GDPR for poets and other artists: what you need to know

GDPR (aka data law changes on 25th May) sounds scary – here’s what it all means.

Disclaimer: I am not a lawyer. I wrote this as a Facebook post a while ago and a friend suggested I post it here as a lot of people are worried about GDPR. Hope it helps!

The low-down on GDPR

First, bear in mind GDPR really is about contact from organizations. Even if your organisation is not based in Europe, if your contacts include anyone in Europe, this will affect you. And no, Brexit isn’t making the UK exempt from this.

For those of you worried about GDPR and working in poetry or other art-related organisations, here are the main things to think about:

  • Do you have people’s consent for email marketing (i.e did they sign up to your newsletter or did you manually add them?). To be on the safe side, you need a record of permission (which them signing up to it does). So if you don’t have that, time to clean your lists!
  • If you have a pre-checked tick box for adding people to your newsletter, get rid of it! Consent has to be optional and clear. The pre-checked consent box must go!
  • Are you sharing people’s info to other organizations (even selling them?) If so, you need to make that crystal clear when they are giving you their data. The blanket term ‘third parties’ doesn’t cut it anymore, you need to state exactly who and for what.
  • If a subscriber/user/client wants to be deleted from your records, you must comply fully.
  • Stop asking people for their data (i.e email addresses) in exchange for a prize (especially if, again, you don’t say how it’s going to be used)
  • if your website/organisation has been hacked (I believe your personal Facebook being hacked does not apply), then you need to report it to the ICO within 72 hours.

Essentially: don’t misuse people’s data, don’t send them marketing stuff without proof of consent & tidy up your security.

When is it ok to contact someone?

  • They’ve consented to it
  • To fulfil your contractual obligations to them
  • They’ve asked you to contact them (for eg a quote)
  • If you need to for any legal reason
  • They’ve expressed something called ‘Legitimate Interest‘, essentially it’s ok if they are your current customers, students, etc. Some examples of this could be: a teacher calling a student, or, posting a brochure of an event to people who have attended a previous one you’ve organised.

Again though, make it easy for people to unsubscribe from your communications!

Some things to do now:

  1. Audit your email newsletter lists – do you have proof of opt-in for them?
  2. If that’s not the case, you still have the opportunity before 25th May to message them and ask them to re-subscribe or give proof of consent.
  3. Clean up your list by unsubscribing those you cannot collect consent for

What does GDPR mean for social media?

Yay, you don’t have to worry about it! The platforms you use (Facebook, LinkedIn etc) are the ones held accountable there. You can keep talking to your audiences there.

However, a person’s social media name or handle is a personal identifier, so you cannot add it yourself to any CRM (Customer Relationship Management) system – it has to be provided voluntarily by the user.

Everything you need to know is on the ICO website!

p.s as you’re here, want to read my blog about reviving your dormant LinkedIn account?

The following two tabs change content below.

Claire Trevien

B2B Content Marketer
Freelance B2B Content Marketer and Multimedia Poet. If you want me to geek out, ask me about digital tools and writing prompts!

2 Comments

  • Hi Claire, great post. There are a couple of things readers may also want to consider, in addition. GDPR replaces the current data protection act in May and will apply to all marketing AND fundraising communications. There are 4 legal bases on which personal data can be collected stored and used: 1. Contractual – e.g. to fulfil a contract 2. To fulfil legal obligations (e.g. accident on site) 3. With informed consent of people whose data you collect 3. To pursue legitimate interests e.g. Marketing. Email communications are governed by PECR Privacy and Electronic Regulations (see ICO website as there are clear requirements).
    Legitimate interest only applies to communications sent by post or live telephone calls, PECR covers consent for email communications, but you don’t need consent for business addresses e.g. info@ hello@ etc.). Its helpful to use something like Mailchimp (free up to 2k records) which offers automatic unsubscribe plus individuals can change and update their preferences. If individuals have a website they should have a privacy policy that describes how data, is collected, used, stored and for what purposes and how people can opt out, they should communicate this to their subscribers with a link to the policy.

    • Claire Trevien says:

      Hi Pamela! Thanks for adding these clarifications – very useful! I wouldn’t personally recommend Mailchimp though – I was in touch with them a year ago as we wanted to delete the records of unsubscribed users – their legal department hadn’t heard of GDPR (!) and we were told it wasn’t possible. I know they’ve finally started writing a little about it, but I’d recommend instead an alternative like Mailjet which allows unlimited contacts for free https://www.mailjet.com

Leave a Reply

Your email address will not be published.