It’s been a year and a half and if you’re like me, GDPR can still be confusing!
The EU passed the GDPR legislation in 2016 and most of the blogging community completely ignored it until 2018 when it went into effect. The mass freak out mode (including myself) was a real thing.
Here we are a year and a half later and we are still trying to navigate the ins and outs on these (seemingly) complicated rules when it comes to GDPR compliance. Fortunately, the Inbox Besties community has licensed and practicing attorney and GDPR guru Mariam Tsaturyan in our corner to help us get (or stay) compliant.
What is GDPR Anyway?
First, lets talk about what GDPR is. GDPR stands for “General Data Protection Regulation” and is viewed as the worldwide model for internet privacy & consent regulations. A number of other countries have adopted similar laws and we are starting to see the US join in with data protection and privacy legislation recently passed in California.
It’s important to note here that just blocking EU countries or other countries that have similar legislation in place isn’t a “fix”. There really isn’t any short-cut to this. If someone is using a VPN or for some other reason, their location data isn’t accurate, that visitor may slip through the cracks and make it to your site – even if you’ve blocked that country or location.
What GDPR does is regulate how websites can use and collect user’s data such as their name, email address, phone number, location and any other information that can be used to identify that user. These laws apply to anyone who owns and operates a website – from small business owners and bloggers all the way up to multi-billion dollar companies.
Even if you don’t personally collect information from your website traffic or have an opt-in box at all, simply having any analytics (like Google analytics) or a Facebook pixel embedded on your site means that your site is gathering data with cookies and should be GDPR compliant.
Basically, if you have a website, you need to be GDPR compliant.
It’s better to err on the side of safety than to put your business or yourself at risk for legal troubles down the road.
When your website is GDPR compliant, you’re giving your visitors the choice to:
- Be on your list (or not)
- Have their data transferred (or not)
- Receive additional emails once they get their free download (or not)
GDPR Pop-ups and Consent Notifications
One of the first (and easiest) things to implement is a pop-up or notification that lets your website or blog traffic know that you use cookies or other methods to collect users’ data. I’m sure you’ve seen these pretty much everywhere now. It’s usually a little bar at the bottom that says something like “We use cookies to enhance our user experience and make improvements on our site. That means we might collect data for tracking and analytical purposes, as well as third party information.” Then you’ll see a button for your visitor to accept or decline consent.
What this does is gives your visitors the choice to consent to cookies and other analytics – which is really the core of all GDPR regulations – choice & consent.
With WordPress, you can easily add GDPR consent notifications with plugins like GDPR Cookie Consent or GDPR Cookie Compliance. If you’re using Wix or SquareSpace, you may want to contact customer support for options specific to those platforms.
Terms & Conditions, Privacy Policies and Disclaimers
An often overlooked facet of GDPR regulations is your “small print” sections of your website. You’ll see these links at the bottom of most websites that usually say “Privacy Policy” “Terms & Conditions” or “Disclaimers”.
There ares specific terms that you, as a website owner, must use to comply with the California and EU GDPR regulations. You must specifically explain, in simple terms, exactly how your visitors data is collected, how you intend to use it, how long you store their data and more.
The easiest way to take care of this is to invest in a template. Mariam has several you can purchase in her online shop or you can hire her for a Legal Audit to address any of your concerns in your disclaimers and waivers.
Landing Pages & Opt-In Forms
When GDPR was signed into law, a lot of people (including myself) were bundling in the GDPR consent with opt-ins, saying something like “by signing up for this free gift, you will also be added to our weekly newsletter”. While that may have seemed a good idea at the time, it turns out that this practice is NOT compliant with GDPR regulations. Bundling consent is a big no-no.
While attorney’s are disagreeing on just how much consent your visitors are giving when they sign up for your free gift, Mariam’s professional opinion is that when your people sign up for a free gift, they are expecting you to email them with information on how to access or use the free content only. You do not have consent to send them any other emails.
On your landing pages or opt-in forms, some email service providers have a GDPR option with a check box or radio button that your visitors can click to be added to your regular email list. If your new subscriber chooses to opt-in for additional emails, then and only then do you have permission to email them after you have delivered your free gift. This radio button or check box has to be optional in order to be compliant. That means that even if they don’t consent to be added to your main list, you still have to give them the free gift you’ve promised on your landing page or opt-in box. Without the additional consent, you can only email them with the free gift.
Unfortunately, email service providers have been a little slow when it comes to keeping up with these changes. Not all email service providers have this additional consent option available. There are a few plugins and workarounds if your email service provider doesn’t already have a solution but those are a little too technical to get into on this post.
The easiest way to be in compliance with your opt-in pages or landing pages is to have a double opt-in set up. On the confirmation email or the gift delivery email, you can have a link to the free gift you’ve promised as well as an additional button or link that says “please add me to your newsletter” or something to that effect.
