Hi, and welcome to another ‘1st of the month’ blog post here on AidanBooth.com!
This months blog post is an important one, so please read on… first though, the mandatory disclaimer that I have to give:
Please note that this article is for information purposes only and is based on my understanding of GDPR. The tips I’m providing are not intended to be legal advice and in no way represent a comprehensive standard for ensuring the GDPR compliance. I recommend you seek your own legal advice.
Before you do ANYTHING else…
After you register using the button above, we’ll send access instruction to your email.
Now let’s dive in to what this is all about…
If you own a website that could potentially get EU visitors (ie. this basically means ANY website), then you need to read this article from start to finish to ensure you know what GDPR is, and that your website is compliant (failure to do so could result in a catastrophic fine).
The cut-off date for being GDPR compliant is the 25th May 2018 so time is of the essence (if you’re reading this after May 25th, then read faster)!
What is GDPR?
GDPR stands for the ‘General Data Protection Regulation’.
Up until now, EU citizens have had ‘control’ over their data via the ‘1995 Data Protection Directive’, however the 1995 Directive isn’t great in practice, because it leads to different laws in different member states.
The GDPR replaces the existing EU Data Protection Directive, and is a fundamental change to the way organizations must approach data privacy, providing consistency and one regulation across all EU member states which applies to all EU citizens.
Why Should You Care?
The GDPR will become law on May 25th 2018, and will impact anyone who lives in the EU, anyone that has subscribers in the EU, or anyone who collects data from people in the EU (for example, via cookies or IP tracking)… that’s a pretty broad net, and covers almost every half-decent website out there.
Wherever your business is located in the world, the GDPR will apply if you:
- Offer products/services to EU citizens and/or:
- Collect personal information from EU citizens
Hopefully I’ve beaten this to death and made it crystal clear!
Does The GDPR Affect You?
As mentioned above, GDPR affects you if you’re collecting EU citizen data in any way.
Technically speaking, the GDPR affects two groups of people;
- The Data Controller
- The Data Processor
1. The Data Controller
99% of people reading this will fall into the ‘Data Controller’ category.
If you decide how data is used, then you are the Data Controller within your organisation. In other words, if you’ve got a website, and collect email subscribers (for example), and you control how the email addresses are used, then YOU are the Data Controller (and it makes no difference if you are an individual or a business).
If you are the Data Controller (which you probably are!), you must process all personal data from your subscribers according to GDPR law.
2. Data Processor
The other 1% of people reading this will fall into the ‘Data Processor’ bucket.
The data processor is someone (or a business) that uses data on behalf of the Data Controller, for example, Aweber and other email marketing autoresponders are considered Data Processors.
The definitions of both the Data Controller and the Data Processor are laid out in Article 4 of the General Data Protection Regulation, where further definitions are found also.
The GDPR gives your EU subscribers explicit rights, it’s a smart idea to know what these are, so you can ensure you’re protecting them:
1. Right to be informed
Your subscriber can at any time ask how their personal data is being used and why it is being used.
The answer you give may be as simple as: “The personal data we have is your name and email address. It’s being used by me/my company to send you updates about how to build an online business.”
Not exactly rocket science.
2. Right of access
Your subscriber can at any time request a copy of their personal information.
If you’re collecting data via Aweber (an email list), this is pretty easy to access. You just login to Aweber, find your subscriber, and you’ll be able to see all the information you have on file:
In the image above, I’ve put red boxes around the information we have on file for this particular subscriber, and also how he subscribed (something else you may need to provide if you were ever questioned by authorities).
Again, nothing too complex if you’re using a system like Aweber.
3. Right of rectification
Your subscriber can update their personal data at any time.
This is normally pretty easy for any subscriber to do, for example, in all the emails we send out, we have a ‘Change Subscriber Options’ button at the bottom of each email, it looks like this:
And when someone clicks on the Manage Subscription button, they’re taken to a page that looks like this:
As you can see, the email address on file can be seen, along with the name on file, where I signed up, and the other lists in the same Aweber account that I’m subscribed to. Clicking on the ‘Edit Contact Information’ link allows me to change my name and email address.
Alternatively, a simple email to the website administrator/owner can have data updated at any time. If you want to update data you have with us, just submit a support ticket here, and we’ll do it for you:
Like the first two subscriber rights, this one isn’t overly difficult to understand or manage.
