The GDPR acronym is everywhere at the moment, causing authors to scratch their heads in confusion. I'm one of those authors! Or was, until I did some digging. First, some background:
What the heck does it mean? In it’s very basic form it means new laws are coming into place from 25th May meaning we need to ensure we're looking after the data, through both electronic and physical documents, that relates to an individual.
Why should I be bothered? It's very easy to dismiss this and say – “nope, I don't keep any information on anyone.” But sit and have a think. Do you have a newsletter that you send out? Do you outsource any work such as social media support, newsletter distribution and so on? Do you keep a list of people to send ARCs to? Chances are, you are storing information such as people's names, email addresses, and a postal address in one form or another. This means it's time to comply! If you don't, there's the chance of a huge fine.
*Gulp* Okay, so how do I comply?
Here are 5 steps I took to comply. Please note, I am NOT a legal expert and am just sharing the steps I took with you.
1) I got the consent of my current newsletter subscribers: As the law is so new, it's unlikely you will have got the level of consent that's required from your subscribers. So to cover all bases, I contacted all my subscribers asking them to sign up to a new newsletter and making it clear what they'd be signing up for (you don't need to do this, I was just launching a new list!). To make it easy for you, most of us use email marketing tools such as Mailchimp to send out our newsletters. These tools will more then likely have developed an opt-in landing page that is GDPR ready for you so use that. Eg, the Mailchimp steps can be found here: https://kb.mailchimp.com/accounts/management/collect-consent-with-gdpr-forms So you can send our an email via Mailchimp which covers you
2) Have a record of consent: I needed to be able to provide a record of exactly where and when a user gave their consent. If you can't, you could be in breach of the law (hence why the step above is so important). Again, if using a provider like Mailchimp, they will have a record of all this. So if you follow the step above, it's covered. If not, make sure you're keep a record somewhere secure and safe.
4) Check any online forms you have: It is made clear what purpose users are providing their data for? Existing forms may need to be re-worded or tweaked to make permissions more explicit.
5) Still confused? Check out these useful resources:
For a 12-step guide to what steps you need to take visit The Information Commissioners Office website
Run by a specialist GDPR small business lawyer, this Facebook group has a number of videos and discussion on the new regulation
If you are running as a small business and just want ready to customise templates for all the legal documents this pack has all the checklists and legal documents you need.