Description

As a part of the GDPR, all customers or users will have the right to request the data held on them, the right to have that data deleted if its original purpose has ceased, and the right to have that data transferred to a different provider.

Which means to provide an individual with the right to request, delete, or move their personal data, the individual must be aware that you as a company have the data to begin with. Without their awareness of you using their data, they have no actionable right. So the use of user or customer data through third party providers is likely to become quite complicated.

This would fall under the right-to-be-forgotten laws.

As you can see from the previous 5 sentences alone, there are lots of room for interpretation and questions to be answered. So best to consult your lawyer.

I can’t tell you how to make your business comply with GDPR because there are still so many gray areas (in my opinion) for the EU, that outside of the EU it’s even a darker gray.

What I can tell you is that if you are “doing right” by your email subscribers you are well on your way to being compliant.

What’s “doing right” mean?

It means that:

• you are doing double opt-in
• you are allowing folks to unsubscribe from every email
• if you are sharing email addresses via JV webinars, online summits, partnerships, etc with other businesses, you are sending transitional emails to those subscribers letting them know what you are doing with their email address and giving them an option to opt-out
• you share who else has their data and make sure that you understand (even sign, in some cases) what they are doing with the data. This includes 3rd parties such as Google, Facebook, etc.
• you aren’t selling your email list

In short, you are doing good business with good intentions.

You may also want to update your privacy policy on your website after the conversation with your lawyer.

Further resources:
12 Steps to take now
GDPR Requirements in Plain English

Action Items

1. Update your Privacy Policy
2. Add a checkbox to any lead magnet form and have the subscriber acknowledge what you intend on doing with their information after the lead magnet delivery
3. Find out what else you can do from your own email marketing service

In Drip and ConvertKit, you can segment your list to find those that are within the EU, add in GDPR specific settings into forms, and take actions to comply with the GDPR in other ways.

Here are some other platforms and how they are handling GDPR:
MailChimp
ActiveCampaign
HubSpot
AWeber
Constant Contact