There are three problems however that I have with GDPR and I’d love to hear how other small non-EU businesses are dealing with this.
First is the requirement to have EU representation (Art. 27). Since I don’t have any physical presence in the EU, GDPR requires the appointment of a representative. It would appear that a new industry has been created selling non-EU businesses GDPR representation in the EU which in my brief Google searching can cost $1000 per year or more. Are other small businesses owner out there paying for this? Or how else to deal with this requirement? Not a lawyer but this is the only part of GDPR I am tempted to ignore.
Second is the common practice of using lead magnets to collect emails for marketing. My email signup forms are very clear about marketing use, and are double opt in, and subscribers can opt out with a single click. But my research suggests that this is still not GDPR compliant unless there is an explicit consent, which I believe will reduce email signup rates. Also, while Mailchimp has a GDPR form, but it is quite large and doesn’t work embedded in web page headers, sidebars or popups. I’ve only seen one of these Mailchimp GDPR signups in the wild and they opened a new browser tab to present the hosted Mailchimp GDPR form which to me isn’t ideal. How are others handling email marketing signups? Disclosure and checkbox for consent seems a reasonable compromise but I haven’t seen this very often in the wild, at least not yet, that may change come May 25. Not a lawyer but I’m tempted to keep my current forms until I see more websites make changes.
Third, I have a medium sized mailing list (less than 10,000) mostly US based emails which is important for my business. Are people running consent campaigns (as suggested by Mailchimp?) I’m concerned that I will lose a substantial part of my list due to non-response. Again, the list is double opt in and I am very reasonable with my marketing emails. (Not a lawyer) but my thought is to segment my list into EU and non-EU customers and run a consent campaign only on EU emails. Has anyone run a consent campaign and how did it work out for you?
Any thoughts or suggestions from other small and solo business owners would be much appreciated.
The lead magnet thing is such a good example. It’s a clear and voluntary trade-off: you can have this free resource if you join my list, from which you can unsubscribe at any point. It can obviously be done in a scammy way, but you’re clearly not doing that. But some people think you should have to provide that resource without any restriction.
Or that forcing people who already opted in to do so again is fair, because if they don’t reconfirm, then they must not have wanted to be on the list. This is like a SaaS company calling every customer periodically to ask them if they might want to cancel.
It makes no sense, but the pro-GDPR crowd on HN in particular is very hostile to marketing in general and email marketing in particular.
No one here who likes the GDPR gives a shit about your business. They’ll be happy to give you bad advice based on how they wish the world was, and if it costs you dearly, that’s not their problem and you probably deserved it anyway.
I’m doing some of the same activities as you, and I personally will be changing basically nothing for GDPR. I’ve always treated customers fairly and I’ll continue to do so. Governments that have no jurisdiction or enforcement mechanisms against my company can pound sand.