4. Right of erasure
Your subscriber can request that their personal data is erased and any third party involved must cease any further processing of their data.
Pretty simple, give your subscriber a way they can erase their data.
5. Right to object
Your subscriber can unsubscribe from your mailing list at any time.
Also very simple, and for Aweber, it can be done from a link in every email that’s sent out.
So they’re the subscriber rights, in a nutshell. Hopefully this is all making sense.. read on, we’ve still got a lot to cover!
What Customer Data Should You Hold?
The GDPR states that you must document what customer data is used for, so what customer data should you bother keeping?
Obviously the answer will vary depending on the business you run, the key is that you can justify why you’re asking for (and keeping) customer data.
For example, if you have your customers date of birth on record, can you justify why you need that? If not, you probably shouldn’t keep it.
Not only that, we also need to document where we got this information from, for example;
- Did we buy the data?
- Did we get the data from a third party?
- Did we get the data via a web form?
- Did we get the data from a mailing?
It’s no longer enough to gather as much information as you want, just in case we might need it at a future date. You have to hold data for an explicit reason only, and it needs to be;
- Limited to what we need
For most websites, and certainly for email subscription lists, you’ll need to collect an email address (at bare minimum), and perhaps a name (for personalization so that you can offer a better service).
These will normally be collected via email optin boxes. It’s unlikely that you’ll need much more than this.
Some websites that are linked to local businesses may collect phone number and address information so that other forms of communication are possible, but again, this is pretty standard practice, and something you can explicitly explain to your subscribers at the time you’re collecting the information.
Required GDPR Documentation
To make sure you’re fully protected, it’s critical that you document EVERYTHING for GDPR.
If for any reason the regulatory body or supervisory authority want to talk to you (in the event of a customer complaint that maybe you’ve used their data inappropriately), it’s much more likely that you will be successful defending your actions if you have documented the data you hold, why you hold it, and can demonstrate that you have explicit authority to use it.
I can’t see why this would be an issue for anyone, after all, the Data Processors (Aweber, etc) all do this for you.
The 6 Key Principles of GDPR
The 6 Key Principles are:
1. Data must be processed lawfully, transparently & fairly
In other words, people must know what their data is being used for.
2. Data is collected for specific and explicit purposes
From 25th May 2018, to comply with GDPR we can no longer collect data for the purpose of collecting data in the hope it might be useful at some point in the future.
You must tell people what the data will be used for, this is pretty easy to do on the optin form you’re using to collect the information, here’s an example:
This form pretty clearly explains how the subscribers information will be used, to deliver “regular information on bushcraft, survival, outdoor life, starting with 20 free videos today”.
Pretty simple 🙂
3. Data held must be adequate, relevant and limited to what is needed
I interpret this to mean… you can get enough of your subscribers data, but not too much, only for what you need.
4. Data must be accurate
Since you’re collecting data from the users themselves, I find it hard to see why your data wouldn’t be accurate, or why you’d deliberately make it inaccurate…
5. Data retained only for the time it’s required
Only keep data for the amount of time that you actually need it, not for months and years ahead in the hope you might use it some day.
6. Data must be processed securely and you must be able to prove this
Data must be processed securely using technical or organizational measures, including the protection against the following:
- Unauthorized or unlawful processing and against
- Accidental loss
- Destruction or damage
These 6 key principles can be found in Article 5 of the regulation
Privacy And Transparency
You need to be 100% transparent with your customers/subscribers, make sure you have unsubscribe links on your emails, and if they ask to be removed manually from your list, make sure you do it.
Make it easy for your customer to read through your terms and conditions and privacy notices, special note of your customers reluctance to do this should be noted.
Is Your ‘Data Processor’ Compliant?
In most cases, yes, all the main players, such as AWeber, GetResponse, Mailchimp etc., have GDPR plans in place which you can check out on their websites to ensure they are compliant by 25th May 2018.
Should You Use ‘Double Opt-ins’?
There’s no written rule that says you MUST use double opt-ins, but by using them you’ll have an easier job showing that you got consent from your customer to collect their information.
What You Need To Do Today…
Get your business compliant prior to May 25th.
Our software and checklist will guide you through in more detail:
Here are a few things you may need to do:
1. Ask your subscribers to re opt-in
Unless you can prove you’ve received consent from your subscriber, prior to the GDPR taking affect, it might be a smart idea to ask your subscriber to opt in again.
