The GDPR (General Data Protection Regulation) takes effect on May 25th, 2018. The regulation requires businesses to meet requirements around the control and processing of customer's personal information. Although an European Union regulation, it applies to any writer with EU customers. Here are resources to help you do that, along with my thinking on the topic and what I'm doing in my own business to understand meet the requirements.
Myth #1: I'm a Writer in the USA, so GDPR Doesn't Matter to Me
Unless you choose to completely forego selling your books to customers in the EU, the regulation applies—and you want to take the steps necessary to comply. Not because you're afraid of getting a fine, but to better serve your customers. My opinion on this is pretty simple—we should be taking these steps regardless of whether or not our customer is in the EU or not. We should show the same care for customers in the UK, USA, Canada, Japan, or anywhere else! I'm grateful that looking into the GDPR is helping me look more critically at what happens with customer data so that I can improve and provide better service for all of my customers.
Myth #2: I Only Sell Through [Blank], so GDPR is [Blank's] Problem
Suppose that you publish through Amazon, maybe even exclusively through Kindle Select. Isn't GDPR Amazon's concern in that case rather than yours? After all, you don't receive personal information about customers from Amazon.
Do you have an email list? Run giveaways? Have a website that may track personal information? If you receive customer information, then you do need to meet the GDPR requirements. GDPR recognizes individual's rights to control their own personal data and requires that provide customers information about what data is used, why it is used, and control over that data.
Myth #3: I Have Very Few Customers, so GDPR Doesn't Apply
Nope. Remember, we're talking about individual rights. The GDPR applies equally with one customer, or one million. Maybe you have a hundred people on your mailing list. One of those people could complain and then you'd need to deal with that issue. The risk might be very small, but I don't think risk is the primary concern. Protecting individual data rights benefits everyone, which is why I think we should take these steps regardless of where our customers live.
Resources on the GDPR
A simple Google search for GDPR returns almost 13 million results and a bunch of prominent ads. I heard about the GDPR years ago, and like many people in the USA at least, drifted along without paying that much attention. Talk about procrastination! Now that it's a month until the GDPR takes effect I'm finally paying attention. I think it's great, I just hadn't taken many steps yet for compliance.
I have located a few resources to help:
- Wikipedia (for a quick overview)
- The EU GDPR Portal (for an authoritative, more in-depth, yet accessible source of information).
- Compliance with GDPR (ConvertKit's article, I use ConvertKit for my e-mails).
- GDPR Compliance for WooCommerce Stores (links to many more resources, I use WooCommerce to run my shop).
- Suzanne Dibble has created a free GDPR checklist, an in-depth compliance pack including seven modules full of legal docs, templates, and videos. She's also created a Facebook group (with 19,000+ members) you can join when you download the free checklist.
Take One Step at a Time
For most of us, this simply means providing better service to our customers. I'm glad to have direction on what to do. I'm grateful I don't have the problems faced by larger organizations e.g. like ICANN faces with Whois compliance. It sounds like they've buried their heads in the sands on this for two years and faces an enormous problem at the last moment.
As far as my own plans, I'm fleshing out the details but it seems pretty clear for me. I need to post the policies and terms, update my opt-in forms, and make sure that I'm handling personal information correctly. I'll tackle each step and continue to improve as I go. Since I only relaunched my site this year, and just started asking people to sign up, I don't have a whole lot that I need to update.