GDPR, because being a writer now isn’t hard ENOUGH…

Sign up for my newsletter!

(NOTE: I am NOT an attorney, I don’t play one on TV, and you should not solely rely on any information I provide here without consulting an attorney and doing a lot of research first. Also, I’m based in the US, so if you are not, your mileage might vary a metric fuck-ton from what US peeps have to do. Go forth and find out info on your own that’ll work for you. This is a starting point.)

Okay. So you’re seeing panicked posts from people asking about the GDPR. What the hell is this fucker and why should you worry about it if you’re a writer?

  1. Do you have a website/blog and/or email newsletter? Y/N
  2. Are you based within the US and your potential reach is outside the US? Y/N
  3. Are you based within any country within the EU? Y/N
  4. Are you based within any country outside the EU, but people within the EU can possibly access your site? Y/N
  5. Do you have a website that allows people to sign up, allows people to leave comments, and/or allows people to participate in any way (via message boards, login with their social media accounts like Facebook/Google, etc)? Y/N

If you answered yes to one or more of those questions, keep reading.

GDPR — General Data Protection Regulation — is a new EU law taking effect May of 2018.

But Tymber, I’m not IN the EU!

Cool, but do you have a website that people from the EU can access? Yes? Keep reading.

The problem with GDPR is if you have a website, your hosting service (regardless of who it is, where it is, or if it’s free or not) processes information from visitors’ browsers, either through cookies or other means. (That’s the short and easy version, so please don’t email me screaming I dumbed it down too much.)

So even if you aren’t ACTIVELY collecting data from people (like with registrations or newsletter sign-ups) you’re STILL “collecting” data from people via those backend services that you might have no clue how they work.


If you use Amazon or other affiliate links, it can apply to you. If you use ad services to generate extra income, it can apply to you. Can people comment on your posts? It might apply to you. Can people use social sharing buttons? It might apply to you.

There are LOTS of ways you might not think it will apply to you when it will.

Also, you CANNOT have ANY “subscribe” boxes checked automatically. Having a double opt-in process for newsletters is NOT enough. There is a box that must be checked for each type of contact you have with them (email, internet advertising, postal mail, telephone, etc) that they must be able to check to enable the contact.

You need to make sure any plug-ins you use (like comments, or contact forms, etc.) are compliant. This includes any plug-ins you use to process newsletter subscriptions. Make SURE they have the new GDPR-compliant sections and verbiage on them. Otherwise, turn them OFF and direct people with a link to your newsletter subscription form with whatever service you’re using. (For example, on MailChimp, they give me a direct url to a sign-up page I can default-direct everyone to. Or I can create customized “landing pages” with sign-up forms and use those urls.)

Another wrinkle for writers–if you use Instafreebie, Book Funnel, or anything like that, you MUST make sure THEY are compliant as well if you require people to sign up for your newsletter to get freebies.

Also related–all those newsletter swap giveaways writers use to gain more newsletter subscribers? You need to check with an attorney, because you might be liable for any failings of the others involved in the giveaway. (Personally, as a reader, I hate those fucking things because then I’m getting a shit-ton of newsletters from authors I’ve never even HEARD of before, because one or more of the authors in the swap swapped THEIR newsletter list with someone else outside that swap without my permission. And depending on how that’s done, that might be illegal even here in the US because of OUR spam laws.)

If you are ORGANIZING those kinds of newsletter swap giveaways, I STRONGLY suggest you consult a GDPR attorney, because if one person in that giveaway fucks up, YOU might potentially be held liable as the organizer. And that could potentially get pricey. (Remember, it just takes one pissed off person in the EU to file a complaint and your life could be fucked over.)


I mean, seriously, just fucking stop it. Not to mention it might be a violation of the US spam laws.

Here’s some of the things I’ve done personally: I went into MailChimp and to my mailing list, then Settings, and found the GDPR settings and enabled them. Then I tweaked my sign-up forms there, removed the extra stuff that didn’t apply to me, and my NEW subscribers are good to go. Then I used the segment feature and sent everyone who was subscribed but did NOT have the “email” box checked under the new Marketing Preferences settings an e-mail with a button (using the MailChimp mail merge feature) that takes them straight to their Update Profile page on MailChimp.


(In MailChimp, there’s also by default an Update Profile link in the footer of every email, but seriously, who ever looks there? So I made it easy for my subscribers.)

So far, most of my existing list has checked the box. Anyone new will (hopefully) tick the box. At the end of the month, I’ll send one last segmented email out to ONLY the people who both subscribed AND have not checked the email box. Then I’ll be removing them at a future point.

I also added a privacy policy page to my website, and I’m getting rid of my FeedBurner and WordPress integrated “follow” feature. I don’t use contact forms, so I’m good there. I don’t allow people to register for my site–again, I’m good there. People CAN leave comments, however, so I addressed that in my Privacy Policy.

Now, I’d already turned off the sign-up for WordPress follows a long time ago, but I still have some followers in there. I don’t know how valid all those followers are. I have posted to the website about signing up for my newsletter, and some have. At the end of May I’ll probably have to manually delete all those people (unless WP comes up with a better way). I’ll be manually deleting my FeedBurner list as well.

I know what you’re thinking — But Tymber, my website/newsletter is SMALL. Will they REALLY come after me?

Good question!

I don’t know.

That’s the gist of it. BUT…

If you TAKE STEPS to show you’re TRYING to come into compliance, and if they DO come after you, it might make your life a LOT easier than if you stick your head in the ground with your fingers in your ears screaming LALALALALALALALALALALA, right? (Again, I’m NOT an attorney.)

Here are some links to get you started finding info. One more time–I’m NOT an attorney, so I cannot answer questions about your particular situation. You’ll have to do the research. At the VERY least I strongly recommend creating a privacy policy and putting it on your website. That’s step one, and will go a long way to helping you out. Then make sure you’re using best practices in other areas related to GDPR compliance.

Good luck.

Coming Soon | Pre-OrdersSeries Info

Sign up for my newsletter!

Latest Updates:

Also, make sure to check out my Pre-Orders page for other books I have coming soon. And you can also take a look through my Coming Soon page. I have both my books (as Tymber and as Lesli Richardson) and Hubby’s books listed there.

Latest Releases:

Latest to Third-Party:

Coming Soon | Pre-OrdersSpreadsheet of Buy Links | Series Info | Audiobooks
Facebook group Tymber’s Trybe | My Facebook Page
Twitter | Instagram | Google+ | Pinterest
Tymber’s Amazon Author Page | Lesli’s Amazon Author Page
My Siren-BookStrand Author Page
Hubby’s Amazon Author Page as Jon Dalton
Hubby’s Amazon Author Page as Haley Jordan

GDPR, because being a writer now isn’t hard ENOUGH…
Tagged on: