How To: What is GDPR?

Any information contained in this article should be construed as legal advice and is not intended to be a substitute the appropriate legal or other professional advice in your jurisdiction.

If you collect emails or names for your newsletters, then you will likely be aware of the numerous rules around collecting names and sending emails. GDPR is one of those rules, specifically looking at how you collect and process “Personal Data”.

What is GDPR?

GDPR, or General Data Protection Regulation, is a piece of European Law which came into force in 2017. At this point, many companies had to change how they handled and received personal data from individuals living in the European Union.

What does it have to do with me?

GDPR applies if you are in the EU, or you are handling the personal data of EU Citizens.

What is Personal Data

Personal Data is defined as information which relates to an identifiable or identified individual. This captures everything from someone’s email address, to even their IP address. If it is possible to identify an individual from the information you’re looking at, it’s personal data.

What is a Controller or a Processor?

GDPR says that, depending on how you are handling someone’s Personal Data, you are either a “Controller” or a “Processor” of that Data.

(yes, there are other statuses of control, like a “Joint Controller”, but those aren’t the topic of today’s article).

The main difference between these two status’ is whether you are determining the purpose for which the data is processed, and the means by which the data is processed.

This sounds quite complicated, but in essence it is all about who is giving and receiving the instructions.

I run a newsletter, so how does this affect me?

For a newsletter, there are a number of points you want to remember:

  • Minimise what data you are collecting about an individual. This is a requirement under GDPR, but also good practise. The less data you have about someone, the less risk there is about how you look after it.
    • E.g. if you’re running a bookish newsletter, do you just need an email from the person signing up? Email and first name? Consider what is the need for a full firstname and surname, or name and address?
  • Make sure you get consent. For most newsletters, signing up to receive newsetters means the individual is consenting for their personal data to be used for the receipt of the newsletter.
  • Purpose of processing is clear. It’s important to highlight to the person you’re receiving information from how you’re going to be processing it – this is where a privacy policy comes in.
  • Check what the requirements are for your newsletter distribution service, and how they consider you as the newsletter owner under data protection law. For example, Mailchimp consider the “Member” to be a Controller of the “Users” data.

Helpful Links

I’ve put some helpful links below to some sites that might help your understanding of GDPR:

https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/

https://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1528874672298&uri=CELEX:02016R0679-20160504


This article was first released as part of my Autumn Newsletter. If you’re not already subscribed, sign up below! You get access to my FREE fantasy short story “The Gateway of Arieum” when you sign up!

Check out my privacy policy for the legal bits about signing up to my Newsletter


Featured Photo by Lianhao Qu on Unsplash



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.