Celebrate Memorial Day Weekend by Reading a Bunch of Boring Regulations!

(How to Comply with the New EU GDPR)


“The General Data Protection Regulation (GDPR) is a new data privacy regulation that aims to give individuals in the EU protection and control over their personal data. This affects how businesses can collect and use personal data. While it is an EU law, it is applicable to any organization with personal data of EU citizens and residents. If you are a business with customers in the EU, the GDPR will be applicable to you when you are handling personal data of your EU customers.”
—Alfred Lua of Buffer

By now, many of you have probably already been inundated with emails from other mailing lists asking you to resubscribe along with links to their privacy policies. Wondering what the heck is going on?

Well, the EU (European Union) passed the “GDPR” which requires all businesses that collect EU users’ emails and other personal information to disclose how the information is being used and to confirm with those users that they do indeed want to remain on email lists.

And, this new regulation becomes enforceable tomorrow, May 25.

Unfortunately, we just became aware of the GDPR on Monday and have spent the past few days researching best practices so that we could advise you on next steps. However, we don’t offer legal advice. We recommend you contact your legal counsel to find out how the GDPR affects you.

Most of you do not have many, or any, subscribers/customers in the EU, but even if you have one EU member on your marketing email list, you must be in compliance. Also, this is a good opportunity to show all of your customers that you care about their privacy by creating a Privacy Policy and posting it on your site.

In a nutshell, here is what you need:

  • You need a privacy policy explaining what data you are collecting and why you have legitimate interest to collect the data.
  • The privacy policy needs to be accessible from every page.
  • For a newsletter you need to confirm the user via double opt-in.
  • The opt-in needs to inform the user about your privacy policy before address confirmation.


Many of you use MailChimp for your email marketing campaigns and you’ll want to be sure that your email list optin forms are compliant. Because many of you use the double optin confirmation feature and don’t have any EU residents on your lists anyway, you should be fine. To be sure, MailChimp has provided these helpful docs:


The Information Commissioner’s Office has a great website that includes a link to “GDPR: 12 Steps to Take Now” and a “Data Protection Self-Assessment Toolkit.”  To access the main site click here»

Here are some more helpful shortcuts:

Want Our Help?

Again, we’re not attorneys, but we are happy to help you work through your new policy and make changes to your opt-ins for mailing lists. We are working with clients in the order we receive requests. If you would like to get in the queue, please email Jen at jen@edendesignco.com.

After all that, I need a drink!
Have a great Memorial Day Weekend.

Photo by Toa Heftiba on Unsplash

Photo by Toa Heftiba on Unsplash