A guide to GDPR for poets, artists, and art organisations

GDPR (aka data law changes on 25th May) sounds scary – here’s what it all means.

Disclaimer: I am not a lawyer. I wrote this as a Facebook post a while ago and a friend suggested I post it here as a lot of people are worried about GDPR. Hope it helps!

The low-down on GDPR

First, bear in mind GDPR really is about contact from organizations. Even if your organisation is not based in Europe, if your contacts include anyone in Europe, this will affect you. And no, Brexit isn’t making the UK exempt from this.

For those of you worried about GDPR and working in poetry or other art-related organisations, here are the main things to think about:

Do you have people’s consent for email marketing (i.e did they sign up to your newsletter or did you manually add them?). To be on the safe side, you need a record of permission (which them signing up to it does). So if you don’t have that, time to clean your lists!
If you have a pre-checked tick box for adding people to your newsletter, get rid of it! Consent has to be optional and clear. The pre-checked consent box must go!
Are you sharing people’s info to other organizations (even selling them?) If so, you need to make that crystal clear when they are giving you their data. The blanket term ‘third parties’ doesn’t cut it anymore, you need to state exactly who and for what.
If a subscriber/user/client wants to be deleted from your records, you must comply fully.
Stop asking people for their data (i.e email addresses) in exchange for a prize (especially if, again, you don’t say how it’s going to be used)
if your website/organisation has been hacked (I believe your personal Facebook being hacked does not apply), then you need to report it to the ICO within 72 hours.

Essentially: don’t misuse people’s data, don’t send them marketing stuff without proof of consent & tidy up your security.

When is it ok to contact someone?

They’ve consented to it
To fulfil your contractual obligations to them
They’ve asked you to contact them (for eg a quote)
If you need to for any legal reason
They’ve expressed something called ‘Legitimate Interest‘, essentially it’s ok if they are your current customers, students, etc. Some examples of this could be: a teacher calling a student, or, posting a brochure of an event to people who have attended a previous one you’ve organised.

Again though, make it easy for people to unsubscribe from your communications!

Some things to do now:

Audit your email newsletter lists – do you have proof of opt-in for them?
If that’s not the case, you still have the opportunity before 25th May to message them and ask them to re-subscribe or give proof of consent.
Clean up your list by unsubscribing those you cannot collect consent for

What does GDPR mean for social media?

Yay, you don’t have to worry about it! The platforms you use (Facebook, LinkedIn etc) are the ones held accountable there. You can keep talking to your audiences there.

However, a person’s social media name or handle is a personal identifier, so you cannot add it yourself to any CRM (Customer Relationship Management) system – it has to be provided voluntarily by the user.

Everything you need to know is on the ICO website!

p.s as you’re here, want to read my blog about reviving your dormant LinkedIn account?