Since posting my privacy and cookie policies for you to steal and use last week, I’ve received some GDPR-related questions.
You have to be compliant in less than 10 days, so I’ve collected the questions and answered them in this blog post to hopefully clear things up for you.
Before we get started, I’ve got to add my usual disclaimer: This isn’t legal advice considering I’m not a lawyer (thank the stars…no offense husband!). I do have a super talented lawyer advising me, but you should always consult your own lawyer.
Let’s get right into it…
1. Does this apply to me if I’m in the United States or another country that’s not located in Europe?
Yes!
If you’re an online business OR a brick and mortar business that collects personal data and ANY of it comes from people in Europe, this applies to you.
(I’m looking at you lady who emailed me to tell me this doesn’t apply to U.S. businesses and that I’m overreacting. Ummmm…do you see all the U.S. businesses who are sending out emails to say they’ve updated their privacy policies in compliance?)
2. Does this apply to me if I don’t sell anything yet?
Yes!
This doesn’t just apply to businesses that collect credit card information. This applies to websites that collect any personal data. This means blogs that have comments (which collect names and email addresses), websites that use Google Analytics, websites that use cookies, websites that use email marketing, etc.
3. Do I need to add a link to my privacy policies to my email opt-in forms?
Yes!
This is something you need to do to be GDPR compliant.
This shouldn’t be a big deal to people…except that they have to go in and add a link to their privacy policies to their opt-in forms which can be a technical hassle. Otherwise, why do you care that you have to link to your privacy policy? Let’s be transparent people!
4. Do I need everyone on my email list to opt in all over again?
Here’s where things get tricky. If you want to completely cover your bum, have your list opt in all over again when you’ve made everything GDPR compliant.
Obviously most companies don’t want to do this, because they’re going to lose a bunch of people on their lists.
Instead, most companies (and this is what I’m going to do) are emailing their lists once they’ve gotten everything GDPR ready with their new privacy and cookie policies. In this email, there’s a way to unsubscribe (like in every email) if subscribers aren’t okay with your new policies.
This is what I’ve seen pretty much everyone do from big to small companies. If I were you, I would jump on this train.
5. What are the rules around this whole “cookies pop-up form” thingy?
If you use Google Analytics, comments (that collect personal data such as names and email addresses), plug-ins that collect personal data, Facebook Pixels for Facebook ads, or anything else that uses cookies you need this on your website.
The rules: it needs to be a soft pop-up form (meaning that it doesn’t need to take up the whole screen or impede the readers view) like the one at the top of my website, it needs to stay up unless the viewer clicks out of it, it needs to link to your cookie policy, it needs to say that your website uses cookies.
If you’re worried about this affecting your website, don’t…people will get used to seeing this really quickly. It will become invisible to people within days. We adapt to things like this.
(I would walk you through how to do this, but I didn’t do it. My awesome web designer, Amanda Creek did. She offers consulting, so hit her up if you’re struggling with this whole GDPR thing and she if she has any openings.)
6. How long do I need to keep the cookies pop up form on my blog or website?
For now, indefinitely.
7. Are “they” really going to come after a small business like mine if I don’t comply?
Do I look like a fortune-teller? I don’t know…but I wouldn’t get caught in Europe breaking the law if you haven’t complied.
Also, do you want to be the type of business that doesn’t comply with the law? A business that isn’t transparent and looks like it has something to hide? Really?
Still behind on getting GDPR compliant? You can download my privacy and cookie policies to use as a basis for your own right here!
I hope this helps to answer any lingering questions you might have.
We can do this ladies! We’re smart, capable women. And, we want to treat the people who come to our websites like actual people…not numbers. That’s partly what this is about. Let’s make these last changes and feel good about the business we’re doing.
I’m referring anyone who asks me questions, to your blog posts! This was really helpful (and thanks for the kick in the pants that it’s 10 days away hahaha… time to get my TOS up!)
Thank you (and your hubby) for the vaulable information.
Where do I put this on my Facebook business page?
Thanks as always April l and Amanda Creek
Have a Yarn-O-Licious™️ day,
Frana
Phi Beta Paca™ Alpacas & Yarns
Facebook.Com/pacabright
Phibetapaca.Com
Yarns like no other™️
You don’t need to put it on your Facebook business page…Facebook has their own privacy policies that their users have to follow. This is for your website/blog/online shop.
Weird question… how do I know if my website uses cookies?
All websites use Cookies, Marcia. I just visited yours and you have several different types of cookies on your site, so you need to get your cookie notice up and running!
McKenna is right…all websites use cookies. This is about whether or not you collect personal data with cookies. Do you use Google Analytics? Do you have comments that ask for a name and email address? Do you have plug ins that collect any personal data? Do you use Facebook ads that use any personal data? Etc.
If I’m selling on the Etsy platform would this policy work? Thanks April!
Thanks again for all of your info!
I went to Amanda’a website and I could not for the life of me find a way to contact her anywhere on there! No email or contact form, help! Thanks!
Amanda’s email is amandacreekcreative@gmail.com 🙂
Thank you for breaking it down so well. I just completed all my steps -” I think”… There really should be a GDPR Anonymous Support Group. (like SS!) I don’t know how I would have navigated all this without your amazing swipe files and step-by-step process!! XOXOXO!!!
I have been looking everywhere for this stuff. While I am not freaking out about it like I see a zillion people doing. I still know that I have to be in compliance with this stuff and I wanted a simple way to do it.
That being said, you made it easy to understand. Thanks for all the help btw this post and the swipe files.
Plus, you got a new subscriber bc your info kicks ass!
THANK YOU April! I truly appreciate you making this so easy for the rest of us. I OWE YOU! Cat
THANK YOU so MUCH for this encouraging and helpful explanation.
Thank You for this knowledge. You made this easier to handle.
Thanks so much for letting us have access to this, such a blessing. Where you have Company in info if I am a sole trader would I just put my name?
You might put something like: April Michelle Bowles a/k/a April Bowles Olin d/b/a Blacksburg Belle (d/b/a stands for doing business as)