Chances are, you have received dozens of emails about GDPR over the last couple of weeks. You may have heard some authors freaking out about it, afraid that if they don’t comply, they will be thrown into a European dungeon.
In this post, I am going to explain what GDPR is, why you don’t need to worry about it, and why you may want to follow it anyway.
Disclaimer: I am not an international law lawyer. I’m not even a regular lawyer. Reading this post is not a substitute for seeking specialized legal counsel.
What is GDPR?
GDPR is the General Data Protection Regulation. It is an 88 page EU regulation passed by the European Parliament in 2016. It takes effect on May 25 of 2018. According to the EU, the law applies to the whole world (more on that in a bit).
GDPR Requires European Authors to:
- Collect explicit informed consent from email subscribers or any reader whose data is being captured. This means opt-in checkboxes cannot be pre-checked and readers need to know exactly the kind of emails they will be receiving ahead of time.
- Provide a privacy policy on their website.
- 88 other pages of requirements.
Why American Authors Don’t Need to Worry About GDPR
TL;DR: The EU is not the United Nations. They are not the government of the world. They are the government of Europe. Their laws apply to European citizens and European companies. If you are not a European citizen or company, they can’t force you to follow EU regulations.
Reason #1: The United States Won World War II
Just because a foreign country passes a law, it doesn’t mean you have to follow it.
As an American, you are protected by the American government from foreign laws. Another country cannot do anything to an American citizen in America without the US government’s consent. Remember, American troops occupy Europe. Not the other way around.
American companies with a nexus in the EU absolutely need to comply with the GDPR, because the EU can go after their EU office directly. But if you don’t have employees or an office in the EU, how can the EU force you to comply with their law?
The EU has to ask America nicely.
If the US won’t work with the EU on an issue like climate change when a specific agreement was already in place, why would it work with the EU on an issue like the GDPR, that has no specific treaty?
To my knowledge, There is no treaty between the EU and the US that specifically references the GDPR.
The hope of the EU is that one of the existing treaties might work. But these hopes are neither proven nor tested in court. The GDPR has not even been tested in an EU court yet, much less in American court.
Fortunately for the EU, most of the companies that matter (Apple, Google, Amazon, Facebook, etc.) have offices in the EU. So the EU doesn’t need a treaty to force them to abide by the GDPR. This is why you are getting so many emails about GDPR from big companies. These international companies are European as much as they are American.
Reason #2: American Authors Are Too Small to Target
There is a principle when it comes to regulation that “the tallest blade of grass gets cut first.”
The GDPR is a law designed to go after international companies like Facebook and MailChimp. If you are violating GDPR with your Facebook account, the EU is much more likely to go after Facebook than it is to go after you. These big companies have a nexus in the EU and money to pay the fines.
If you are an American author who writes in English, and some Europeans happen to visit your website and sign up for your newsletter, the EU has an exceptionally weak case against you. A case, that they would have to enter into an American court in order to actually do anything with. Entering a case in the US would cost of hundreds of thousands of dollars for an indefinite payoff in the small chance they could win. It is just not worth it to spend that much money to go after you when there are large companies in the EU to go after.
I anticipate the EU is going to enforce the GDPR in this order:
- Wealthy EU Companies
- Wealthy US Companies with offices in the EU
- Small EU Companies*
- Everyone else
As an American author, you are way down the list in the “everyone else” category.
*If you are a European author, I think you are here. But I’m not an EU lawyer.
Reason #3: You Are Already Violating Lots of EU Regulations
There are perhaps thousands of EU regulations you are not following in your daily life.
For example:
- EU law prohibits you from calling Sparkling Wine “champagne” unless it is from Champagne, France.
- EU law requires you to buy all your Parmesan cheese from Italy. If you have a bottle of “made in America” Parmesan cheese in your fridge, you are in violation of EU regulations.
Good thing the EU has no way to enforce that law on Americans!
Why American Authors Should Comply with GDPR Anyway
So, with all that out of the way: There are good parts of the GDPR!
While it would be silly for you to hire a data protection officer, other parts of the GDPR are good ideas. Here are some of the regulations you should follow even if the EU can’t force you to.
Good Idea #1: Add a Privacy Policy to Your Website
Adding a privacy policy to your website is required by Google and might have a positive impact on your search rankings. Privacy Policies can also boost your conversion rates. Just realize that your privacy policy is a legally binding contract with your website visitors according to my understanding of U.S. law. So while you are crafting a privacy policy, you might as well craft a GDPR-compliant privacy policy.
Privacy Policy Tips:
- Clearly mark affiliate links. If you are using Amazon affiliates, make sure you mention it in your privacy policy and make it clear on the page. If your visitors like what you are doing, they will want to support you by clicking your affiliate links.
- Use a privacy policy plugin like the Auto Terms of Service and Privacy Policy WordPress plugin.
- For a GDPR compliant privacy policy use Iubenda. They have a free service to help make very slick looking GDPR-compliant privacy policies.
Good Idea #2: Get Explicit Informed Consent
Email is most effective when it is anticipated by the recipient. So explicit informed consent is a good marketing practice even if it causes you to grow your list more slowly.
So here are some things you will want to do:
- Enable double opt-in on your email forms. You can test this by subscribing to your own list with one of your old email addresses. You should get an email asking you to confirm your subscription.
- Make it clear what kind of emails your visitors will get. Say “Get a free ebook and updates about future books and deals” rather than just saying “get a free ebook.”
- Uncheck all the subscribe checkboxes. Visitors should specifically have to click “subscribe” to get your emails.
Good Idea #3: Delete Users’ Data When Asked
- Include a one-click unsubscribe on all your marketing emails.
- When someone contacts you asking you to delete their information from your database, do it. All of the services you use are rolling out tools to make this easy to do.
Good Idea #4: Update to the Most Recent Version of WordPress
It is always a good idea to run the most recent version of WordPress. It keeps your website fast and secure. It also helps make your website GDPR-compliant since WordPress recently added new GDPR compliance features.
Tools to Make GDPR Compliance Easier
WordPress Plugins
There are some WordPress plugins that take you through the process of making your website fully GDPR compliant.
The two most Popular WordPress plugins are:
Information Resources
- EU GDPR Information Portal
- GDPR for Authors by Randy Ingermanson Part 1, Part 2, Part 3.
- GDPR – What All Authors Need to Know – with Gemma Gibbs
Final Thoughts
I am not a lawyer. I could be totally wrong about all of this. But I don’t think so. On May 26, 2018, life for American authors is going to go on as usual. I suspect the same will be true for our author friends across the pond. GDPR is like Y2K, a lot of fuss over something that will be only a minor inconvenience to a few big companies.
Tweetables:
- “There is no treaty between the EU and the US that specifically references the #GDPR.” Click to Tweet
- “If the US won’t work with the EU on an issue like climate change when a specific agreement was already in place, why would it work with the EU on an issue like the #GDPR, that has no specific treaty?” Click to Tweet
- “There are some #WordPress plugins that take you through the process of making your website fully GDPR compliant.” Click to Tweet