1) most plugins have information about GDPR so you can look at them individually. 2) You’d likely want to phrase your offering to be more like: subscribers get access to freebies like x, subscribe now. If you worded it this way you wouldn’t have to give the freebie away if they don’t subscribe.

Ideally, you want one with checkboxes for different tiers of cookies, but at the very least you want one that notifies people and that they must do something to get rid of, for example, exit out of it or say okay. You don’t want one that disappears without them taking some kind of action.

“If you use wordpress, it’s a matter of deciding which plugin is best, when evaluating plugins make sure you stick to ones that are GDPR compliant.” In order to be GDPR compliant, does the banner just have to notify people, or does it need to prevent people from accessing the site unless they agree? And do you need checkboxes for different tiers of cookies? I’m finding the cookie plugins to be very confusing.

You’re so welcome, glad it helps!

It depends on why type of advertising you’re doing where and how you ask for consent, you can cross that bridge when you come to it, but I think you’re on the right track.

Regarding consent from emails – if I say, “Subscribe to my email list, you’ll score bonus content and freebies!” And then have a subscribe button, that should be compliant because they understand they are signing up for the service of newsletters? If I decide down the road to advertise, then I need a checkbox for consent for that with the subscribe button? I was still a little confused on how to get consent for advertising (I think because I haven’t gotten into that).

Thanks again!
Caitlin

No worries, I joke that I’m a recovering attorney 😉

With regard to point 3 – I had read about recital 23 and commentaries on it and I was just going to go into it, but it would be a deep rabbit hole because fundamentally yes, the rights of people in the EU are still covered and, even if the exception suggested in recital 23 holds (which only applies to marketing activities and probably not, for example monitoring), then it’s probably risky to rely on it in practice.

I definitely agree it’s a good thing and also that some other jurisdictions have some sound laws.

Hi KN,

I actually am a lawyer, so I did do some hefty research for this guide, but I don’t really practice any more.

1. yes! It’s not zero to 100 in a snap, and even if you get to the point of being fined there is a proportionally part to it, so if you’re a small business and assuming you made some effort to comply, the fine will reflect that. I could only see a small business facing a huge fine as a symbolic gesture if they were grossly negligent.
2.Yes, but I know some people that decide against incorporating in some form because of cost, GDPR is just one more reason to do it so that personal assets are protected.
3. If people from the EU end up on your site and email list, then GDPR is applied to you, those based in the EU have the right to their personal data no matter where it is being processed. I don’t market to the EU but I still had about 1% of my list from the EU. Though I hope my guide helps people figure out what course of action is right for them.

I think GDPR is a good thing for business and those that don’t see it that way are likely doing something a tiny bit shady. As a consumer, I would love for the US to pass something similar, though some states already have some great data protection laws.