Be careful that your email provider doesn’t automatically assume that your new subscriber is subscribing to ALL of your lists. When someone signs up to receive a free gift, without additional consent they are not signing up for your regular newsletters or any promotional emails.
Video Series, Multi-day Challenges and Other Multiple Email Situations
Multi-day challenges, video series or other situations may require you to send more than one email when someone opts in for a freebie. For example, if your freebie is a “5-Day Fit In Your Skinny Jeans Fitness Challenge”, you don’t want to send all five days worth of challenge content in one email do you? Of course not. So what’s the solution?
Under GDPR guidelines, you are allowed (actually required) to deliver what you promised. So if you promised a 5-day email series, they are fully expecting to receive those five emails. You just can’t send any additional emails in between or afterwards.
One of the advantages of offering a multiple email opt-in like a video series or challenge is that you have more opportunities to offer them the option to receive more emails. You can put a little love note in your PS section that says something like “If you want more information on XYZ, click here to be added to my regular newsletter”. Just make sure you have a link-trigger set up to add the people who click to your main list. If you’re not sure how to do this, your email service provider will have resources to show you how (it’s easy!)
If, at the end of the email series, your new subscriber has not consented to be added to your main list, you cannot email them after you deliver the emails that they signed up for.
Where Do You Draw the Line After Delivering Your Free Gift?
You can pitch a product as part of your emails by providing a link. Your people will have the choice (key word there) to click on the link or not. This does NOT give you permission to add them to a full on sales funnel email list but you can mention your offer and give them the option to click on the link to learn more about the program and giving you consent to email them about your offer.
This would look something like this:
“Here’s the link to your free resource. By the way, you will not receive any more emails from me unless you click this link. If you want to learn more about my awesome product, click this link and I’ll share that information with you.”
You should always give them the choice and be completely transparent about what your intentions are. The more transparent you are, the more compliant with GDPR you are going to be.
GDPR Sandwich Pages (and other technology)
Some email service providers have an option called a “sandwich page” that automatically adds an additional consent page specifically for EU and other GDPR affected areas. There is also location detection software you can use to do the same thing.
Unfortunately, as mentioned earlier, these are not always reliable. For whatever reason, your visitor’s IP address may not register properly, their location may be turned off, they may be visiting another country… and in these cases, people may slip through the cracks.
Workarounds are not the best practice and will only cause you to have to do more work in the long run.
From Mariam’s experience, Malierlite has the best options for GDPR if you just want to use what is already in place with your email service provider’s software.
You can make any system work for you and be compliant if you’re willing to be creative and reach out to your email service provider’s tech support to make sure you’re good to go.
What is the Easiest Freebie to Offer and be GDPR Compliant?
Here’s the god news. It doesn’t make a difference! That means you don’t have to change up your marketing strategy or invent a whole new freebie to stay in the GDPR good graces. It’s all about delivering the freebie, being transparent and giving your subscribers the option to opt-in to other emails (or not).
The trick is not to send any other emails before, during or after you deliver their free gift. You only have permission to send them the freebie that they signed up for. That means you don’t have permission to follow up or check on them, send them your regular newsletter or send sales emails (unless they have expressly consented to receive them). You are not allowed to send any emails except the actual information they have requested.
Final Thoughts and Tips for GDPR Compliance
Start with your radio buttons or check boxes on your opt-in forms and grow from there. Don’t be intimidated or make it more complicated than it really is.
One of the benefits of implementing GDPR protocols on your website is that your subscribers will actually be interested in the information you have to share. They will be warmer and more receptive to offers and sales you talk about in your emails. Plus, you’ll save money if your Email Service Provider bills you according list size!
Doing thing the right way makes life easier because you don’t have to worry about workarounds (which can fail), tech glitches or applying complicated location-based filters. Not only that, you’ll know that each and every subscriber is genuinely interested in what you have to say. It might mean that your list is slower to grow but it will be filled with your biggest fans!
// Tool of the week: ConvertKit
The ONLY email service provider created by a pro blogger for pro bloggers. From free stunning to landing pages to “smart automation” to the ability to track when subscribers become customers all with an easy to use interface. Convert Kit is truly a new bloggers’ best friend. And you get an exclusive 30 free trial so you can get a look under the hood and see how much easier Convertkit is than your current email service provider. Head over to https://kd.ritaester.com/ck to get your hands on this exclusive offer for Inbox Besties listeners.
DON'T WORRY ABOUT WHAT TO SEND YOUR LIST UNTIL 2023
Subscribe & Review in iTunes
Are you subscribed to Inbox Besties? If you’re not, you’re missing out on a bunch of bonus free resources and behind the scenes action I’m not sharing any where else (including this blog). So be sure to subscribe in Itunes // Stitcher // Spotify now.
