So you might have seen the phrase “GDPR” tossed around a lot recently…and the biggest things all marketing people (and bloggers!) seem to be asking is “What on EARTH is GDPR compliance? Does it affect me? If so, what do I need to do?? We’re answer ALL those questions and more today! Read on…

GDPR compliance for bloggers and marketers
Pin me, it’s…important?

May 6, 2018 UPDATE: THE FOLLOWING PARAGRAPH IS IMPORTANT for further GDPR compliance:

It has been pointed out to me by several people that most GDPR experts ARE recommending that we take specific action with regards to our existing list.

This stinks.

Click here to check out Amy Porterfield’s podcast interview (w/ transcript) on the subject, and I’ve updated the bullet points below to reflect their opinions! Read on…

May 7, 2018 Update: There’s a COOL deal on Appsumo right now for a nice looking “GDPR Tracker.” Might be worth checking out for $49.

May 24, 2018 Update: I just sent my GDPR consent email to my subscribers via ConvertKit, see below!

This was incredibly easy, as ConvertKit now has a feature to locate/segment/tag your EU subscribers!

I used CK’s FAQ guide here, which includes email copy, and a way to link to the consent page. (Hint: You can just use {{ gdpr_consent_url }} where you would usually type in a URL, and that links to the consent page. Sweet!)

Here’s my email copy:

my gdpr email
The link uses that “liquid” code above.

Disclaimer:

Pete McPherson cannot be held liable for anything you do. I am NOT a lawyer or a GDPR expert, nor do I pretend to be one on the internet.

The following is simply a summary of my findings on the subject. Consult with an attorney for your business for proper legal advice.

Listen to this post via podcast or YouTube video


or listen on \\ iTunes \\ Stitcher \\ Google Play \\ Overcast \\ Spotify


To be frank, the topic of GDPR is boring as all get out (and apparently “all get out” is a lot so I’m told).

So in an effort not to fry your brain, I’d like to do the following:

  1. Present you LINKS for the uber boring technical and legal speak
  2. Just boil things down in plain english for this post.

You cool with that? I thought so.

what is gdpr
Good question Fred.

What is GDPR?

The General Data Protection Regulation (GDPR) is a digital privacy regulation being introduced on the 25th May, 2018. It standardizes a wide range of different privacy legislation’s across the EU into one central set of regulations that will protect users in all member states.

And here’s what that means in english:

Anybody who collects data from people living in the EU needs to put in place more privacy settings.

Furthermore, this isn’t “suggestion,” this is LEGALLY BINDING stuff…meaning if you don’t take certain measures to comply, you’ll be doing illegal things.

And illegal things are bad, especially when it concerns our business 🙂

Frequently asked questions for bloggers:

1 – Does GDPR apply to bloggers who mainly write for non-European audiences?

Actually, it applies to ANYONE who will have EU people on their email list! Doesn’t matter the audience you write for…if you have EU folks opting in…this GDPR stuff is for you.

2 – What do I need to DO to be compliant for GDPR before May 25?

4 things!

  1. Enable GDPR opt-in forms in your Email Service Provider (ConvertKit, Mailchimp, Drip, Aweber, etc)
  2. Make sure your INTENTIONS are explicitly clear on ALL your opt-in forms and landing pages.
  3. Don’t collect irrelevant data from subscribers 🙂
  4. Make DANG SURE all EU folks on your existing list have given you proper content (see below for more)

For now, that’s your only to-do list.

3 – What do you mean by “make sure my intention is clear?”

Anybody who uses your opt-in forms should KNOW what they’re getting themselves into, and you need to tell them!

Example: If they’re signing up for a free PDF, and they will ALSO be added to regular email communications…you’ll need to make that clear before they opt-in!

Two ways to do this:

  1. Add a sentence like “You’re opting in the weekly Do You Even Blog newsletter!” or something like that.
  2. Add this language to your double opt-in confirmation email.

If you don’t want to add it to the forms, you can use language like this in a double opt-in email.

Make it clear what they’re actually signing up for. That’s all.

HUGE UPDATE: My friend Ross works on GDPR, and corrected me on this!

From the ICO, “Avoid making consent to processing a precondition of a service”. We’ve been told that we can’t make signing up to a mailing list a requirement to receive something (a free PDF, a discount coupon, access to a course/site or whatever).

Requiring someone to receive an emails they may not want in order to receive a book/coupon/whatever that they do, is apparently not OK. It’s a massive pain as everyone does this.

4 – I use [fill-in-the-blank] email marketing platform, what do I need to do?

GDPR Compliance for ConvertKit

Here is the ConvertKit article detailing how they’re complying, and a full feature list!

GDPR convertkit compliance
Enable this in your CK account settings page

For now, just make sure the “intention” thing is clear, then go enable this!

GDPR Compliance for Mailchimp

Here is a blog post from MC explaining all their new GDPR tools!

mailchimp gdpr compliance
customize yo Mailchimp forms for GDPR 🙂

Pretty easy!

GDPR Compliance for Drip and Aweber

Here is Drip’s article and guide 🙂, and here is Aweber.

Easy enough.

5 – Do I need to RESEND opt-ins or a confirmation email to my existing list?

In general, no. You do not.

WARNING: This does assume, however, two things:

  1. You got their permission to be added to the list in the first place…via opt-in, etc
  2. If you can’t show evidence people gave clear consent to receive your crap, they’re not valid.

