Any information contained in this article should be construed as legal advice and is not intended to be a substitute the appropriate legal or other professional advice in your jurisdiction.
If you collect emails or names for your newsletters, then you will likely be aware of the numerous rules around collecting names and sending emails. GDPR is one of those rules, specifically looking at how you collect and process “Personal Data”.
What is GDPR?
GDPR, or General Data Protection Regulation, is a piece of European Law which came into force in 2017. At this point, many companies had to change how they handled and received personal data from individuals living in the European Union.
What does it have to do with me?
GDPR applies if you are in the EU, or you are handling the personal data of EU Citizens.
What is Personal Data
Personal Data is defined as information which relates to an identifiable or identified individual. This captures everything from someone’s email address, to even their IP address. If it is possible to identify an individual from the information you’re looking at, it’s personal data.
What is a Controller or a Processor?
GDPR says that, depending on how you are handling someone’s Personal Data, you are either a “Controller” or a “Processor” of that Data.
(yes, there are other statuses of control, like a “Joint Controller”, but those aren’t the topic of today’s article).
The main difference between these two status’ is whether you are determining the purpose for which the data is processed, and the means by which the data is processed.
This sounds quite complicated, but in essence it is all about who is giving and receiving the instructions.
I run a newsletter, so how does this affect me?
For a newsletter, there are a number of points you want to remember:
- Minimise what data you are collecting about an individual. This is a requirement under GDPR, but also good practise. The less data you have about someone, the less risk there is about how you look after it.
- E.g. if you’re running a bookish newsletter, do you just need an email from the person signing up? Email and first name? Consider what is the need for a full firstname and surname, or name and address?
- Make sure you get consent. For most newsletters, signing up to receive newsetters means the individual is consenting for their personal data to be used for the receipt of the newsletter.
- Check what the requirements are for your newsletter distribution service, and how they consider you as the newsletter owner under data protection law. For example, Mailchimp consider the “Member” to be a Controller of the “Users” data.
I’ve put some helpful links below to some sites that might help your understanding of GDPR:
This article was first released as part of my Autumn Newsletter. If you’re not already subscribed, sign up below! You get access to my FREE fantasy short story “The Gateway of Arieum” when you sign up!
Featured Photo by Lianhao Qu on Unsplash
- How To: Creating Magic SystemsMagic systems. Any good fantasy (in my opinion), needs a magic system. I love worlds with intriguing magic, and the ability to throw in a good few battle magic … More How To: Creating Magic Systems
- How To: Choosing Main CharactersI’ve previously written about choosing a POV for your story, and how many POVs you want to use in your story. This month, as my first topic for my … More How To: Choosing Main Characters
- How To: What is GDPR?Any information contained in this article should be construed as legal advice and is not intended to be a substitute the appropriate legal or other professional advice in your … More How To: What is GDPR?