Here’s an example of how you might do this (you could format an email broadcast to look like the message below):
NOTE: Based on everything I’ve read on this topic, I would ONLY ask for someone to opt-in again if I were uncertain as to whether I had their consent in the first place. And remember, this ONLY applies to EU citizens (not your full list of subscribers).
If you’re unsure if you’ve got consent, then dive into your subscriber data and check to see if you’ve got the following:
- The date your subscriber signed up
- The time your subscriber signed up
- The source of sign up
- A copy of the sign up form used to collect their data
If you haven’t got the above information, then you could send a re-engagement email prior to the 25th May 2018 and request that consent to receive emails is given again.
If you take this path, and get no response from your subscriber by 25th May 2018, you should not email them again, and you must delete not only their email address, but any data you hold on that person.
2. Ask for explicit consent to use personal data
GDPR law states that you need to ask your EU subscribers for explicit consent to use their personal data.
Again, this is only something I’d personally worry about if I was unsure that I had consent in the first place.
Let’s say you’re unsure if you’ve got consent, you could address this by sending a re-engagement email to your current subscribers and explicitly ask for consent to use their name and email (or whatever) to communicate with them. This would be worked into the same communication as the re opt-in, as explained in number 1 above, I wouldn’t send out two different emails to address this.
GDPR states that before collecting any personal data, you need to provide the following information to your subscriber:
- Who you are
- Your contact information
- Why and how you are going to use the subscribers data and the reasons for doing so
- How long you will keep their data
- How the subscriber can erase or change their data
- If you are planning on sharing the subscribers data with anyone else (i.e., with a third party)
Update your policies
As mentioned earlier, you need to make it easy for subscribers to view your policies by making them easy to find, for example by having a link to them in the footer of your website, email, and perhaps in your sign up forms.
You need to communicate information about processing of personal data that’s:
- In clear plain language
- Easily accessible
- Free of charge
It’s always good practice to keep your policies up to date, so now is the perfect time to do just that.
Here are a few Privacy Policies of big firms who I’ve seen proactively address GDPR:
To check these out for yourself, browse around your favorite websites and hunt for the ‘Privacy’ link.
Revisit your cookie statement
Cookies are classed as ‘personal’ data under the GDPR as they can identify an individual via their device, therefore it’s time to check your cookie statement.
The following cookie statement is no longer sufficient “By using this site, you accept cookies”, you need affirmative action from the subscriber such as clicking an opt-in box, or clicking a preference or setting to confirm consent, therefore visiting a website no longer counts as consent.
Here are a couple of examples:
A €10,000,000 Fine (or more)
At the time of writing this article, €10,000,000 is equivalent to $12.27 million dollars.
Those found to be in breach of the GDPR, could face fines up to 10 Million Euros, or 2% of their global turnover (whichever is higher).
Needless to say, a fine like this should make being compliant a no-brainer 🙂
If you wish to dive into this rabbit hole yourself and learn more about the GDPR, visit: https://www.eugdpr.org/
To sign off, let me leave you with this final thought:
Legal stuff like this bores me to death, but it’s a small price to pay for the ultimate freedom that running an online business can give you… so battle through it, it’s not that terrible.
And before you go, don’t forget to register for free access to our GDPR software and checklist:
I’ve been hearing quite a bit about this, but this is the first time I feel I understand what it all means, thanks Aidan
Great to hear that, thanks!
thank you Aidan and Steve.
You’re welcome Hillary!
Aidan, right now I only sell on amazon (private label), will this affect me? I don’t have a website, but am thinking of building one so I can register a list of my buyers.
If you don’t have any websites, then no, nothing you need to do. If you do eventually build a website, then yes, make sure you follow the guidelines in this post 🙂
It’s awesome that you have taken the time and effort to explain and provide software to manage the situation.
Glad to be of help Tim!
Aidan, Your posts are ALWAYS solution-driven, straight to-the-point, and HIGHLY action-oriented. I learn SO much and really trust your advice – implicitly. BTW, I especially love your Content Marketing Masterplan https://www.aidanbooth.com/content-marketing-masterplan/ You Guys Rock!
This will be interesting because my data is held in the US and I’m in the US. Does the law come with a special extradition treaty? I find the whole, state attempt to regulate something larger than itself interesting.
