Brexit comes into being for real (finally) at the end of this year, putting an exclamation point on an already bad year. For those that don’t know about Brexit (although I don’t know how you’ve missed it – it’s been in the news for the last 225 years), Brexit is when the UK decided to part company with the EU – the European Union – and December 31st 2020 is when it will happen.
GDPR is a legal framework for ensuring the rights of EU (European Union) residents to a private life. It is there to enable individuals to better control their personal data. Now the UK has left the EU does that mean GDPR no longer applies to UK people?
The extra-territorial reach of GDPR means that if you, as an author, interact with anyone inside the EU, GDPR applies to you. That means if you’re an author in the USA with EU residents on your mailing list, or an Australian author with EU residents on your mailing list, or a UK author with EU residents on your mailing list, (you get the idea), GDPR will apply to you.
GDPR (General Data Protection Regulation) was ratified back in January 2016, and became enforceable on May 25th 2018. You can read an overview of the legislation HERE.
That’s a lot of reading, but I wanted to share some of the things I’ve learned, both through reading, but also through some training I attended as part of my former day job. What follows over this and a follow-up post is an update on a post I made back when GDPR became law in 2018.
***Disclaimer *** I am not a lawyer, or an expert in this field. I am just someone that has done some research and asked a lot of questions. The following information is just my guide, and I advise you to do your own research on this topic if you haven’t already. Nothing in this post should be considered as legal advice.
GDPR. What is it?
It’s a legal framework for ensuring the rights of EU (European Union) residents to a private life. It is there to enable individuals to better control their personal data.
Does it affect me as an author?
The short answer is yes, even if you don’t live in the EU. If you have a mailing list that collects email addresses (as opposed to what?) and you have, or are likely to have one person from an EU country on that list, then you will need to give some consideration as to how you intend to comply with this legislation.
Even if you don’t operate a newsletter, there are several other scenarios where you may collect personal data. For example:
- Analytics information
- Website tracking cookies (cookies can be personal data)
- Comments on your website
- Security tools and plugins
If you are unsure, the ICO (Information Commissioner’s Office) has a handy self-assessment tool that you can use to see if you need to register.
Why should I care?
Well, aside from the fact that keeping people’s data secure is the right thing to do, unlike previous Data Protection regulations, GDPR is backed by some quite hefty fines. Previously, the regulator, the ICO (Information Commisioners Office in the UK) could fine up to £500,000. Under GDPR, fines could be €20 million or 4% of annual turnover. Scary, right? It doesn’t matter if you’re Microsoft, Yahoo! Or an Indie author, this is legislation that we will need to pay attention to! Before panicking, you will receive warnings and notifications if the are any problems, before you are hit with a fine.
How do I become compliant?
A lot of this will be handled for you by your 3rd party providers, such as Mailchimp, Bookfunnel, etc. You may already have encountered some of the changes being made by the big online companies. Facebook have just changed their policies and will be asking you to re-agree to the new terms. Bookfunnel, Instafreebie and others have all updated their operating methods to reflect GDPR.
That doesn’t mean you can just assume it’s all being taken care of behind the scenes. There will still be a bit of work needed to ensure your full compliance (Sounds a bit ‘Borg’ – like).
For those of you with a paid WordPress site, there are many useful plugins that can assist you with GDPR compliancy:
Monster Insights – GDPR compliant Google analytics.
WPForms – halt all cookies and geo-tracking on your forms.
Cookie Notice – allow users to opt in / out of cookies.
Opt In Monster – GDPR compliant lead generation.
Smash Balloon – GDPR compliant social media plugin.
For a more complete list, you can look HERE.
If you are operating with the free WordPress version, don’t panic! There are still things that you can do to work towards compliance.
One of the first things you can do is take a close look at how you tell your readers what you’ll do with their data. In many countries (including the UK and United States), websites are required by law to disclose the information they collect about their visitors and how this information is used. You must let them know who you are and how you intend to use their information. This is usually done through a privacy notice (you should see examples of this on most company websites).
I’ll be looking at Privacy Policies next week. It’s a cliff-hanger ending today…
My question to you:
Are exited for Brexit? Was it on your Christmas list?