so getting compliant now will put you ahead of the game.
How many Countries does GDPR affect outside of the EU?
As of right now, it doesn't affect any countries outside of the UK and EU. It is to protect the citizens within those countries. If an UK or EU person is living outside of those countries, they are not protected under GDPR.
How can I tell if I'm Compliant?
There are a few things you can do to make sure you are compliant:
- Check your current data handling technology and make sure it is secure. If it's insecure or vulnerable to threats, take action to secure it.
- Check with your Email Marketing Service Provider (EMSP) to see if they are doing anything to help you through this process. Many providers announced that they were segmenting UK and EU subscribers for you, and were helping their users bring their newsletters into compliance. See what yours has offered to start making the necessary changes, if any.
- Review your privacy policy and make updates to include the main factors listed above.
- Document everything. If your compliance is ever called into question, you will need to be able to provide such documentation showing the updates and changes you made, when people signed up for your services, what they were told they were signing up for, etc.
- When in doubt, find a lawyer well-versed in international law and GDPR specifically.
When you hear phrases like General Data Protection Regulations, fines, and laws, it's easy to panic. But broken down, the GDPR is really only a couple steps up from anything you're already doing as a responsible blogger, influencer, and small business owner. Handle personal data with respect, only collect what you need to do your job, and be transparent about your process.
#EmpowerSocial
Thanks for this breakdown. Simple and sweet. I appreciate it.
Thank you- I appreciate this breakdown. It’s extremely helpful.