Lately many of the author groups I belong to have been buzzing with questions about the General Data Protection Regulation (usually called GDPR because it’s a mouthful). I’m used to seeing marketing questions bubble up in these groups, but most of our talk about data and content ownership focuses on copyright. GDPR focuses on your readers’ rights to own their data, and many people aren’t really familiar with was this means and how it might impact authors and bloggers email newsletter lists. I’m here to help.
I’ll cover how GDPR impacts your email subscriber list, what you may need to do, what you don’t need to do, and generally explain why you do not need to freak out (but you shouldn’t ignore it).
But first, who am I to be dispensing this advice? In addition to writing awesome contemporary fantasy, I am a c-suite marketing executive with 15+ years experience in ecommerce and digital marketing. I’m a frequent speaker and advocate for the use of artificial intelligence and machine learning to advance marketing, and generally care a whole lot about good data and transparency in its use. I am not, however, a lawyer. So, this advice is practical, but isn’t meant as legal advice.
What is GDPR?
The General Data Protection Regulation (GDPR) is an EU rule for the European Economic Area (EEA) that will go into effect on May 25, 2018. This regulation’s goal is to give people ownership of their data, increasing understanding of what information customers are giving to businesses and how its used, and providing them the option to request it be updated and/or deleted. While it’s a European law, those outside the EU need to be compliant with data they acquired from customers who live within the EEA. Thus the whole hubbub in the U.S. right now, and why you’re getting acquainted with the rules.
When it comes to email lists and compliance with GDPR it’s all about repermissioning. Basically, the people on your list need to know what they signed up for, how you might use their information, and be given the option to have you delete it at their request. This means asking them to confirm they’re cool with all that again now that you’re following the GDPR rules. Let’s break it down.
GDPR for Email – The Basics
Opt-in Checkboxes – The tiny checkbox next to a contest entry or email sign up that says “I want in!” needs to be unchecked by default. You need to let the reader click it, and make it clear what they are consenting to. This is especially important when people are entering for contests or a signup for multiple author lists. The language needs to be plain that checking the box will sign them up for emails.
How Will You Use Their Info? – Tell your readers if you will be using more information than their email, for example “emails may be tailored by your location data if I have a book signing nearby.” If you don’t segment your list at all or use any data other than their email address, you don’t have to worry about this.
Repermissioning – Anyone who joined your email list before you had a double opt-in (where you get the email with a link to confirm you meant to sign up) or before the aforementioned “unmarked” checkbox, give them a heads up how you’ll use their email and ask them to confirm they still want to hear from you.
Caveats and Exceptions!
You might already be compliant – You don’t need to repermission subscribers who signed up under the transparent, GDPR-compliant policies. So if they marked the checkbox or confirmed by clicking a link in a subscription confirmation email (double opt-in), you don’t have to get the OK again.
Are they in the U.S.? – GDPR only applies to your European subscribers who reside in the EEA. Though, from a marketing standpoint transparency is awesome and why would you want people on your list that don’t want your emails? This means you can only do the repermissioning with those you think live in Europe. Your email vendor (e.g. MailChimp) should be able to help with this.
Are you already sending an email this month? – You don’t have to make a separate email to handle the repermissioning. If you’re already sending a newsletter to your readers this month, add a “Do you still want to hear from me?” block at the top of the email that lets the reader click to continue receiving emails from you under the new format. I like the example below from the North Face.
The North Face Repermissioning Email (Photo: Emarsys, click for their great supplemental guide on GDPR)
The TL;DR
If you already use double opt-in for your email list, you’re cool. If you don’t, and you have readers on your email list who live in Europe, get their permission again to stay on the list (or the chance to opt out). This isn’t going to be a bad thing. Your email list gives the choicest info, teasers and giveaways to readers (at least mine does. You should join with all the consent!), and you only want to give those super special tidbits to your loyal crew. If someone doesn’t want your email, spamming them isn’t going to increase books sold or pageviews. Trust me.
Need more help?
Well, I do some consulting, but since you’re cool: hit the comments! If you have questions about this or other marketing questions, leave them below or email me and I may feature them in a future Author Marketing Help Desk post.
People get murdered in my books. They also make out. Not necessarily in that order. Up next: PROM HOUSE (May 2021, Underlined) She/her. Rep’d by Naomi Davis at Bookends Literary. 
Thanks for the useful summary. One question: if I only use subscribers’ emails and don’t segment my list or use pixels, do I need some kind of privacy policy statement on my website?
Privacy policies are always a good way to cover your bases. If you run analytics on your website (like Google Analytics) to see where your readers are from or what blog posts they are reading, you should add a privacy policy. You can adapt the one from Automattic (the makers of WordPress), as they are cool with that: https://automattic.com/privacy/
Could you get away without one? Maybe. But it’s worth the time to add, and if you modify the one linked, it shouldn’t take you too, too long. 🙂
May I copy this for my RWA group meeting and loop?
Hi, Tina! If you’re wanting to share this online (like in the loop), I’d prefer you linked to the post, but if you want to share at the RWA group meeting the actual text that’s totally fine. I hope it’s helpful for your chapter.
I was planning to do both. I want to place a copy at each table so they can read it and then go to your blog to go over it at home. I’m hoping you will also get new subscribers.
Thank you for your permission.
Hi, Chelsea — When you said, “Your email vendor (e.g. MailChimp) should be able to help with this,” did you mean help identify which subscribers are from Europe? I contacted Mailerlite for this and they said they didn’t have it.
Hey, Johnny,
Typically email providers capture the IP address when someone reads your newsletter. This allows them to identify the location, generally. These typically get stored on the subscriber’s profile within your email client.
Mailerlite does collect the location data, as they use it for Opens by Location reporting (https://blog.mailerlite.com/opens-by-location-in-campaign-reports/), but you may want to peek at one of the subscriber’s profiles and see if they are associating it at that level. If they are, then you can use that information to email your European readers. You might try asking Mailerlite if you can “send an email just to people in a specific region using the opens by location data,” and see if they get the request a little clearer.
Don’t hesitate to ping me if it’s still confusing!
Chelsea, your response was amazingly helpful. I re-contacted Mailerlite and this time they said that their developers are working extra hours to implement a feature for GDPR that will allow users to see the location of any subscriber that has opened a campaign (which is what I was looking for). I’ve got my fingers crossed that their developers can code quickly since May 25 is coming fast. 😉 THANKS AGAIN for your help.