What do you need to do for the GDPR as a small business owner?
Before I go any further, I am not a lawyer. This is NOT legal advice, rather a reference post designed to share with you what we have found you need to do. For your specific business, please consider consulting your business attorney to ensure you have done everything you need to do.
Last week, Kelly Parker Smith of Hello World Paper Co and the Creative Biz Rebellion and I were working through everything with this and once we realized we were both doing it, we teamed up together so that we could help each other out, sharing links to articles we found most helpful back and forth. So today, we wanted to share what we found that helped us with you, from sources we trust and ones that were written in a way we could understand.
This is a lengthy post but we hope you will find it helpful. If you have any questions, please comment below and we will answer as we are able to.
The GDPR is short for the General Data Protection Regulation, which is a regulation created to give citizens and residents residing in the EU control over their personal data and be more aware of what personal information people and businesses are collecting when they visit their website. For an in-depth explanation, see this page here.
This also is something that needs to be addressed if you have an email list, making it clear of what people will receive if they request the free download, and you need to give them the option to be subscribed to your email list. Gone are the days of offering a freebie on your blog or website and simply adding them to your list automatically, you now need to ask for permission to do so with an additional checkbox in an opt-in form.
The countries that are in the Eastern Union are Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK.
Basically, this is something that applies to anyone who
(a) sells to the European Union, or
(b) markets to people in the EU. This includes if you accept their currency if they buy from your shop or
(c) if your website is available for anyone in these countries to view.
Now you may be reading this and thinking “I don’t have clients there, I only market to people in the US.” BUT - if your website is able to be accessed by anyone in these countries, yes, this applies to you.
You may also be reading this and thinking “I don’t sell anything to those countries, I only sell to shops in the US." But again, if your website is able to be accessed by anyone in these countries, yes, this applies to you.
A lot of people have been telling me that this is stressing them out, that they’re reading more information than they can process, and I do want to note that this is not something that needs to stress you out, it’s just simply something that needs to be done for every single business owner who has a website. Depending on how much you have to do, I would recommend to set aside anywhere from 1-5 hours this week in order to do what you need to do.
For the remainder of this post, we are going to keep it reference-based - we hope that it helps you!
To learn more about the GDPR in general, here are two places to start:
- Amy Porterfield - listen to this podcast episode or read this transcript from the podcast episode, where she interviewed Bobby Klinck and they shared the most information in the easiest way to understand
- April Bowles of Blacksburg Belle - this is an FAQ post filled with details, and is where we received the most information that we were looking for and are sharing with you today.
- If you want to take a free online training course to learn everything you need to, here is a free and short one for you to work through.
By Friday, May 25th of 2018, you need to make sure that you have and do these things:
(b) GDPR Compliant opt-in forms for people who can be added to your email list on your website
(c) go through and segment/email those who are already on your list who live in the EU
(d) a Cookies pop-up notification on your website
Now you may be thinking, meh, "I don’t need to do this." The fact is, that yes, yes you do. Every single person who has a website, no matter where they are located in the world, needs to have these things up. Even if you’re just getting started, even if you don’t have an email list yet.
Isn’t Squarespace / Wordpress / Etsy going to take care of this for me?
In short answer, no. You need to do this for your website because every person’s website is different with the information they collect.
Isn’t Mailchimp / ConvertKit / Leadpages going to take care of this for me?
Again, no. You need to go into your account settings for these places and make the adaptations needed for your specific business.
(b) enable a Cookies Pop-up
Cookies? What are Cookies?
For those of you who are Squarespace users, add a Cookie Banner to your website here, (or) if you want to go one step further and are familiar with Custom CSS and want to change the look of it, see this article here.
Your Email List
Email List To-Dos:
(a) segment your list
Why do I want to do this, my list is going to shrink because people won’t see the email!
Ok now let’s chat about this. Think about it this way - if they don’t see your email, or they aren’t consistently reading your emails, do you want to really have them on your list, just to have a higher number? If you run this and your numbers go way down, that’s not necessarily a bad thing, because you want to be delivering content to the people who will read it.
You need to look at this as an opportunity to clear your list of people who aren’t reading your content and thus your open rates will be higher. I know some people will disagree with me for saying this, but t is better to have a smaller list with people who are engaged with your content and opening all of your emails than having a large list with people who don’t ever open them. If you’re pouring your heart into what you do, you don’t want people to simply be on your list. You also want them to be engaged with you.
How do I segment my list if I use ConvertKit?
This article was one that we found the most helpful in doing so. Send out an email to those people who are in the GDPR, and for anyone that doesn’t comply by 5/25, remove them from your list.
How do I segment my list if I use Mailchimp?
- Here is a general article for you to reference first. Now, what we found is that Mailchimp does not have the entire EU as a location listed, so you need to create a segment within your email list that tags each of the people with a location, which is determined by their IP address. Or, you can go the other direction and just send everyone on your list an email with your updated privacy policies, and give them the option to either comply with the new policies or be removed from your list.
- Here is an article on the tools that Mailchimp has released to help you as well. They now have checkboxes with forms available to you and share how to handle data requests, etc.
- Here is how you can segment your forms within Mailchimp to make them GDPR Compliant. Please note, for every place you have a form on your website, you will need to update the form! So if you are on Squarespace, you need to re-embed each form so that it is the correct one that shows.
What do I need to do if I use Leadpages?
Here is a helpful article we found for what you need to do if you use Leadpages.
Your Shop To-Dos:
- WooCommerce Users - here is a helpful collection of articles on what you need to do for your specific shop
And that's everything you need to do. So, please don’t panic about this. Just simply take the time to make this happen sometime this week. Set aside sometime to do the following:
2. Create or update your Cookies Policy on your website
3. Update what you need to for your Email List and Forms
And you’ll be good to go! I hope that you found this post helpful today, please comment below if you have any further questions. Once you have your things set, you'll be on your way to being more transparent with the people who visit your website and being 100% GDPR Compliant.