**Disclaimer: I’m not a legal professional and do not claim to give legal advice in this post. Please seek independent counsel on the best GDPR compliance methods for individual business.**
If you spend any time online these days there’s no doubt you’ve heard a lot about “privacy” in regards to how your information is collected and used by companies (for example, the recent Facebook “data breach”). GDPR, or General Data Protection Regulation, is a new set of laws created by the EU to govern how businesses go about doing that with the goal of protect users’ information and privacy.
Why you should care about GDPR compliance (even though it sounds boring)
This is important for any entrepreneur, even if you aren’t located in the European Union, if you have a website for your business where you collect information from your users. For example, if you have email-optin forms for your newsletter this applies to you! If anyone from within the EU signs up for your list (or has in the past), they are able to report you if you do not follow the GDPR laws.
Spread the word and pin the checklist:
5 Website Steps to GDPR Compliance
Get consent for emails
Be clear and upfront about what people are going to receive when they sign up for your email list. For example, one of my opt-ins used to say “Sign up to receive my free guide” and I changed it to “Sign up for my weekly emails and receive my free guide.” This is clearly informing that I will be sending an email once a week. If someone purchases a product from you, will you add them to your email list? Let them know!
You should also consider adding a checkbox that users must click in order to opt-in for your email list. Do not make the checkbox pre-checked. You want users to have to take clear action in order to prove they consented to sign up. ConvertKit makes this super easy. Jump to the bottom of this post to see more ways ConvertKit makes GDPR compliance super easy!
It’s also a good idea to implement a double opt-in on your email sign up forms. It may not be a legal requirement, but it does help with proof of consent and it also is great for engagement since you know that the people on your list actually want to hear from you!
Make unsubscribing from emails clear and easy
Don’t you hate when you can’t find an “unsubscribe” link in an email that you want to stop receiving? Me too! So don’t do that to your subscribers. Having a clear and easy way to unsubscribe also means you’re adhering to users’ right to withdraw consent at any time.
SSL, or secure socket layer, is what encrypts and protects the information that people enter into your website. Not only is SSL important for SEO, but it helps to make you GDPR compliant by protecting the information of your website users. p.s. SSL is included in my Managed WordPress Hosting!
How ConvertKit helps with GDPR compliance in email marketing
I’ve written many times about why I love ConvertKit. As usual, they’re providing tons of support and assistance for their customers to help them with GDPR compliance. You can check out their entire FAQ page here and feature support for GDPR here.
Custom consent checkboxes (for everyone or just for visitors within the EU)
Easily add a consent box to your email opt-ins without having to know any code. And even better, it will redirect them to a special consent page so it doesn’t clutter up your forms.
Figure out who your EU subscribers are
ConvertKit makes it easy to select your EU subscribers so that you can get consent from the existing subscribers. They even offer a sample message that you can send to them.
Allow users “the right to be forgotten”
If you receive an email from a subscriber who wants their information complete removed (and not just unsubscribed), you can contact ConvertKit to handle this.
And if someday you somehow get audited for GDPR compliance, ConvertKit also has a GDPR Audit Concierge where they say: “we have your back and will get you any data we have that can help you comply with the audit.”
Want to know more about ensuring your email marketing is GDPR compliant? I recommend reading this very detailed article.
I hope that these steps have you well on your way to GDPR compliance. Have questions? Please post a comment below.