Hey Joe, it’s not so much about where your data is held, but where the people are from that are using your website.. if they’re in the EU, and you’re collecting their data, then you’re expected to comply.. will certainly be interesting to see how this all shakes out!
I was thinking the same thing. What about the business’ nexus etc. If you are not google or facebook how will they go after you and if they go after USA businesses only and will not go after the ones in China can they(gdpr enforcers) be sued for discrimination and unfair practices?
I wouldn’t worry about what they might or might not do.. I’d just get the basics in place to stay in line and out of harms way 🙂
what about if say you are selling as an affiliate (and don’t have a website) where you are collecting email address of people who optin to your affiliate offer.
There is no website in this case but you are still building an email list. Does this require to be GPDR compliant as well?
As I understand it, sincd you don’t have a website, you’ll just need to make sure your auroresponder messages give people ability to unsubscribe or change/update their details (which is standard practice anyway). The wording on your option forms will still need to comply.
If say you advertise your offer/product/services only to non-EU buyers, should that be sufficient not to be GPDR compliant?
If it’s POSSIBLE that EU people may buy/subscribe, then you’ll need to use the recommendations I’ve mapped out..
I subscribed to ‘Passive Income Blueprints’. Got an email from you to click the links which just says “THIS LINK IS FROM A NON-ACTIVE ACCOUNT”
Yeah, I’ll be fixing that in the coming days. Thanks
I have a website using shopify, when somebody buy a product should I add a button asking him/her if they consent me to keep their data (name,email, adress) and if they refuse the information is still kept on shopify I assume. No sure what to do. Thanks
It wouldn’t hurt to do that. You could also specify on the checkout page that you’ll be delivering promotional material, etc
Aidan, thanks very much this awesome explanation about this requirement. We appreciate you taking time to explain in such a simple manner. I am just at the early stage of creating websites, though I have domain names that are parked.
This is interesting, Aidan. I understand that your business is worldwide, and this would apply to you and your efforts specifically. But to those of us outside the EU, who do not target EU citizens (at least not yet), to me, this has no meaning. I feel like saying something such as , “If you are from the EU, you cannot use this website as we do not comply with the GDPR.” would be appropriate. As a US Citizen, this EU overreach sounds like exactly that, and should only apply to EU citizens and EU websites. Any thoughts?
I think if you have a “page gate” that states that (something that people need to read before they see your site), then you’d probably be fine.. I totally get where you’re coming from though.
It’s because EU citizens are involved… the USA probably tries to protect its citizens in similar ways (in other areas). You could block all EU traffic if you wanted to and you’d probably be fine then 🙂
Not sure about this page gate. IP address is also personal information. How do you block someone without knowing their IP address is from the EU?
It can be done from the hosting level… before that info even gets to you. Ask your host about it 🙂
Thanks, Aidan. What I’d read was that it only affected folks in the EU. I didn’t realize it meant anyone who collects info from an EU citizen. Your timely email saved my bacon!
Yeah, it’s a pretty broad reaching scope!
As a solopreneur, I could never keep track of all the changes in the world–like this one. Thanks for being here for us Aidan, and all the work you do!!
Me too, thanks a lot Aiden.
Great articke Aiden ,what about if you are marketing emails on behalf of a client ? example I wil be sending emails on behalf of my clients ie do their email marketing !
Without knowing more specifics, then you wouldn’t be affected. The data processor would be Aweber (whoever the autoresponder is), and your client the Data Controller
Thank you Aidan for this valuable information. No wonder You are the head of 7FC. I really appreciate you. All the Best.
Haha, I’m not the ‘head’, just one of the team, but thanks!!
I definitely appreciate the 4 of you. Thanks to All the Support and the opportunity to be part of the awesome team at 7FC and the Blackbird software.
Thanks Sahbi!!! 🙂
Thanks Aidan & Mr Steve… I can now add you to the list of Internet Gurus who have been paying attention… and appreciate the info… something to note, GDPR isn’t just email… some of the legal experts I am tracking suggest it can also potentially extend to Push Notifications and FM Messenger… so you are being advised to glance over these areas of your business too… and if you are using autoresponders, kind of your responsibility to ensure they are GDPR compliant as well… yes, changes… but you can then promote that you are GDPR compliant… which I see many online doing now.
