The GDPR (General Data Protection Regulation) takes effect on May 25th, 2018. The regulation requires businesses to meet requirements around the control and processing of customer's personal information. Although an European Union regulation, it applies to any writer with EU customers. Here are resources to help you do that, along with my thinking on the topic and what I'm doing in my own business to understand meet the requirements.
Unless you choose to completely forego selling your books to customers in the EU, the regulation applies—and you want to take the steps necessary to comply. Not because you're afraid of getting a fine, but to better serve your customers. My opinion on this is pretty simple—we should be taking these steps regardless of whether or not our customer is in the EU or not. We should show the same care for customers in the UK, USA, Canada, Japan, or anywhere else! I'm grateful that looking into the GDPR is helping me look more critically at what happens with customer data so that I can improve and provide better service for all of my customers.
Suppose that you publish through Amazon, maybe even exclusively through Kindle Select. Isn't GDPR Amazon's concern in that case rather than yours? After all, you don't receive personal information about customers from Amazon.
Do you have an email list? Run giveaways? Have a website that may track personal information? If you receive customer information, then you do need to meet the GDPR requirements. GDPR recognizes individual's rights to control their own personal data and requires that provide customers information about what data is used, why it is used, and control over that data.
Nope. Remember, we're talking about individual rights. The GDPR applies equally with one customer, or one million. Maybe you have a hundred people on your mailing list. One of those people could complain and then you'd need to deal with that issue. The risk might be very small, but I don't think risk is the primary concern. Protecting individual data rights benefits everyone, which is why I think we should take these steps regardless of where our customers live.
A simple Google search for GDPR returns almost 13 million results and a bunch of prominent ads. I heard about the GDPR years ago, and like many people in the USA at least, drifted along without paying that much attention. Talk about procrastination! Now that it's a month until the GDPR takes effect I'm finally paying attention. I think it's great, I just hadn't taken many steps yet for compliance.
I have located a few resources to help:
For most of us, this simply means providing better service to our customers. I'm glad to have direction on what to do. I'm grateful I don't have the problems faced by larger organizations e.g. like ICANN faces with Whois compliance. It sounds like they've buried their heads in the sands on this for two years and faces an enormous problem at the last moment.
As far as my own plans, I'm fleshing out the details but it seems pretty clear for me. I need to post the policies and terms, update my opt-in forms, and make sure that I'm handling personal information correctly. I'll tackle each step and continue to improve as I go. Since I only relaunched my site this year, and just started asking people to sign up, I don't have a whole lot that I need to update.
Ryan M. Williams lives a double life as a full-time career librarian and a multi-genre writer with over twenty books. He writes across a range of genres including science fiction, fantasy, paranormal, mystery, horror, and romance. He earned a Master of Arts degree in writing popular fiction from Seton Hill University and a Master of Library and Information Science from San Jose University. His short fiction has appeared in anthologies from Pocket Books, WMG Publish, and in On Spec Magazine.