Over the past few weeks, your email inbox has probably been bombarded with messages from companies claiming they’ve updated their privacy policy. This flurry of activity is related to the new European Union law that went into effect May 25th called the General Data Protection Regulation (GDPR). This new law was designed to protect the personal data of European citizens from being harvested and used unethically.
According to the European Commission, “personal data is any information relating to an individual’s private, professional, or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.”
This new regulation is meant to curb the way companies gather and use data from people who visit their websites. However, since many American companies do business in Europe, this new law has direct consequences in the United States. In fact, Facebook and Google were hit with over $8 billion in lawsuits two days after GDPR went live. Other suits are sure to follow. Time will tell who wins and the overall outcome.
If you’re an author, publisher, or non-profit, how does GDPR affect you? If you conduct transactions with anyone in Europe, such as readers, book buyers, or donors, you need to comply with the new law. Let me be the first to say that I’m not a lawyer and do not take this information presented as legal advice. If you have concerns about compliance with the new regulation, talk with a qualified attorney.
However, if you’ve followed my newsletter for any length of time, you know that I recommend building your email list as a powerful marketing asset. Email marketing has regularly proven to outperform social media and online advertising at driving sales. Therefore, you want to build your email list, but in a way that complies with GDPR.
Here’s a breakdown of GDPR’s effect in layman’s terms. Building an email list is perfectly legal and fine. However, there are proper and improper ways to add people to your email list. Below are some examples:
Proper ways to build your email list:
- Ask people to specifically join your email newsletter
- Offer free giveaways as an incentive to specifically join your email newsletter
- Make it clear people can unsubscribe from your email list at any time
- Only send emails related to the reason people signed up in the first place, such as receiving your e-newsletter, new book release details, and updates
- Offering a written privacy policy that details how you treat personal data with care
Improper ways to build your email list:
- Adding people to your email list without their consent
- Asking people to join your email list without describing what they’ll receive
- Buying an email list from a third-party without having those people’s consent
- Sending unrelated emails that people didn’t want or expect to receive
- Not allowing people to unsubscribe from your list whenever they want
- Failing to display a privacy policy or selling your email list to a third-party
As you can see, there’s a big difference between properly and improperly adding people to your list. When you do it properly, people join your list with their consent and understand what they will receive in the future. You make everything clear up-front and avoid being unethical.
In contrast, adding someone to your email list without their consent, making it difficult to unsubscribe, and failing to explain what they’ll receive in the future can cause a failure to comply with GDPR.
Here’s the bottom line: Don’t be a jerk.
Don’t be a jerk and add people to your list without their consent. Don’t send emails that only promote your stuff and lack real value for the reader. Don’t make it hard for people to unsubscribe. Instead, respect people’s privacy, respect their expectations, and respect their decision to leave if they choose.
GDPR occurred because too many marketers and too many companies were being jerks. They felt entitled to gather people’s personal online data and do whatever they wanted. I’m grateful the EU decided to do something about this worldwide problem. Now that you’re aware of GDPR, take steps to comply with new law on your website and protect people’s personal data. Sometimes, the best way to improve your marketing is to treat customers with the respect they deserve.
Note: If you need examples of a well-crafted privacy policy and website cookie policy written for GDPR, check out the links above from British author, Mark Dawson.