I had zero interest in figuring out if my sites might be in violation of a privacy law because someone in Europe decided that I wasn’t fully compliant. I do, however, run several websites, and many of the visitors come from Europe. So I spent a few hours reading what I should be concerned with and I was still confused.
My big take away was there were 3 things I could do to greatly reduce my risk of being in violation of GDPR.
- Anonymize Google Analytics tracking. You can either anonymize or annoy. Annoy means putting up overlays saying you are collecting cookies. As a user, I hate those, so I choose the anonymize route. The WP Disable plugin has a checkbox option to anonymize Google Analytics data.
- Make sure all your newsletter subscribers agree to receive any marketing related material from that newsletter that they already signed up for. I wasn’t sure what my users agreed to or if my content could be defined as marketing. MailChimp had custom forms to get consent, but I could not tell from their dashboard which users agreed to the consent form. Did they need to agree? It was not clear.
So, I decided to kill off the newsletters for the 3 websites I have that use MailChimp. It is not worth the risk or effort. Plus, I dislike making them. I’d rather work on a new post than craft some clever email that inspires the reader to first open the email and then to follow a link from that email.
I know that Tim Ferriss and some of his guests swear by the newsletter. Maybe it makes more sense when your traffic is at a super high level? Perhaps if I had a personal assistant, I would task them with this tedious task. But I don’t.
My site INeedCoffee.com gets between 4,000 – 7,000 visitors a day. The newsletter had around 800 subscribers. That is low, but I refuse to use pop-ups to harvest emails. My personal code is to never implement something on my website that I would hate as a user. Of those 800 subscribers, only 15-20% even open the newsletters and only 4% click on a link. 4% of 800 is 32 people. Totally not worth it. Not worth my time or any future legal risk because I didn’t follow European laws to the letter.
My plan is to sit this out for a year and reassess. The GDPR lawsuits have already started. They are going after the big players such as Facebook and Google first. How far will it go? Beats me. Some American newspapers, who we can assume have qualified legal counsel, have started blocking access to their websites from Europe. It isn’t worth the risk to them.
I also concede that I might be overreacting, but I’m all about reducing unnecessary risk. I’ll watch from the sidelines for a year. My sites aren’t going anywhere.
Photo by Dennis Skley