Over the past several weeks, the blogosphere has been buzzing with talk of a new EU privacy law called the General Data Protection Regulation (GDPR) that will go into effect on May 25.
When I first heard about the law, I thought, “Well, I’m not in the EU so I guess this doesn’t apply to me.”
Wrong. I soon found out that if I had any email subscribers who were EU citizens, the law applied to me as well. That means it probably applies to you too if you have EU subscribers on your email list.
Unfortunately, there’s a lot of conflicting information out there about GDPR and what actions to take to make sure your email marketing is GDPR compliant.
But, after doing more research, I finally came across this excellent interview with Chris Ducker and small business law expert Suzanne Dibble. I highly recommend giving it a listen. I’ve also outlined some of the major points below in an easy-to-follow three-step checklist.
Huge disclaimer: I’m not a lawyer, and nothing in this blog post should be construed as legal advice. If you’re running a business, you may want to hire a lawyer who will be able to help you become GDPR compliant.
I also recommend reaching out to your email marketing service to see what tools they are developing or recommend so that you can become GDPR compliant.
Also keep in mind, as Suzanne notes in the interview, that there aren’t going to be GDPR police scouring the Internet after May 25. Bloggers with small audiences probably won’t really be affected.
However, most of the GDPR laws will help you have a healthier and more engaged email list. And it’s better to be safe than sorry.
Okay, let’s get started.
GDPR Compliance Checklist for Email Marketing
Step 1: Email EU subscribers and ask if they want to stay on your list
If you have any email subscribers who are EU citizens, it seems that you need to send them an email before May 25 asking them if they’d like to stay on your email list. (Technically, it won’t be lawful to email them after May 25 unless they agree to stay on the list.)
In order to do this, see if your email marketing service has a way to identify email subscribers by time zone or location. Then, you can send a special email campaign to those subscribers.
My email marketing service MailerLite (affiliate link) had this template I could use:
If you have a small list, you might be getting anxious about having to delete the email subscribers who don’t click on the link in your campaign. Of course, you can send it out several times to make sure most of your EU subscribers take action.
But it’s actually a good habit to trim your list of subscribers who aren’t opening and engaging in your campaigns.
They’re just taking up space on your email list and costing you money. As your list grows, you’re going to have to pay more and more money to your email marketing service in order to keep them.
A small, engaged email list is way more profitable than a large one with low open rates.
Step 2: Enable double opt-in
Double opt-in means that when someone subscribes to your email list, they receive an email with a link that they have to click on in order to confirm that they want to be on your email list.
Here’s a sample template (again from MailerLite):
Suzanne says double opt-in isn’t necessary to be GDPR compliant if your forms are set up correctly. However, it will give you proof that someone has agreed to opt-in to your list. And it will also help you to have more engaged subscribers.
Step 3: Update your opt-in forms
This is where things get tricky.
One of the most popular ways to grow an email list is to offer a freebie in exchange for an email address.
For example: “Get a free chapter of my book by signing up to my email list”.
Under the new GDPR law, this type of opt-in seems to not be allowed if you want to continue sending emails to those EU subscribers who sign up. (This also applies to giveaways!)
This is because the subscriber is signing up to receive the free chapter and not necessarily consenting to also receive emails from you about special offers, promotions, and future blog posts.
The GDPR law requires that this type of opt-in contain an unchecked checkbox that lets people also opt-in to your other emails.
Essentially, the law states that you can’t bundle all of your offers into one form with just one subscribe button to indicate consent.
ConvertKit (affiliate link) gives the following example of a GDPR compliant form in this article:
If you don’t want to have a checkbox on your opt-in form, it might be okay to promote your email list first and foremost and have any freebies listed as welcome gifts. For example,
Sign up to get my emails about writing and marketing. As a welcome gift, I’ll send you a free chapter from my eBook.
In that case, you may not need the checkbox. Of course, since I’m not a GDPR expert, take that with a grain of salt.
Now, I generally don’t send out many emails and very rarely any promotional ones. If I’m ever promoting an affiliate offer, I usually just include the link in my writing newsletter.
However, if you’re sending out emails dedicated to promoting your products and affiliate offers, then you’ll probably need to include a checkbox on all of your opt-in forms. Next to this checkbox, you can write something like,
I would love to receive details about your offers and promotions.
Additionally, Suzanne recommends having a link to your privacy policy on your subscribe form. You can write something like,
We collect and use and protect your data in accordance with our privacy policy. You can opt-out at any time.
(She says that you don’t need a checkbox for this. Just have a similar statement somewhere on your form.)
Here’s a free privacy policy template I found online that’s GDPR compliant if you need one for your blog. You can also check out the free privacy policy template generator at Iubenda.
For further guidelines on how to word your opt-in forms, I highly recommend reading this article by Shane Melaugh at Thrive Themes: The Smart Way to Make Your Opt-In Forms & Email Marketing GDPR Compliant
The Takeaway
These are just a few pointers to get you started. I hope they help as you set up your email forms to comply with GDPR.
I’ll be updating this post as I find out more, and I also recommend reading any resources on GDPR that your email marketing service has released.
Here are resources from MailChimp, MailerLite, and ConvertKit (three of the most popular email marketing services for bloggers — read my review of them here):
- GDPR FAQ from ConvertKit (ConvertKit has a feature that allows you to display GDPR compliant checkboxes only to EU subscribers.)
- New GDPR tools from MailChimp
- Guide from MailerLite on GDPR
I’ll be working to update my email opt-in forms in the coming weeks. And I’ll also be keeping an eye on bloggers with big audiences to see how they’re reacting to GDPR and changing their marketing strategies. Many just seem to be shrugging their shoulders and not getting too bothered about it.
What do you think of the new GDPR law? Have you come across any resources that are helping you navigate the new law? Be sure to share them in the comments.
P. S. Despite the GDPR law, email marketing is still the most powerful way to stay in touch with your readers and grow a loyal audience online.
If you’re struggling to grow your email list or just getting started, check out my mini-course where I guide you step-by-step through all of the strategies that I used to grow my email list from 200 to 2,000 subscribers in just a year.
Kate Findley says
Thanks, Nicole! Your article is very clear and helpful. Personally I think the new regulations are a bit annoying because it’s obvious that anyone who doesn’t want to keep getting emails can unsubscribe. But then again, I agree with you that we don’t want unengaged subscribers clogging up our list and costing us more money!
Nicole Bianchi says
I’m definitely with you on the new regulations being annoying (especially because there doesn’t seem to be a unanimous consensus yet on how to comply with them). I think there should have been different regulations for small bloggers, and these stricter regulations should apply only to companies, etc.
Ellen says
Thank you, Nicole. That’s a great help. You set it out really well. Very helpful.
Nicole Bianchi says
Thank you, Ellen. I’m so glad you found it helpful. 🙂 Hope you’re doing well!
Trisha Traughber says
Wow! Thanks for this Nicole. I’m working from the EU, so I actually thought I had most of these under wraps…but am learning I do not. It’s stressful trying to make sure I understand all this–but I think it’s a really great idea to make sure we all protect each other’s privacy.
Nicole Bianchi says
You’re welcome, Trisha. Thanks for your comment! 🙂 Many of the articles I’ve read about this just make everything more confusing so I was glad to find that interview. Thankfully, it seems that most of the email marketing services are putting tools in place to make the transition much easier. And, yes, I definitely agree — these steps will help us make sure we’re keeping our subscribers’ privacy safe.