Here’s what my friend Ross says again:

You don’t need to just have got their permission, you also need to be able to demonstrate it. We’re being told that any email list that wasn’t double opt-in and, thus we can not prove they have opted in on purpose, is not valid.

The interpretation we’ve been given is that if you can’t show evidence of opt-in, it’s not valid.

Submitting a form without explicitly checking a box saying you wanted to receive emails would not be considered opting in, and without the double opt-in it’s hard to see how you could ever prove this. If you’ve ever moved mailing providers this becomes harder still, as there is a good chance that data like that wouldn’t come over.

In fact, MOST authorites on GDPR are saying that we DO need to…

  1. Segment our email lists into EU and non-EU people
  2. Send a “reengagement” campaign to the EU people to get their explicit consent.

This sucks.

If it sounds really annoying, that’s because it is.

6- If we are brand new, does GDPR have impact on us? Or does it really only matter once you are selling products?

If you plan on letting anybody from the EU subscribe to your stuff, it matters. Age doesn’t. Products doesn’t. (However, if people are getting on your email list via buying a product, you need to make your intent clear! Tell them they’re ALSO getting on the regular newsletter!

7 – What if I’m collecting peoples’ data in another way (outside an email marketing list)?

I CAN’T HELP YOU. Please check out this article for further info there…

This particular article is geared towards email marketers and bloggers who open their communications to people in the EU. That’s it.

But in general, the GDPR laws DO apply to tons of other ways that we interact with people in the EU…and their data.

This could be contact forms on your website, or even a comments plug-in (*COUGH Disqus).

Conclusion

Here’s what you need to do RIGHT NOW:

1 – Go to your ESP and enable GDPR compliant forms! It’s so simple. No reason not to do it.

2 – Make sure you’re clear to any potential subscribers WHAT they’re getting themselves into.

Here’s what I’m doing, personally.

  1. I use ConvertKit religiously, so I enabled the GDPR checkbox on my forms 🙂
  2. Next, I am updating ALL of my landing pages and forms to be double opt-in, and reworking my confirmation email to be explicitly clear what subscribers are signing up for.
  3. I’m witty and snarky, so the email copy won’t dissuade people from joining (at least not from a GDPR standpoint. They may because I’m witty and snarky).

That’s pretty much all bloggers need to know about GDPR Compliance.

Wanna see my new GDPR-ready opt-in language? Use the form below 😉

Introducing the world’s most honest email opt-in box:

We’re not spammy digital marketers.

We know you get a ton of blogging newsletters already.

We’ll be emailing about once a week, with very few sales, if ever.

By opting in here, you agree to receive SINCERE, transparent, value-adding, non-spammy, exclusive content that WILL 110% help you grow your blog.

We’re fired-up about blogging, and our emails won’t disappoint.



Join the Conversation

20 Comments

  1. This is very helpful, thanks Pete! I heard about it and was starting to research it on my own, but I appreciate that you’ve given me the info to make the change easier.

  2. I’ve been trying to decipher what exactly needs to be done, and you’ve made it very clear and easy when I thought it was more complicated. In the same vein, Google 360 has sent me an email about GDPR and I think what it’s saying (in the most complicated way possible) is that I need to agree to their new data processing terms and give my contact info. Does that sound about right?

    1. oh man Gary.

      I have been hit with soooo many of those “agree to our new stuff” prompts as well.

      I’m no expert on Google 360, but I’ve personally just been casually saying “I agree.” Not sure if that’s good or bad.

      Just lazy. 🙂

  3. Hi Pete, great video, thank you so much. One question- do we not need to add one of those cookie pop ups on our site? I thought we had to for GDPR but hopefully I am wrong.

    Thanks so much, Gemma

  4. That is a bit silly and specific of an EU law, they must not have enough problems ? I started putting my unsubscribe link at the top of the email like you did Pete. Great idea, super convenient for people who had enough. I think they should just make unsubscribe link first on top mandatory, not this whole opt in & prove it nonsense.

    1. hahaha that’s EXACTLY what I first thought when I heard about this. And I actually totally agree. I think unsubscribing should be handled by Outlook, Gmail, Apple Mail, etc. COMPLETELY.

      I.e. give companies zero control over this, and put it in the hands of the users. Just me though apparently.

  5. So if I were to have a freebie + add someone to my mailing list, do I need to have a checkbox for people to click to opt in to my additional emails? Or is a sentence saying that they will get additional emails is enough? Thank you!

  6. If people are just giving me names and email addresses, how do I know if they’re from the EU? Do I need to send an email to ALL my subscribers to re subscribe just in case?

    1. It’s a bit unclear for most email platforms right now. As of May 2018, I think they’ve all STATED that they’ll be adding features that can pick out which of your subs are from the EU (using IP addresses I think).

      ConvertKit has definitely said as much, but as of today it’s not implemented yet.

      Pretty much EVERY platform is recommending a “reengagement” campaign to EU subscribers, though it’s also a bit unclear what that actually means lol. Some people are simply removing EU subs from their list 🙁

      I wish I had a better answer for you Monica 🙁

  7. Thanks for sharing wonderful information, But European Union forcing the companies to intensify privacy-specific policies, instead of implementing a separate GDPR-friendly policy for EU countries.

Leave a comment

Your email address will not be published. Required fields are marked *