Are you GDPR ready?!

Are you GDPR ready?

If not, don’t panic! We have you covered.

You may or may not know but for clarity sake let’s get the basic gist of the GDPR out of the way.

GDPR stands for General Data Protection Regulation and it is set to go live May 25th, 2018.

All these big fancy words mean that there are new rules in place for businesses for how they collect someone’s data, use that data and store it for safekeeping.

In a way it’s a good thing because there are so many opt-ins and sign-up options floating about that we really have no way of tracking where all our information goes!

So think about the GDPR as your annoying big sister, a pain in your ass but also there to protect you.

The GDPR is launching across the EU (Europe and the UK) but will apply to all businesses that trade or collect data from anywhere or anyone in the EU. So whether you’re in Australia or in the USA (or anywhere else other than the EU), you still need to be GDPR compliant if you are collecting data from anyone in the EU.

What the hell does GDPR compliant even mean?

In simple terms, from the 25th of May 2018 onwards, we need to be gaining consent freely from those we are collecting data from AND provide a clear and easy to read Privacy Policy that clearly states what information we collect, why we collect it, how we store it and how they can request to have their information removed from our data storage.

The most important thing to know is that we can no longer just add people to our email lists without getting their consent first or without being 100% transparent with what emails they will get if they join your mailing list (see example below).

If you have a freebie offer that you’ve been using to build your email list, you can now NO LONGER automatically add those emails to your lists simply because someone has opted in to receive your freebie.

You must offer the freebie AND give them a choice to be added to your email list or not, either by a tick box or a second opt-in page (provided by most email platforms).

If they choose just to have the freebie, then you still must provide it even if they choose NOT to be added to your email list.

This goes for anywhere you might collect someone’s data whether is be on the website, via a landing page, via a Facebook ad etc.

You must always give the person putting in their details – full disclosure of what they are signing up to and give them the option to freely consent or decline being added to any of your email lists.

Which brings us to the second most important thing to know; you must provide a clear and compliant Privacy Policy everywhere you are collecting data from (we have included the Carissa Hill Privacy Policy and Cookie Policy below for your reference, feel free to adapt your business information to it).

Moving forward, everyone has the right to know where their information is going, how it’s being collected and stored and for what purpose we may be using their data in the future – insert the Privacy Policy.

The Privacy Policy should be added the bottom of your website (in the footer) so that it appears on every page of your website. It must also be present on every lading page or sign-up form where you collect data.

For example:

Sign up to receive your free XXX


We would love to keep in touch with news, videos, community, podcasts and courses that we think you would be interested in. Tick here [  ] if you would be happy to receive emails from us and read our Privacy Policy here to see how we use and protect your Personal Data.

Now, to clear up some confusion around emails you already have in your lists…

A lot of companies have gone into a mad panic and sent an email to everyone on their email lists asking for ‘fresh consent’ or for people to update their details or choose to unsubscribe from their email list.

AVOID doing this.

If you have been building your email lists via sign-up forms, opt-in pages, landing pages and your website then this can be considered a soft consent.

A soft consent is when someone has been on your email list for however long and with every email they receive there is an opt-out or unsubscribe option. If they have not actively chosen to unsubscribe or opt-out then it can be seen as them giving you consent to email them.

You will not be able to use the soft consent approach from the 25th of May though, so make sure all your sign-up forms and opt-in forms are GDPR compliant (as discussed above).

It is important to note though, if you have copied over email lists or purchased email lists or obtained personal data without the person knowing, we strongly recommend you delete these people from your list and NEVER email them again – this is what GDPR is protecting us against and it could land you in hot water and a hefty fine.

While GDPR can seem a little intimidating, it can be easily integrated into your business if you just set it up now. The main things you need to do is gain consent freely from anyone you are collecting data from so that you are legally able to email them or contact them  AND update and add your Privacy Policy everywhere you are collecting data.

Don’t wait, start today!

Please know that this is NOT legal advice but simply a summary of information we have gathered for ourselves and the Carissa Hill Business. We want to help keep you and your business safe and legal so that you can grow your business next level!

We strongly recommend you do your own research as well.

If you would prefer legal advice, seek advice from any international lawyer or alternatively;

The EU’s official GDPR site:

The UK Information Commissioner’s Office guide to GDPR:

Carissa’s Privacy Policy which also includes a link to her Cookie Policy can be access HERE

Hope this helps you and remember to breathe!

Love, Carissa xo.