You’ll have seen loads of stuff about the General Data Protection Regulation being introduced by the European Union and I bet you are so excited to see even more about it : ). It is dry and at times aggravating but I do like that bigger businesses who do ‘not very transparent’ things with data now have additional responsibilities!
Before I opened the business I worked for financial services businesses including Experian, the credit reference. Working in those environments made me absolutely paranoid about data privacy (as you would hope!). I am sometimes asked why I don’t have a ‘Title’ dropdown menu on my website and that’s why .. to avoid anything that could possibly be thought of as ‘not necessary’.
This post is to just share what I have changed to be compliant with the General Data Protection Regulations.
So what has The Loveliest Yarn Company changed
The general idea of the GDPR is that I have to have your permission to gather personal information about you, I have to tell you why I need it, what data I am gathering, what I do with it and how long I am going to store it. For a small business like mine, it’s relatively straightforward. I gather information in two situations:
- 1. When you shop on the site
- 2. When you sign up to our mailing list
When you shop on the site:
I collection name and address details so we can entered into a contract. It allows me to send the goods to you, send emails related to your order and do any refunds, cancellations etc. I also store the data for tax and accounting purposes. I gather your consent to do this when you checkout, via a checkbox that you have to check (it isn’t a sneaky pre-checked checked box!).
When you sign up to the mailing list:
This is done via Mailchimp forms and is a two step process. The second step is the specific consent where it confirms you really want to sign up to the mailing list.
All of this has been in place since the business opened in 2016.
- make some of the processing elements clearer and to show where you consent to us collecting your data
- include the principles of the GDPR
- include your rights under the GDPR and
Mailing List Activities
Our signup form is provided by MailChimp and has been updated to include more specific details about what people are signing up to : )
The question of ‘Do I need to get consent again from everyone on my mailing list’ was something I debated for quite a while as the guidance varies widely and the directive is open to interpretation.
My main newsletter mailing list has always had the two step process provided by Mailchimp which requires you to specifically press the button in the email to confirm you are subscribing. It has never been bundled with the checkout process and it has never been an auto sign up as part of a download.
From reading different thoughts on it, I was pretty sure I had informed consent for my email newsletters. However I opted to resend the ‘Re-Opt In’ message to be absolutely sure and to be completely transparent. I won’t lie, it pained me as the industry average for reconsent is only 10% to 50% and mailing lists take a long time to build. However, I know myself, that I have opted back into the mailing lists I don’t want to miss out on so I’m hoping people who want to stay in touch will do so…