GDPR, the excitement of it

GDPR, the excitement of it

Published by Michelle on 21st May 2018

You’ll have seen loads of stuff about the General Data Protection Regulation being introduced by the European Union and I bet you are so excited to see even more about it : ).  It is dry and at times aggravating but I do like that bigger businesses who do ‘not very transparent’ things with data now have additional responsibilities! 

Before I opened the business I worked for financial services businesses including Experian, the credit reference.  Working in those environments made me absolutely paranoid about data privacy (as you would hope!).  I am sometimes asked why I don’t have a ‘Title’ dropdown menu on my website and that’s why .. to avoid anything that could possibly be thought of as ‘not necessary’.

This post is to just share what I have changed to be compliant with the General Data Protection Regulations.

So what has The Loveliest Yarn Company changed 

The general idea of the GDPR is that I have to have your permission to gather personal information about you, I have to tell you why I need it, what data I am gathering, what I do with it and how long I am going to store it.  For a small business like mine, it’s relatively straightforward.  I gather information in two situations: 

  1. 1. When you shop on the site
  2. 2. When you sign up to our mailing list

When you shop on the site:

I collection name and address details so we can entered into a contract.  It allows me to send the goods to you, send emails related to your order and do any refunds, cancellations etc.  I also store the data for tax and accounting purposes.  I gather your consent to do this when you checkout, via a checkbox that you have to check (it isn’t a sneaky pre-checked checked box!).

When you sign up to the mailing list:

This is done via Mailchimp forms and is a two step process.  The second step is the specific consent where it confirms you really want to sign up to the mailing list. 

All of this has been in place since the business opened in 2016.

Privacy Policy Updates

The original privacy policy covered most of that detail but it has now been updated to

  1.  make some of the processing elements clearer and to show where you consent to us collecting your data
  2. include the principles of the GDPR
  3. include your rights under the GDPR and
  4. make it more clear that I, as the owner of the business and data protection officer, am the person to contact with any privacy policy questions or if you want to exercise any of your GDPR rights

Mailing List Activities

Our signup form is provided by MailChimp and has been updated to include more specific details about what people are signing up to : )

The question of ‘Do I need to get consent again from everyone on my mailing list’ was something I debated for quite a while as the guidance varies widely and the directive is open to interpretation.  

My main newsletter mailing list has always had the two step process provided by Mailchimp which requires you to specifically press the button in the email to confirm you are subscribing.  It has never been bundled with the checkout process and it has never been an auto sign up as part of a download.  

From reading different thoughts on it, I was pretty sure I had informed consent for my email newsletters.  However I opted to resend the ‘Re-Opt In’ message to be absolutely sure and to be completely transparent.  I won’t lie, it pained me as the industry average for reconsent is only 10% to 50%  and mailing lists take a long time to build.  However, I know myself, that I have opted back into the mailing lists I don’t want to miss out on so I’m hoping people who want to stay in touch will do so…

And that’s it.  The new privacy policy has been added to the website and a link provided from the ‘Latest News’ section.  If you would like a copy of the original privacy policy or a marked up version of it, please get in touch.  Oh and if you do want to keep getting the mailing list emails, it’d be great if you opted back in via the email which should be in your Inbox at the moment : )

Now, after that, anyone for yarn?  You can browse here by brand or, if you haven’t been in a while, see all the new stuff together here!

Happy GDPR’ing,


Can we keep in touch?

Sign-up to our newsletter, no spam, promise!

No thanks