To Comply Or Not To Comply - That Is The Question

*The following post is in no way legal advice - I am simply sharing information and encouraging others to do their own research. If you believe GDPR will directly affect your business operations, it would be very wise of you to seek appropriate and professional legal council.


On May 25, 2018 the General Data Protection Regulation (GDPR) will be in effect.

Are you ready? According to a Hubspot survey, only 36% of business leaders and marketers have heard of the GDPR! Which side do you fall on?

So what the heck exactly is this GDPR that some know nothing about and others are freaking out over?

In basic terms, this regulation was designed with the intent to enhance the protection of personal data of European Union citizens. 

Although this regulation is for EU citizens, it affects those of us in North America who may have potential clients in the EU, want to market to those in the EU, or control or process data of EU citizens.

As a digital entrepreneur, I know that consumers have the advantage with these kinds of laws and regulations. Companies can face big fines if it's proven that they didn't take care of their data or receive the proper consent to get that data in the first place.

As a digital entrepreneur, I also know that marketers' operations will take a hit, whether they use email marketing or retargeting ads on social media or use cookies on webpages. Hopefully we will see less of those smarmy marketers that sell our contact information or market and sell in unscrupulous ways.

One of the big principles of compliance is that everything requires a consent and digital marketers can't send what the subject didn't explicitly consent to. In the olden days...well, actually, in these current days, at least for another week...if someone opted in to receive free content - that is, they provided their name and email address - they were most likely added to every single email list the marketer had and would then receive emails about content and products and services that may not even relate to the initial thing they opted in for.

Another principle of the regulation is the right to erasure, or the right to be forgotten. Basically, this means that if someone asks to be removed from a data processor or controller, the processor or controller must erase the personal information. Simple as that. I've experienced the frustration of getting annoying marketing emails, clicking the teeny tiny "unsubscribe" link at the bottom of the email, but then I continue to receive emails from the same sender.

I've peeked around at a few of the marketing platforms I use to see what their take on the GDPR is and how they are working to ensure their clients can continue to collect information in the legal and best way possible:

  • ONTRAPORT (affiliate link) - ONTRAPORT is confident that they comply as a data processor, as well as being a part of the Privacy Shield program for the EU and Switzerland. Here is the link to their main legal page to read more.
  • ClickFunnels (affiliate link) - compared to some other platforms, the ClickFunnels page on GDPR seems pretty bare. However, I know from those working closely with the ClickFunnels team that they are working on creating some code that will accompany forms and sign ups pages. I'm interested to see the result they come up with as you usually need an outside email marketing platform, such as Convertkit, to partner with ClickFunnels. So if someone clicks a coded consent box on a CF page....how will ConvertKit easily know that the box has been selected? Stay tuned...
  • ConvertKit (affiliate link) - these guys seem to be leading the pack with ensuring their clients are GDPR compliant. They have custom consent checkboxes, which can be enabled at the account level. They have also simplified the process for specifically selecting your subscribers who are within the EU - this is done by segmenting your contact based on their EU location - cool hey? I love platforms that have a good segmentation process! ConvertKit has also filed for certification with the Privacy Shield program. Click here to read more.
  • MailChimp is another platform that appears to be more proactive than reactive. They have similar processes to ConvertKit. Click here to read about what they are doing.
  • Aweber lays out the basic requirements of the GDPR quite nicely in this article and how they are prepping for the May 25th deadline.
  • And I like how ActiveCampaign specifies specific Articles from the regulation and how it relates to the data collection they perform.

There is a pretty active Facebook group, run by Suzanne Dibble, that provides some excellent information around GDPR. It's called GDPR for Online Entrepreneurs.

All in all, I think the new regulation is a good move as people should ultimately have the right to say how their personal information is handled.

If you have any comments about the regulation and how your business is changing to suit it (or not!), I'd love to hear them!