G is for GDPR

While this is a break from the subject of creative writing, the General Data Protection Regulation is coming into effect next month and will affect how I conduct my business. It’s been spoken about for the last couple of years – I found out about it last week (so cue a bit of panicking from me). It does affect anyone within the EU who holds another person’s personal data – editors and authors included – so I see no harm in including this as part of the A to Z challenge.

I spent most of yesterday reading up on the GDPR, learning about cookies and privacy policies, getting confused one minute and understanding what I needed to do the next, (then back to confused again).

Through all this, I think I’m finally getting to grips with it. I found a plugin that installs a cookie warning notice that gives a visitor the option to accept or decline cookies. Having monitored which cookies load before and after I accept them, the penny dropped. Now, when a visitor arrives on this website, only those cookies needed for functionality load (unless previously accepted). If a visitor agrees to cookies, the non-essential ones will load up (Facebook, Pinterest, Google ads etc). If they decline to accept them, then only the site functionality ones will work.

The GDPR insists that permission is granted by users/visitors, and this plugin logs a visitor’s acceptance or rejection (via their IP address).

I used a Chrome extension to compile a cookie audit, which also wrote my cookie policy for me. Anyone who is curious about the cookies used on this site can read that document at their leisure. I’ve placed the link for it in the ‘about’ section and in the footer.

I moved my mailing list over to Mailchimp because their sign-up form allows me to add a checkbox to seek specific permission to send newsletters to subscribers. GDPR is all about permission and protection, or rather, giving a person more control over how their data is used. I still need to request this permission from previous subscribers, but I shall get to that shortly. It’s EU specific, but ignoring all the stress and faffing about, it is good practice.

Contracts are next on my list, both for clients and for those I subcontract work to (not that I ever subcontract without a client’s permission, but I need to tighten up the wording). I also need to complete my privacy policy, though I’ve always worked on the basis that anything I do is between me and the client. I don’t blog, post or tweet about edits – beyond saying I’m editing, and perhaps a rough word count or genre, but nothing that would identify the client. I will no longer promote books as published projects unless I have sought permission (and will remove books where that permission is not received). I will also be removing all manuscripts from my hard drive unless a client specifically requests that I store a copy. It has ‘saved’ a couple of clients when manuscripts got eaten up and spat out by their own hard drives, and I’ve no problem keeping a backup.

That’s all I can think of for now. Lots to do, not least of which is to finish F is for… (I got sidetracked with all the above yesterday).

Below are the links to the plugin and chrome extension I used:

Ginger – EU Cookie Law

Cookie audit tool

And finally, a nice infographic from the EU about the GDPR