Author Topic: Any British authors doing anything about GDPR?  (Read 766 times)  

Offline David Blake

  • Status: Lewis Carroll
  • **
  • Posts: 152
  • Gender: Male
  • London
  • I see dead people.
    • View Profile
    • David Blake
Any British authors doing anything about GDPR?
« on: May 18, 2018, 03:40:22 AM »
Are any British authors out there doing anything about the General Data Protection Regulations that kick in next week???

Online Acheknia

  • Status: Arthur Conan Doyle
  • ****
  • Posts: 660
  • Gender: Female
  • UK
    • View Profile
Re: Any British authors doing anything about GDPR?
« Reply #1 on: May 18, 2018, 04:21:47 AM »
I don't collect any data (no newsletter or website, just my FB, Twitter & blog) so for me it's not an issue.

Offline Mercia McMahon

  • Status: Dostoevsky
  • ******
  • Posts: 3603
  • Gender: Female
  • London
  • living in the Shadow of pulp speed
    • View Profile
    • Mercia McMahon
Re: Any British authors doing anything about GDPR?
« Reply #2 on: May 18, 2018, 04:25:41 AM »
Yes I plan to close my redundant newsletter account that never more than a few personal friends as customers so I never wrote a newsletter I just tell friends face to face if something is coming out. Now I have to remember the name of the major newsletter company so that I can cancel my account hopefully before 25 May.


Mercia McMahon | Author Site | Publishing Site | Pinterest

Online ADDavies

  • Status: Arthur Conan Doyle
  • ****
  • Posts: 819
  • Gender: Male
  • Staffordshire, UK
    • View Profile
Re: Any British authors doing anything about GDPR?
« Reply #3 on: May 18, 2018, 04:35:50 AM »
British authors should already be compliant since obtaining consent to contact people electronically has been British law for a few years now. The EU legislation is aimed more at big companies misusing consumers' data, like when they buy email addresses from Facebook like-farms.

All my newsletter subscribers came to me via a double opt-in that laid out how I would use their data, which is covers what GDPR (and the British law that already exists) demands of us. 

If you bought email addresses from someone or picked them up via Facebook lead gens that didn't send out a second opt-in stage with your terms clearly laid out, you might want to look into sending something out to "re-opt-in" but I was confident everyone already went through that, so just added a note on my last newsletter reminding people how they came to be on my list, what I plan on sending them, and how I won't ever share their data with 3rd parties - oh, and reminding them they can unsubscribe at any time. Got 73 unsubscribes out of 7,000.
Adam Park #5 : 100%

Offline Dayseye

  • Status: Dr. Seuss
  • *
  • Posts: 15
    • View Profile
Re: Any British authors doing anything about GDPR?
« Reply #4 on: May 18, 2018, 04:49:55 AM »
Nope.

My subscribers are all stored on either Mailerlite or Mailchimp, hopefully that's secure enough.
All opted in to my newsletter.
Every newsletter has an unsubscribe.
I don't share with anyone.

The only data on file are email addresses, and names.

"If consent is used as the lawful basis for processing, consent must be explicit for data collected and the purposes data is used for (Article 7; defined in Article 4)."

My sign up form specifies that I only email out bookish type news: new releases, discounts and free promotions. Occasionally I'll share what I've been reading/writing. Occasionally I'll ask for opinions on book titles, and occasionally I'll ask for a book recommendation. These further opinions aren't fed into any data base, wouldn't know how to start!

It's my understanding that these new regs are geared towards larger co-operations, who gather information about their customers then use it for financial gain.

Whoops. ADDavies beat me to it. What s/he said:

British authors should already be compliant since obtaining consent to contact people electronically has been British law for a few years now. The EU legislation is aimed more at big companies misusing consumers' data, like when they buy email addresses from Facebook like-farms.

All my newsletter subscribers came to me via a double opt-in that laid out how I would use their data, which is covers what GDPR (and the British law that already exists) demands of us. 

If you bought email addresses from someone or picked them up via Facebook lead gens that didn't send out a second opt-in stage with your terms clearly laid out, you might want to look into sending something out to "re-opt-in" but I was confident everyone already went through that, so just added a note on my last newsletter reminding people how they came to be on my list, what I plan on sending them, and how I won't ever share their data with 3rd parties - oh, and reminding them they can unsubscribe at any time. Got 73 unsubscribes out of 7,000.







Offline The 13th Doctor

  • Status: Scheherazade
  • *****
  • Posts: 1281
  • Gender: Female
  • Here
    • View Profile
    • Three-Headed Writer
Re: Any British authors doing anything about GDPR?
« Reply #5 on: May 18, 2018, 04:57:20 AM »
I work for a law firm and still waiting to get mandatory training in preparation for GDPR...

