GDPR…I almost lost my marbles, but you don’t have to!

GDPR…I almost lost my marbles, but you don’t have to!

Just this week, I’ve received about 1,375,492 emails about GDPR. (Or at least that’s what if feels like!!!)

The date when GDPR becomes enforceable (May 25), is looming like a shark in murky waters…

And I can think of a million things I’d rather do than wrap my noggin around legalese.

Needless to say, General Data Protection Regulation (GDPR) really got me grumpy this week!!!

Which gave me the bright idea to write this email…

Because why should BOTH of us be grumpy, when maybe you don’t have to do as much searching or hair pulling as I have?!

That said, please bear in mind that I am NOT a lawyer (but I will point you in the direction of some later in this email), I’m merely a business owner who needs to comply with GDPR…preferably without loosing my marbles!

So here’s the 411, in good ol’ plain English.

First stop…

What in the world is GDPR?

In a nutshell: it’s the European Union’s (EU) new data privacy regulations, adopted in 2016 and enforceable on May 25, 2018 and beyond.

Truth be told, it seems like a great thing for human beings in general (think cleaner in-boxes with fewer spammy, unsolicited emails…YAY!!!) but it’s NOT such a barrel of fun for online business owners who have yet to figure out how to comply.

Heck, many of us had never even heard of it until recently!


Who needs to comply?

EVERYONE who has customers/clients/subscribers from the EU…even if YOU don’t live in the EU. Oui!

What happens if you don’t comply?

You could get fined, BIG time. Like millions of dollars…or so they threaten.


Okay, now that I have your attention, I’d like to mention that I’m not going to get into ALL the nitty gritty components of GDPR (I don’t have enough Tylenol for that!!!), I’m just going to cover one of the most important areas that we need to be aware of…

…asking for people’s email addresses on our websites.

Again, I’m going to give you some legal resources in just one bit (and I HIGHLY recommend you refer to them, even for the free advice). Right now, I’m just summing up some of the most important concepts about GDPR and your email list.


==> Okay, so here’s what you can no longer do…

You CANNOT have a lead magnet/opt-in gift to get people’s email addresses and then email them about other stuff.

So for instance, let’s say Suzy opts in to your gift, “Your gluten-free shopping list”. In the old days, you could then email Suzy about your gluten free coaching program, a Summit you’re part of, general tips and tricks for eating g-free.

Now, with GDPR?


You CANNOT email Suzy about anything that’s not directly related to her getting “Your gluten-free shopping list” UNLESS she gives you her explicit permission.

How does Suzy do that? We’ll get to that in a minute.


What about the people who are ALREADY on your email list?

If they’re in the EU, you need to get their permission to email them about anything that is unrelated to the original reason they signed up, and you need to do this before May 25. Bobby Klinck is a great resource for this and offers several strategies (see link below).

What about people NOT in the EU who are already on your email list?

Right now, you do not need to get their explicit permission, beyond the legitimate permission you already have. Again, refer to Bobby’s suggestions.

Won’t my email service provider/course platform etc. do everything FOR me?

Read what they say about GDPR but most likely, they will provide you some of the tools you need to comply, but you actually need to USE those tools to comply. And you will also need to come up with an updated Privacy Policy on your website (unless your existing one is GDPR compliant).

So for example…your email service provider should provide you with all the necessary components to create a GDPR compliant opt-in form for your website but YOU have to put that form together, and link it to your privacy policy.

What is a GDPR compliant opt-in form?

I thought you’d never ask! 😉

However, this is where things can get a tad bit tricky. Context is very important, including what you intend to do with the information you collect.


So an opt-in form that is right for one purpose is not necessarily right for another….

That said, these are some of the basic guidelines I’ve come across:


  • You must not ask for more information than you absolutely need. For instance, if you’re giving people a gluten-free shopping list as an opt-in gift, you probably don’t need to ask for anything more than their name (optional) and email address.
  • You need to clearly explain to people why you are collecting their data and what they’re opting in to receive. (No sneaky ‘kitchen sink’ deals are allowed where in order to get one thing, they also have to agree to get your newsletters, course launch emails, affiliate ventures etc.)
  • You need to link to your privacy policy (which needs to be GDPR compliant).
  • You can offer to send people your newsletter, information about other offers and great deals etc. BUT this option needs to be an opt-IN option, not an opt-OUT option. In other words, if you use a checkbox on your form, it needs to be UNCHECKED, and your subscriber needs to manually check it.
  • You need to explain to people how they can opt out of your list. (In your Privacy Policy)
  • You need to protect their data and delete it if it is no longer needed for the original purpose they gave it to you.

So, to circle back…yes, the services you use (like your email marketing company) should be providing you with the tools you need to be GDPR compliant, but they won’t create a privacy policy for you and they won’t create the exact form/s you need for your website.

ActiveCampaign has an excellent article that shows GDPR compliant forms.

As one commenter noted, GDPR doesn’t stipulate that you absolutely need checkboxes on your forms or that you MUST have double-opt in (i.e. when people get an email with a confirmation link before they get sent any information or the gift they signed up for).

You just need some form of PROOF that your subscriber opted in for whatever you’re sending them.

All things considered…

Anyone want to join me in opening up a lemonade stand? 😉

Just kidding. Well, earlier this week, maybe not! LOL

Change can be hard, but we’re all in this together. Also, GDPR is actually a good thing. We all deserve privacy and considerate marketing…that we actually asked for.

It’s just going to be an adjustment in the short run.


Helpful resources…

Here’s some help to make the process a little less grinding (none are affiliate links, just what I’ve personally used):


  • Last but certainly not least, Lisa Fraley and Gena Shingle Jaffe are hosting a webinar about GDPR on 5/15/18. ( I signed up!)


So that’s my GDPR roundup. I hope you found this article helpful…and if you did, please feel free to share!

xo Maria

Pin It on Pinterest