What is GDPR? And are you wondering if it affects you as a blogger?
Well, they most likely do. And in this article, I will explain what GDPR is and how it pertains to us bloggers.
Disclaimer: I’m not a legal professional nor do I play one on the internet. Consult an attorney to make decisions for your blog/business related to GDPR.
Side note: Yes – this is a long article. If you'd prefer to be lazy, you can jump to my summary for lazy people at the end in the form of an infographic.
Don't worry, when I say lazy, I say it with love, lol.
It's the buzzword these days – privacy. Everyone wants it, but nobody seems to have it.
Sites like Facebook seem to throw privacy out the door with the baby and the bathwater.
So many news agencies are up in an uproar over Cambridge Analytica. Russia seemingly undermined the U.S. elections.
What's a country to do? Well, the continent of Europe has decided to do something big, and it's called GDPR.
GDPR stands for General Data Protection Regulation. According to the GDPR website, the goal is “to protect and empower all EU citizens data privacy and reshape the way organizations across the region approach data privacy.”
In simple terms, Europe wants their citizens to have more control over how and when companies use their personal data.
Back in 1995, Europe established the Data Protection Directive. This had some general guidelines for data protection.
But every European state could create its own local laws based on the directive. As you can imagine, this resulted in a messy situation with laws that were difficult to enforce.
Some states had very strict privacy laws. Others were more lenient.
The EU parliament wasn't feeling this and wanted something more uniform.
So on April 14th, 2016 they approved the GDPR, and the world turned upside down (hat tip to the Hamilton soundtrack).
There is one HUGE difference between the GDPR and the data protection directive of old.
The GDPR governs ALL member states.
The GDPR affects any blogger who collects any data from EU citizens.
It doesn't matter if your blog or business is in Europe or Timbuktu.
Let's say you're building an email list (which you should be doing). If you collect ONE email address from ONE EU citizen, the GDPR applies to you.
In other words, if you're a blogger, it's safe to say that it applies to you.
I mean – I'm an EU citizen (bet you didn't know that). If I'm on your email list and you don't uphold the GDPR, I can probably report you ;).
So what exactly does this mean for you? I'm Glad you asked.
This is one of the most significant tenets of the GDPR. They are very explicit in their statements on how you should get consent.
Let me make it clear for you. Let's say you're collecting email addresses to build your email list. Make sure to follow these guidelines:
It is now your responsibility to be able to prove that you have consent. You have to keep a good record of this.
Fortunately, good service providers are aware of these changes. They should be taking steps to be compliant. To be on the safe side, check with your email service providers to see what they are doing.
I use Drip. They are aware of the situation and working on making sure that they are compliant by the deadline.
But it doesn't end there. You are the one that needs to make sure that everything is being done to meet the regulation.
So Leslie, what about my existing email subscribers? Surely I don't have to do anything about them since they subscribed before the GDPR took effect. Right?
Based on the GDPR, you have to bring those subscriptions up to the current standards.
If the EU citizens on your list have not given the kind of consent required based on the GDPR, you have two options:
How do you know if you have EU citizens on your list? Most email service providers will allow you to search by Time Zone.
In Drip, you can search for anyone with a Time Zone in Europe.
Just to give you an idea, I have 16,880 people on my email list. 1,507 of those people are in European time zones.
But this doesn't account for EU citizens living outside of Europe.
I know – it's tempting to think this. I mean, what's the big deal? Nobody's coming after me, right Leslie?
Well, they are taking this seriously. Not following the regulations can lead to some pretty significant fines.
How big? Up to €20 Million, which is almost $25 Million US, or 4% of global annual turnover – whichever is HIGHER. I read that and chuckled.
The exact thought that came to mind was – DANNNGGGGGG, these EU people are SERIOUS.
And yes – they are. Will they come after you? Technically, they can. But I would imagine that coming after small bloggers would be quite an undertaking.
Yes, this is a HUGE change for the industry. Yes, the requirements are stricter. But you know what?
I LOVE IT!
Does it make it harder to grow your email list? Yes. But I believe it gives you a much higher quality subscriber.
Instead of using shady tactics to boost our subscription rates, we have to do it by providing value.
So I won't complain about the GDPR. Instead, I will embrace it as an opportunity to up my game. I look at it as a challenge to become better at what I do.
And I always love those kinds of challenges.
But it's not all about me.
What are your thoughts? Let me know in the comments section below.