I am in the process of restarting my mailing list from scratch - 100% organic - so will have all the necessary wordage, etc, in order before I go any further with it.

Offline NathanBurrows

  • Status: Madeleine L'Engle
  • **
  • Posts: 74
  • Gender: Male
  • Norwich, United Kingdom
    • View Profile
    • Nathan Burrows
Re: Any British authors doing anything about GDPR?
« Reply #6 on: May 18, 2018, 07:14:58 AM »
I followed Mailerlites GDPR compliance guidelines, and in the process killed my list by about 90%.

Im fairly ambivalent about it though - the ones I have left are proper fans, I guess.

Offline Victoria.T76

  • Status: Lewis Carroll
  • **
  • Posts: 152
    • View Profile
Re: Any British authors doing anything about GDPR?
« Reply #7 on: May 21, 2018, 06:44:23 AM »
I followed Mailerlites GDPR compliance guidelines, and in the process killed my list by about 90%.

Im fairly ambivalent about it though - the ones I have left are proper fans, I guess.

I'm in the same boat, but looking at it as not that big a loss.

As others have said, not much has changed for us, we still need to be registered as data controllers, and have always had to be careful with data. While the laws are aimed at larger corporations, they also allow users to sue us if they feel we have misused their data - this is where the danger lies to small people like us. But, on the whole - keep double opt-in, make sure your website privacy policy is up-to-date, and remember that as we are in the UK/EU the law applies to every sub on our lists and every visitor whose data our website might gather (through affiliate links/contact forms etc), is covered - even those from outside the EU.


Online Simon Haynes

  • Status: Scheherazade
  • *****
  • Posts: 1464
  • Gender: Male
  • Perth, Australia
  • Born in the UK, raised in Spain, now Australian
    • View Profile
    • Home page
Re: Any British authors doing anything about GDPR?
« Reply #8 on: May 22, 2018, 02:17:05 AM »
Douglas Adams would be proud of this mess:


Most GDPR emails unnecessary and some illegal, say experts

https://www.theguardian.com/technology/2018/may/21/gdpr-emails-mostly-unnecessary-and-in-some-cases-illegal-say-experts


From the article:


Businesses are not required to automatically repaper or refresh all existing 1998 Act consents in preparation for the GDPR, Vitale said. The first question to ask is: which of the six legal grounds under the GDPR should you rely on to process personal data? Consent is only one ground. The others are contract, legal obligation, vital interests, public interest and legitimate interests.

Even if you are relying on consent, that still does not mean you have to ask for consent again. Recital 171 of the GDPR makes clear you can continue to rely on any existing consent that was given in line with the GDPR requirements, and theres no need to seek fresh consent. Just make sure that your consent met the GDPR standard and that consents are properly documented.

In other words, if the business had consent to communicate with you before GDPR, that consent probably carries over, and even if it doesnt carry over, there are five other reasons a company can cite for continuing to process data.


(Bolding mine)

And then the best bit:

Whats more, Vitale said, if the business really does lack the necessary consent to communicate with you, it probably lacks the consent even to email to ask you to give it that consent.

"In many cases the sender will be breaching another set of regulations, the Privacy and Electronic Communications Regulations, which makes it an offence to email someone to ask them for consent to send them marketing by email."


« Last Edit: May 22, 2018, 02:31:08 AM by Simon Haynes »


Sierra Bravo all but done. Robot vs Dragons is next!

Online Lee Nichols

  • Status: Dr. Seuss
  • *
  • Posts: 15
    • View Profile
Re: Any British authors doing anything about GDPR?
« Reply #9 on: May 22, 2018, 06:49:34 AM »
Douglas Adams would be proud of this mess:


Most GDPR emails unnecessary and some illegal, say experts

https://www.theguardian.com/technology/2018/may/21/gdpr-emails-mostly-unnecessary-and-in-some-cases-illegal-say-experts


From the article:


Businesses are not required to automatically ‘repaper’ or refresh all existing 1998 Act consents in preparation for the GDPR,” Vitale said. “The first question to ask is: which of the six legal grounds under the GDPR should you rely on to process personal data? Consent is only one ground. The others are contract, legal obligation, vital interests, public interest and legitimate interests.

Even if you are relying on consent, that still does not mean you have to ask for consent again. Recital 171 of the GDPR makes clear you can continue to rely on any existing consent that was given in line with the GDPR requirements, and there’s no need to seek fresh consent. Just make sure that your consent met the GDPR standard and that consents are properly documented.