One thing I would also stress a little more for people… and been tracking GDPR for some time know… the whole “how you are planning to use their email thing” is crucial… at the moment, you can get someone’s email, and then use it however you want… but with GDPR you need to be upfront about all the different ways you will use it… ie. Monthly Newsletter + Sales emails + Product launches… and then the Consumer agrees to all that when they sign-up… IF you then use that email in a way they have not previously agreed to… such as selling it on to a 3rd party… that’s OK, if you have gone back to them and got their OK… but if you don’t that’s when you are in breach, and for anyone inside EU, penalty is 4% of annual turnover as potential fine… this new law has teeth. So bottom-line, you have to think of all the ways you currently use the emails you have, get people to agree to all those uses, and if you add a new use in future… then you have to go back to people, get their sign-up again… and if they say no… then you can’t go ahead and use it… so GDPR requires that the Data Manager has done their internal research, and understands all the ways that their company uses people’s data… PLUS in UK, and other EU countries… people have to be officially registered… which means you have to go to an official website and register and pay a fee… you can’t just call yourself a Data Manager, you have to be officially registered… in UK, cost is currently £30.
Yup, absolutely.. it’s any kind of data that is collected.
Wow, thanks Aidan. You’ve provided an excellent explanation and clarification. I’ve bookmarked this page to share.
Hi Aidan, many thanks for the article/checklist. Does this have any impact on websites who collect information via a contact form, eg when a prospect is looking for a quote/making an enquiry (not attached to autoresponders). The information is only used for follow ups apart from replying with quote details.
Yes, you’ll need to clearly state how the info you collect will be used, and be sure the subscriber/prospect can change that info, etc
What if we’re selling on shopify? Are we bound by the GPDR?
I truly think the EU has gone overboard on this Cambridge Analytica debacle. The penalty is crazy.
Awesome stuff, your blog post by the way. Thanks much for the education, the software and the free stuff!
Hi Evelyn, if there’s a chance someone in EU will go to your site and subscribe, or buy something, or that you capture their data… then GDPR will apply to you.
Thank you so much ,you have put it very clear to understand and act.
Thanks Aidan for the useful information.
I have a website with affiliate links both for US and EU amazon. I am not generating any list from the website visitors.
Does GDPR affect me in your opinion?
If you’re collecting cookies or any form of data, the rules apply, if not, then no.
I don’t have a website at the moment.
Total newbie question….I’m soon to open a Shopify store… is that considered a website?
Hi Stacey, yes, your Shopify store will be considered a website. Don’t let any of this stop you getting started though, the checklist and our tool should make things nice and easy for you
Thanks for the great information and tools. Your last comment mentioned the use Of FB pixels. I have not used these yet but was planning on it, could you please shed some more light on how a visitor or even my self could go about deleting this information if requested to, by a visitor to my site?
Thanks in advance 🙂
You make a good point Mark, you cannot delete individual FB pixel data without deleting ALL you data. I’ll look into this some more. Thanks!
Thanks. I’d really like to know how people are going to deal with this.
Thank you, Aidan and Steve! The only article on GDPR that explained things clearly and didn’t bore me to death! Now to implement your advice. 🙂
Hi Aiden, Great article – thank you. We have been in 100K for some time and not succeeded and have now restarted in Commission BluePrint and preparing for our website, so very timely. As I see this it will a plus to most visitors for a site to be GDPR compliant… so what a good way to start.
Great to hear you’re working through CBE Kevin! We’ll have more training about GDPR inside Online Marketing Classroom soon 🙂
Thanks Aidan for explaining in great detail. What if a EU person purchase from your website or clicks on a ad but dont collect emails.
If they purchase from you, then they’ll most likely be giving you their data (for example, email address) and will likely be added to a mailing list.. so in that case you’re holding their data and I would definitely make sure you’re compliant with GDPR. Clicking on an ad on Facebook isn’t a consideration, FB takes care of GDPR requirements for that part.
Thanks for that great article, education and heads-up!
I’ve a Shopify store and I haven’t started collecting emails yet (planning on that next to build a list). But what about those from EU that lands on my store and goes on to make a purchase … and they have to provide their personal data in the buying process – does the GDPR comes into effect for this portion?
