Welcome back to Austen Promises and the Writer’s Journal!
Did you know that my Patreon patrons got this post two days early? They did! They also get entire chapters of my WIP, and other cool rewards. Click here to check it out!
~~~***~~~
With the swiftly-approaching deadline to be compliant with the EU’s GDPR law, mailing lists have been the hot topic in writer circles, and therefore something I have been thinking about quite a bit.
GDPR is the General Data Protection Regulation, and it’s the European Union’s way of strengthening their citizens’ privacy. Every marketing effort aimed at EU consumers must protect their data: email addresses, mailing addresses, IP addresses, and more. The law comes with some hefty fines for violations. I have been told it’s something like ten percent of an entity’s income per violation. It’s my understanding that Honda has already been sued under this law.
What does it mean for authors? That’s been the subject of some pretty hot debate here lately, especially in Facebook groups. No one is really 100% certain what to do to be compliant, but most of us are making a good-faith effort at it. For me, it has so far meant making sure I have a privacy policy in place here on my website that explains what data I am collecting and how I plan to use it. It also has a section about cookies. I’m not sure I use them just yet, but I thought it best to include that section in case I decide to add them later.
I have also preemptively sent a note to my email list, asking them to update their preferences as to the manner of marketing they wish to receive. That may have been a mistake, as it can be seen as I had not legitimately received them in the first place. I did, because my list has been grown organically. With two exceptions, one being my first subscriber and one being a Patreon supporter, all of my subscribers signed themselves up. I added these other two ladies, because they had trouble. However, both of those updated their preferences, so I think I’ll be okay, should the EU start looking at me. Also, I have a double opt-in set up, which means you sign up, then get an email to confirm it. I couldn’t remember if I did or not, so I went and checked. The reason this is important is that the GDPR law requires subscribers to actively opt-in, and by clicking the link in the second email, they are assured that they are doing that.
The only area of this whole thing I’m really concerned about at this point is the free book. I give away a copy of my short story book, Bits of Ribbon and Lace, as a thank you for signing up for my mailing list. It could be argued that I have to give readers the book without them giving me their email address. I have no intentions of doing that. At this point, my website’s “Join the mailing list button” does not mention a free book on sign-up; I may need to change it so that it does and it is clear that the free book is only available to those who sign up. For now, though, I’m leaving it alone.
As I heard on Mark Dawson’s podcast about the subject, until there are court cases decided in this matter, it’s really hard to know what will get an author in trouble and what won’t. We need, in my opinion, to do what we can and then wait to see what shakes out. 
Some of you may be reading this and scratching your head, wondering why I even care about a law in the European Union. Normally, I’d not worry about it at all. I gave serious consideration to making my privacy policy be a statement on the welcome page that said something like, “I promise to never sell or share your email address. I hate spam as much as you.” However, the GDPR gives the regulatory agency in the EU the power to sue anyone across the globe who misuses the identifying information of an EU citizen, including not sharing with the person the information that author or business has about them, and not immediately removing them from the mailing list upon the person’s request. Remember that fine I mentioned in the first paragraph? Ten percent of my income for even one subscriber is thousands of dollars. That’s money I’d rather keep in my pocket. Part of me says that they’re not going to come after a small-time author in the U.S., and if they did, I’d do what I could to get the government involved to defend me, but I’d rather not take the chance. It would take my time and attention away from writing, and as this is my only source of income, I can’t let that happen.
Are you an author or a small business person with a global audience? What are you doing in regards to GDPR?
Come back next Wednesday for another peek into my journal! <3
Buy direct from Gumroad Find me at Austen Authors