In other words, if the business had consent to communicate with you before GDPR, that consent probably carries over, and even if it doesn’t carry over, there are five other reasons a company can cite for continuing to process data.


(Bolding mine)

And then the best bit:

What’s more, Vitale said, if the business really does lack the necessary consent to communicate with you, it probably lacks the consent even to email to ask you to give it that consent.

"In many cases the sender will be breaching another set of regulations, the Privacy and Electronic Communications Regulations, which makes it an offence to email someone to ask them for consent to send them marketing by email."


The problem is it's all too vague. While all of this is true, it doesn't address one problem; consent now requires proof. If your previous consents don't have recorded proof then it may no longer stand. Again, all too unclear, there is no mention that previous consent should have proof on record so many are assuming that our contacts should be re-permissioned to get proof of consent. It's all a big mess!

Online Simon Haynes

  • Status: Scheherazade
  • *****
  • Posts: 1464
  • Gender: Male
  • Perth, Australia
  • Born in the UK, raised in Spain, now Australian
    • View Profile
    • Home page
Re: Any British authors doing anything about GDPR?
« Reply #10 on: May 22, 2018, 07:17:27 AM »
Isn't it saying you can't email to ask for consent if you don't already have consent to contact them? That appears to be the point of the article.


Sierra Bravo all but done. Robot vs Dragons is next!

Online Lee Nichols

  • Status: Dr. Seuss
  • *
  • Posts: 15
    • View Profile
Re: Any British authors doing anything about GDPR?
« Reply #11 on: May 22, 2018, 07:34:02 AM »
Isn't it saying you can't email to ask for consent if you don't already have consent to contact them? That appears to be the point of the article.

As far as I can make out, there should be no problem emailing our list and asking for re-permission up until 25th May. Before now it has been more about recommended practice than actual law, but don't quote me on that, this is just my understanding. Where a lot of confusion is coming from is PECR and GDPR, they cross over but aren't well defined.

Quote from the ICO: "The GDPR does not replace PECR, although it changes the underlying definition of consent. Existing PECR rules continue to apply, but using the new GDPR standard of consent."

Then we have this, also from the ICO "Keep evidence of consent who, when, how, and what you told people."

Basically we should have recorded proof of consent, including what the wording was around the check boxes, Previous single opt-ins will not have any of this proof. How we are meant to prove any of this is where it all gets silly. We are expected to record I.P address, name, email address, possibly screenshots of opt-in forms, date and times of consent. Most email services are now recording this data and keeping record but they may not have previously. Many are assuming that if double opt-in was used previously then these will comply. Maybe, but it isn't clear.

On the positive side, I can't imagine they would come down that hard, fining people who previously used double opt-in, but who knows?

I have a busy website and a retail business. This thing has kept me up all night for the last few weeks and I don't feel like I've got very far with it :)


Offline Natasha Holme

  • Status: Scheherazade
  • *****
  • Posts: 1391
  • Gender: Female
  • London, UK
    • View Profile
    • Lesbian Crush Diaries
Re: Any British authors doing anything about GDPR?
« Reply #12 on: May 23, 2018, 09:22:54 AM »
Yes. But then, I'm a web developer, so am in a privileged position.

---I've added a consent checkbox to an online order form.
---I've deleted data I collected from a defunct newsletter sign-up form.
---I've hidden a comments form.
---And tomorrow I'm planning on closing comments on www.lesbiancrushdiaries.com/blog (although I'm not sure now whether I need to, having read through the above comments? ...).





Natasha Holme, Author
Lesbian Crush Diaries series


Website | Goodreads | Twitter | Facebook

Offline archaeoroutes

  • Status: Scheherazade
  • *****
  • Posts: 1468
  • Gender: Male
  • Somerset, England
    • View Profile
    • Alasdair Shaw
Re: Any British authors doing anything about GDPR?
« Reply #13 on: May 23, 2018, 01:59:04 PM »
Isn't it saying you can't email to ask for consent if you don't already have consent to contact them? That appears to be the point of the article.
Exactly. I've pointed this out many times in similar threads. Emailing someone to asks for consent to email them is explicitly banned under the existing PECR laws (and many of their equivalents in other countries).
It's been great fun these last few weeks replying to all the companies who've asked me to reconsent when I know I never consented in the first place and point out the relevant pieces of legislation which show they are acting illegally and request them to manually delete me. Much better to male them work for it than just hit unsubscribe.

Genres: Space Opera, MilSF, Popular Science, Physics Textbooks, Archaeology, Walking
Alasdair C Shaw | Personal Website | SciFi Website | Physics Website | Archaeology Website | Newsletter Signup