Hi Ken, here’s what I replied with on a similar comment: “If they purchase from you, then they’ll most likely be giving you their data (for example, email address) and will likely be added to a mailing list.. so in that case you’re holding their data and I would definitely make sure you’re compliant with GDPR. Clicking on an ad on Facebook isn’t a consideration, FB takes care of GDPR requirements for that part.”
My name is Ronaldo and I wanted to ask you a question regarding online business, which might be going off topic within this blog so apologies. But I wanted to mention that I am a completely new beginner to online business and I am really interested in starting a business online mostly within Ecommerce. I have heard alot about you and you really seem to be a top expert within Internet Marketing and Online Business, and I am really interested to learn from you as a mentor or coach.
So I wanted to find out will you be creating or releasing a new training program or course later on this year or early 2019 to do with Ecommerce for example to do with Amazon or high ticket drop shipping. Because I heard your most recent program was 7 Figure Cycle which back then I didn’t really know much about you and your training courses, since I was still doing alot research on the Internet regarding making money online.
Also If I wanted to ask you more questions, what will be the best way to get in contact with yourself.
Hi Ronaldo, thanks for reaching out! Please send in your Q’s to email@example.com, we can give you more info there 🙂
Thank you very much for your reply I appreciate that :).
Thanks Aidan for the clarification.
This opens my eyes.
Thanks for providing the software, guideline, and checklist. Although I don’t sell to EU businesses or citizens this is good information to know. Because this impacts the use of an autoresponder; can landing pages and or video usages be impacted as well?
Hi Eugene, landing pages will really only be affected in that you’ll need disclaimer/privacy links, and to use certain verbiage around optin boxes/buttons
I do not have a website and not selling in the EU. If someone from EU were to buy from Amazon Buy Box under my account, would this regulation affect the biz.
Nope, no issue there, as it’s up to Amazon to be compliant, not you (since it’s their website)
Excuse Me but who died and left the EU in charge of the internet. These new rules may apply to those living in the EU or those using a hosting service in the EU but I seriously doubt they would apply to countries outside the EU. They think they can fine some lone solo website owner in Thailand or Columbia? Good luck with that.Just how does the EU plan on monitoring every wed site on the internet?
It’s to protect the rights of people who live in the EU and use websites… I guess if you don’t like it or don’t want to comply, you could just block all EU visitors… I get where you’re coming from though. The reality is it may be hard for fines to be followed up, and I doubt they’ll go after the “small guy”.. in saying that, it’s really not hard to be compliant, so not a huge downside really.
Thanks for a value info it’s really important to keep every data on safe place to avoid futures fines
Thanks Aidan for such timely advice! I have 100K Factory Ultra and Revolution with your privacy pages will this do? I also have OMC and i expect we will be compliant with the new money pages. Further I have a WordPress blog site that people sign into with their email addresses only (no first names etc.,) do I have to put privacy pages on this too? Thanks for all your great products. Marguerite
Hi Marguerite, you’ll be getting more info as part of OMC. You’ll need to make some modifications to your 100k Factory sites to ensure they’re compliant. Register for the tool and checklist here for more info.
thank you for the very detailed information. I have two domain names and hosting, but nothing “live” yet. So I assume nothing to be concerned about YET.
Also, have tried several times to download the GDPR software and checklist, but no success so far. Seems to get stuck at the 50% point.
Any idea why….?
Hmm, that’s odd.. try using another browser (eg Chrome, or on a mobile device), if that still doesn’t work, email us: firstname.lastname@example.org
Finally, able to download the software. Thanks again for looking out for us!
I am grateful to be on your email list, Aidan, as you’re only one of two lists I am on that have taken the time to prepare something as in depth, easy to read and comprehensive as this.
Thank you for the care and attention you pay to your subscribers (and friends!)
Thank YOU Sally 🙂
Hi Aidan, simple and spectacular information on the GDPR. Thank you
My situation, I have a niche website that deals with “diet and nutrition” and health in general, plus I collect emails via module optin with mailchimp.
This site is monetized with clickbank and amazon products (ie as an affiliate), in particular and aimed at a US, Canadian and Uk audience.
I live in an EU member state, so inevitably I will have to adapt to the GDPR.
I’m working on it, if I need help I can contact you?
Hi Anthony, for more detailed support I recommend you consider our monthly membership, Online Marketing Classroom. You can also contact us directly here: http://support.blueprintcentral.com – make sure you’ve signed up to get the tool/checklist, this will help you a lot.
