I was going to launch right into how authors, no matter where they live in the world, need to not only comply with new European regulations that go into effect May 25 protecting their readers’ privacy, but they should feel very good about doing it. But, then, I thought that before I get into the weeds on General Data Protection Regulation (GDPR), I should first give a brief tour of why it’s important.
Why GDPR Matters
Let’s start with recent news. Google just removed its “Don’t Be Evil” motto from its employee code of conduct. But, as Business Insider recently reported, it was always a quaint sentiment that did little more than make us feel warm and fuzzy inside while Google gathered as much information as they could about our every online move. It was always a vague idea, anyway. But implicit in the dearly departed motto was that they would not violate our privacy and sell our data to anybody else or use it in a way that we wouldn’t want it used.
Those of us old enough to remember the early days of the internet still get misty-eyed over the possibilities inherent in a worldwide conversation over issues of importance to us all. The internet was going to topple despots who could not thrive in the sunlight of world scrutiny. And if it meant a certain loss of anonymity, well, it’s a price worth paying. After all, only a criminal has something to hide, right? Well, just as Google removes the motto, many of us are pretty outraged that we were fooled by it in the first place.
Download: You can download our Legal Guide to Email Lists and our Sample Privacy and Cookies Policy. Both of them are up-to-date and GDPR complaint. These guides were put together by ALLi’s editorial and legal team, with special thanks to author member Wendy H. Jones, president of the Scottish Association of Writers, whose research and advice were invaluable.
Reclaiming Control Over Our Identities
And so, as of May 25, along comes the GDPR, which is not a perfect law by any stretch, but it does help us reclaim some of our lost idealism.
At the very least we can reclaim our rights as human beings to control how our identities are used and when they are to be forgotten.
And, yes, we’re not just talking about freedom from junk email. Our real-life identities, increasingly, are online, so what is done with our information amounts to more than simply selling it to a fake Nigerian prince.
There are problems with GDPR that reflect the changing nature of the guiding philosophy behind the internet. For example, if you’ve registered a site under GoDaddy, you might have noticed that suddenly you are inundated with calls and emails from folks trying to sell you services. That’s because you register under a free and open WhoIs registry. Spammers scrape your data and try to sell you junk. GDPR regulations will make it illegal for that information to be publicly available, but it runs up against another set of rules that require all your contact information to be out in the open—a relic of those early internet days when information wanted to be free.
How GDPR Applies to Indie Authors
Now, back to how GDPR impacts authors who just want to sell their books online and maintain email lists.
Yes, this is a big pain to indie authors, since we are not very likely the reason laws like this had to be enacted in the first place. But we need to comply.
And, by doing so, we also ensure that our own mailing lists, and those we do business with online, are only those who want to interact with us as authors and buy our books.
What Authors Need to Do to be GDPR Compliant
First, in the words of the immortal Hitchhiker’s Guide to the Galaxy, DON’T PANIC! It might take some work on your end, but the result will be happy readers who you can be sure really want your information and feel comfortable that you’re not doing anything shady with their data. And, by data, we’re talking about:
- email addresses
- physical addresses
- phone numbers
- web-tracking devices such as cookies and plugins
Any piece of information that can be used to identify a person, and potentially violate that person’s privacy, is considered data.
Authors, you should take a close look at how you tell your readers what you’ll do with their data. You must let them know who you are and how you intend to use their information. This is usually done through a privacy notice.
If you have a mailing list, readers must opt in to join. It’s best to do this in the form of a double-opt-in, which means readers sign up for the list, then need to respond to an email to confirm. And, no tricks. If you offer them a free book, you need to tell them that you’re collecting their data in return and, only if they tick a box, will they get more emails from you.
Does this mean you need to ask your entire email list to resubscribe? Not necessarily:
- If you only ever signed people up through a double-opt-in through a website, then you’re already fine – but not if you’re unsure where your email list came from.
- If maybe they signed up at an author event, but there’s no audit trail, it’s best to ask them to sign up for your list again in a proper way.
If you have to do that, in the email before you write to ask them re-opt-in to your list, send out some great content or giveaway. Remind them why they signed up for you in the first place.
By entertaining, inspiring, or informing your audience, instead of just being another email in their cluttered inbox, or constantly trying to sell them something, you’ll be not only a compliant, but also a successful email communicator.
Here’s What ALLi is Doing
The Alliance of Independent Authors has grown considerably in a short time, and we have developed a reputation for insisting that anybody who does business with indie authors fully discloses what they are selling. We hold ourselves to the same kind of standard, so as a result we were already pretty much in compliance GDPR. But here is what we are doing:
- We are creating a document about what information we save about our visitors and members, why we save this information and for how long.
- We are creating protocols for internal use, including the right to be forgotten and the right of data access when a visitor asks for it.
- Our online privacy and cookies policy is being updated to explain which data is saved, which shared, and with which companies.
- We will also inform members about the automatic emails we send to run their membership. And we’re adding a checkbox to all forms to display, “I have read the privacy and cookies policy (include link) and I agree.”
- And then we are sending a newsletter to all existing members to inform them about the updates.
Indie Authors Leading the Way … Again
In my introduction, I made it sound as though there’s no idealism left in the online world, that all we can do is comply with laws to protect readers’ privacy under the threat of serious financial penalties. This is far from the truth, though, especially when it comes to independent authors.
I’d argue that indie publishers are leading the way toward the kind of democratizing, decentralized, free exchange of ideas that first ignited imaginations when the internet was new.
We are not waiting for traditional gatekeepers’ permission. Through blockchain and other aspects of Self-Publishing 3.0, we will have much more control over our own work and this free flow of information will be made available to a wider audience. Along the way, though, we must earn readers’ trust.
Above all, people value honesty. Telling your audience exactly what you’re going to do, and what you will not do, with their identities, will go a long way toward earning the trust of your readers. With that trust, then they will also be much more willing to read what you have to say.#Indieauthors - worried about the new GDPR laws? Don't panic - this calm, succinct summary tells you what you need to do and all you need to know - by @Howard_Lovy Click To Tweet