Thursday, May 17, 2018

What is the GDPR and What Does It Mean for Authors?

by Cyle  Young @CyleYoung

On May 25th, 2018 the European Union’s new data privacy law goes into effect. The GDPR or General Data Protection Regulation applies to any person or business operating or storing information of EU citizens, and not only to EU-based companies and organizations.

Any author with an international following, fan base, or email subscriber list needs to take notice. The GDPR will change the way that you do business as an author. Most companies who service emails on the behalf of authors—think companies like MailChimp and ConvertKit—have taken steps over the last few months that will enable compliance to the GDPR.

But what exactly is the GDPR?

The GDPR regulates how companies acquire and store personal information of EU citizens. The law denotes personal information and data as any piece of data that could be used to identify a person—including emails. If you store or collect emails from EU citizens, you have to obey the new GDPR legislation.

The GDPR is all about obtaining consent from a person to have and store their information. Most companies who have time-stamped opt in’s are already in compliance with the GDPR. Many of the email services are now encouraging double opt in policies to ensure proper handling of personal data.

The new legislation also emphasizes that a person must be informed of how their data is used, how it is stored, and they should be able to easily request that their data be deleted. In addition, if a person signs up for a free book download, it must be explicitly clear what they are signing up for. If you are going to add them to an email newsletter list, it must be communicated up front and in detail.

What does the GDPR mean for you?

Well, there are three camps out there right now.

Camp #1: I don’t live in the EU so they can’t do anything to me.

This is probably true to some extent. But if you ever want to set foot in the EU at any point over the course of the rest of your life, you don’t want to be in this camp. The EU can fine you even if you live in the US. They may have difficulty collecting, but you will not be able to enter the EU without risk of arrest. Remember Wesley Snipes and his tax evasion. He couldn’t reenter the US for years without the risk of being arrested upon entry.

Camp #2: I’m a small fry, no one will care about little ol’ me.

The EU is hoping to make examples quickly. The fines are in the millions of dollars and they have said that they will go after ANYONE who breaks the rules to force fast adoption of this new policy. Little ol’ you should be very nervous.

Camp #3: I need to be compliant before May 25th.

This is the wisest way forward. You may not have a large EU fan base, but it only takes a little bit of work to reconfigure your email capture processes. If you get compliant you will be safe from any fines or prosecution.

The GDPR may be a big scary enforcement gorilla, but it should be taken seriously. Most authors won’t have too much to worry about, but if you take your writing career serious, you should take the GDPR legislation serious too.

Have you changed your email processes for the GDPR yet?

What is the GDPR & What Does It Mean for Authors - @CyleYoung on @EdieMelson (Click to Tweet)

Literary agent, @CyleYoung, shares why authors need to be compliant for the GDPR on @EdieMelson (Click to Tweet)

Cyle Young is an author and literary agent, husband & father of 3. As a self-proclaimed “Binge Writer”, Cyle writes over 30,000 words in a weekend. Get his free Binge Writing video class at


  1. Thank you for this post. I have taken measures to become GDPR-compliant. Would you offer specific instructions for managing platforms like and other RSS feeds? My blog subscribers have come through these venues, and I am not sure if there is anything I need to do or if NetworkedBlogs and RSS feeds take care of compliance regulations.

    Thank you for your kind help.

    1. Check your stats and see where your opens come from. How many come from EU countries?

    2. How many subscribers from the EU would put us in the danger zone, Cyle? And where is the best place to find more info on this topic, explained in a simple way?

  2. Interesting information. I have a blog and hope to have a website soon, including a newsletter.

  3. According to MailChimp, we need to not only reconfigure our email capture processes to be compliant but also send out a message to all our current subscribers asking them to RESUBSCRIBE to our newsletters/blogs. I've only received one such email out of all the lists I'm on. Is this necessary? Subscribers are notorious for not responding to calls for action. I'm afraid I'll lose a huge chunk of my subscribers.

    1. Only for subscribers in the EU

    2. It makes sense to only send to those in the EU, but according to MailChimp, we can't be sure where they are, only where they last opened an email. So if someone was traveling in the U.S. and opened their email here, that's what we'd see. I did send to all my subscribers. First, I think it will eventually come here (everything else does). Second, I prefer safe over sorry. Any my list probably needed to be cleaned up anyway. :/

  4. i've received several notices asking either that i update my settings (to the sender's particular blog or newsletter) or stating how my information is used and that i can unsubscribe at any time. as one blogger put it, we are in the U.S. but because of subscribers in the EU, it is the wiser choice to send out the notice. (for once i'm glad i've been stalled on getting my newsletter sign-up set up - it's still just a quarterly blog post!)
    but for my blog, it looks like i need to post a notice much the same as what i've seen in my inbox. is this correct???
    ps - just because it's "only" EU now, doesn't mean it won't hit the U.S. at some point as well!

  5. I've been reading about this and trying to figure out the rules. Is my blog automatically compliant through Google or do I have to do something else? Thanks for the information.

    1. You are not automatically compliant. You’ll need to adjust.

    2. Cyle, can you explain that? Blogger automatically has placed a Google Analytics Privacy notice on all my blogs (I have several) through blogspot, which can only be viewed when accessed via the international website, for example

      What will i need to adjust to be compliant, since blogger seems to have done the job for me?
      I do realize that since that particular blog exposes pictures and bios of authors, I may need a privacy notice in my submission and about pages...

  6. Yes. I’d like to know that too. I don’t have an email list, but there is a place where readers can “follow” and get email alerts when I post again.
    Also I’m working on a book now and will maybe start an email list for those updates. What if I get an email list AFTER May 25?

  7. Great explanation and easy to understand. Thanks, Kyle.