HI. I have added an Acceptance CHeckbox to all the forms on my site with this content “By using this form, you agree with the storage and handling of your data by this website”
Is this enough?
It’s a good start, but you’ll need more, such as a message saying what folks will get, details in how to unsubscribe, etc. The best thing to do (which I’m sure you’ve done) is to register to get the checklist and tool, they’ll answer your Q in more detail.
Thanks for the article! It is informative.
Signed up for the software and all I get is a PDF saying you’re running the software through final checks. When will we be able to download it?
In about a week, you’ll be notified as soon as it’s out of beta!
Ok, I wanted to ask the same question, answer already given.:)
Aidan and Steve – thanks to you both for having our best interests at heart — again. Man, you guys are so cool. Thanks again –
Stuck on download, won’t move past 50%, awesome info though, just wish I could make use of the download.
Try with another browser Ron, if that fails, contact us here: http://support.blueprintcentral.com
It seems others have gotten the software and checklist.
What I received was merely a pdf stating you are still checking it out. Is this correct, or did I get into some odd loop?
That’s all you’ll get for now Laurie, software and checklist will be released very very soon!
Hi Aidan, loved the article!
Quick Question: If my site has a Facebook Pixel installed… do i need to say or show anything?
You said that 100 k Ultra sites need to to be modified a bit to comply. Could you tell us how and what needs to be put in there, or will the software and checklist solve that for us?
Hi Alex, the software and checklist will solve it.. but if you read this post from start to finish, I think it’ll become quite clear what you need to do 🙂
If I’m selling on shopify why not just block all EU traffic/visitors and be done with it. I’m seriously thinking of doing this since I mostly get US visitors. Can Shopify Customer service help me do this?
Yes, that should solve it I think. And Shopify support will tell you how to do it 🙂
If the cookie statement “By using this site, you accept cookies”, is no longer sufficient, do you know of any ‘simple’ workaround for this?
Re your examples:
MailChimp seems to have an application or plugin (beyond my technical skills to implement) and I can’t really see how HuffingtonPost is doing it other than directing users to a Yahoo website.
Any further clarity on this would be most appreciated. Thanks.
Hey Chris, if you haven’t done so already, register for access to our tool and checklist, that’ll spell things out with examples.
I also see a lot of websites not disclosing their owner’s information. Especially in Europe, you need to have the company legal information on your website with who is responsible for the website’s content, how to contact etc. Interestingly, even having similar legal requirements many US websites and e-commerce stores do not provide this data.
Yup, who you are, what you do, why you keep info, how to contact you, etc. Majority of sites will not update this at all..
It seems others have gotten the software.
What I received was merely a pdf stating you are still checking it out. Is this correct, or did I get into some odd loop?
Still correct! Software coming soon!
Not much time left, is the software really coming soon?
Yes! It’s available here now: https://gdprcompliancechecklist.net/. Demo video coming in next day or two (although, it should be quite self explanatory)
Very good article! Thanks for sharing your knowledge/research. (Maybe this site could update sign-up form GDPR compliant tho)
Have a great day!
Great article! Thanks Aidan for providing such informative and helpful post! I’ve signed up to get the checklist and software. However, I have not received anything yet. Could you please help me?
It’s now available Hooshmand, you can get it here: http://www.gdprcompliancechecklist.net
Hi Aidan, I act as a consultant/expert witness for divorce solicitors – lots of personal information on the lay parties, obviously, albeit my clients are strictly the solicitors (sometimes on behalf of one party, sometimes joint). I don’t have a website or an online presence. I imagine I will typically be a data processor, but often also a controller. My professional bodies have been useless in providing proforma engagement letters or privacy notices for this kind of situation. Can you comment on who-does-what-and-with-which-and-to-whom? Or point me to where I can find useful templates for suitable privacy notices/engagement terms etc? I plan to retire quite soon, and the cost of professional advice would be disproportionate.
Hi Max, if you don’t have a website, then I don’t think you really need to worry… I’ve studied up a LOT on GDPR, but not on privacy requirements for other data channels… for example, if someone gives you their info over the phone, I’ve got no idea what you’d need to do or say there. Is this what you’re after? Sorry I can’t be of more help here!
Thanks Aidan! Max
Thanks for this quick and easy way to handle this. I do have a question Aidan, Do you think it is necessary to add this to site of local clients, such as dentists?