Today, I’ll talk about a step that most authors care about deeply—their e-mail list.
Once again, the standard disclaimer: I am not a lawyer, and nothing I say here should be considered legal advice. I’m blogging about my own journey to get my websites GDPR-compliant. If that helps you on your own journey, very good, but you should consult a lawyer versed in GDPR if you want legal advice.
Why E-mail Lists Matter
I’ve talked many times in my Advanced Fiction Writing E-zine and a few times here on this blog about the importance of managing an e-mail list. The reason is simple—nothing converts like e-mail.
I won’t try to prove that here. Most authors know it’s true, and in the last few years, we’ve all seen numerous authors build large e-mail lists. (My latest book is currently a best-seller in a couple of categories, largely because of the strength of my e-mail list.)
But now it’s important to make sure that your e-mail list-building is done in a GDPR-compliant way.
The exact process for doing this will depend on who manages your e-mail list. I can’t possibly cover all the e-mail service providers, so I’ll focus on the one I use and that many authors use—MailChimp.
MailChimp is free if you have fewer than 2000 subscribers, so that’s a nice reason to start out with them. I’ve been a MailChimp user for several years now. This blog feeds to a MailChimp e-mail list that sends out an e-mail containing every new blog post. That’s how most of my Loyal Blog Readers receive this blog.
How To Update Your MailChimp List
As I noted in my last blog post, MailChimp has a very nice article on their site with detailed instructions on how to update each of your MailChimp lists to be GDPR-compliant. (If you’re not using MailChimp, your own e-mail service provider probably has a similar article on their website.)
There’s no point in me trying to write MailChimp’s article all over again. They put a huge amount of work into it, and it’s very good.
But let me point out one issue that might make their article confusing to some: They essentially explain the process twice. The first time, they explain it in words. Then they have a couple of long sections that explain what some of the words mean that they just used. Then they explain it all again with more details and some pictures.
The overall process has four steps, and I’ll use exactly their headings so you can look for them in their article. These are the key tasks you need to do:
- Enable GDPR Fields
- Edit GDPR Fields
- Segment Your List by Marketing Permissions
- Collect Consent
What Do Those Four Tasks Do and Why Are You Doing Them?
It’s worth taking a moment to say in simple language why you do each of those four tasks (at least as I understand things):
- The reason you Enable GDPR Fields is so that your mailing list now contains more information about each user. It has always contained at least an e-mail address, and probably also a name and other info. But now there will be information on exactly what “marketing permissions” each user granted you. There are a number of different “marketing permissions” but the essential one for you is “Email.” Your users now will explicitly grant you the “marketing permission” to send you e-mail. Or they can take away that “marketing permission” at any time.
- The reason you Edit GDPR Fields is because you need to decide exactly what your signup form will say. It will have some legal language. MailChimp provides you with suggested legal language. You can tweak it if you want. Or you can just use what MailChimp provides you.
- The reason you Segment Your List by Marketing Permissions is to make sure that after May 25, you only send e-mail to people who gave you a “marketing permission” to send Email. And what is a “segment?” It’s just a subset of your subscribers. MailChimp lets you choose a “segment” in many ways. One of those ways is to choose the set of all subscribers who granted you a particular “marketing permission.” Then when you send e-mail after May 25, you send it only to that “segment.”
- The reason you Collect Consent is because you’ve just changed your e-mail list to contain more information about the “marketing permissions” that your list members have given you. But as yet, none of them have specifically opted in to the precise GDPR language (using the words “marketing permissions” and all the legal lingo) that you just set up in your signup forms. So before May 25, you need to send out an e-mail to your current subscribers asking them to confirm their “marketing permissions” using this new language. Very likely, the reason they joined your list in the first place was because they wanted e-mail from you. But you may or may not have proof of exactly what they agreed to when they signed up long ago. Now if they update their settings on your new signup form, MailChimp will have proof of exactly what “marketing permissions” each subscriber agreed to and when they agreed to it.
MailChimp recommends that after May 25, you should not send e-mail to anyone who didn’t check the Email checkbox in your “marketing permissions.”
What I Did
I worked through the above four steps for each of my main lists—my fiction reader list, my Advanced Fiction Writing E-zine, and the list for this Advanced Fiction Writing Blog.
The first time, I had to read the MailChimp article very carefully to make sure I understood everything. And I took the time to figure out why they wanted me to do each step.
The second and third times, it was quicker and easier.
Yesterday, I sent out e-mails to each of my three lists, asking my subscribers to update their subscription settings. Many subscribers have already done so, but of course a lot haven’t. So my lists will be smaller. I’m not thrilled with that, but it’s not going to kill me.
MailChimp suggests later sending out a followup e-mail to remind people to update their settings.
If you’re receiving this blog post via e-mail, please consider this your reminder, if you haven’t updated your subscription settings yet. At the very bottom of this email on the right side, there’s a link that says “update subscription preferences”. If you click that link, it’ll take you to a form you can fill out. To continue receiving this blog via e-mail after May 25, you’ll need to click the “Email” checkbox on that form and then click the button at the bottom that says “Update Profile.”
And That’s the Core of GDPR
There are more things to do for GDPR-compliance if you have a more complicated website. But I think I’ve covered most of the basics that apply to most authors. So this may be my last blog post on GDPR—I’m still thinking about if there’s anything left to say.
One final note: I discussed Contact forms last week, but now I have an update. If you have a Contact form on a WordPress blog and you’re using Gravity Forms (a popular plugin to create Contact forms), you should be aware that everytime somebody sends you an e-mail from your site, a copy of their message is stored in your WordPress database. That copy will contain the sender’s name and e-mail address, which is personal information. You probably don’t need that in your database, as long as those e-mails are actually being delivered to you. If you decide you don’t want all that personal information in your WordPress database, it’s possible to delete it by going to the Entries page for Gravity Forms in WordPress and trashing all the entries. (This is a little tedious.)
The problem is that as soon as somebody uses your Contact form again, another entry will go into your WordPress database, and you can’t prevent it. (Gravity Forms doesn’t give you the option of not saving those entries.)
However, there’s a nice plugin that will delete new Contact form entries from your WordPress database automatically, almost as soon as they get added. The plugin is called Wider Gravity Forms Stop Entries. It’s free and you can find it on this page on the official WordPress plugin site. I installed it today on my site and it seems to work well.