If you’ve been relying on a mailing list to sell books online, or you sell books from your website, you need to know about the GDPR, a new law that comes into effect on May 25, 2018 that protects people online from spam and unwanted data sharing. It affects anyone who is located, does business, or makes contacts in the EU region, which is basically this area shown in the image (click image for interactive version at Nations Online), and carries hefty fines if you do not follow the rules.

Download our FREE Privacy Policy Template For Author Websites – GDPR

Data collection on your site

If you have a place where people can sign up for your newsletter, you must also make sure that they can opt out of the newsletter later. This is easiest done by adding an “Unsubscribe” link at the bottom of each email you send.
If you collect data at the point of sale, you must state how you store, use, share, and maintain security on your website with this data, including name, address, phone number, email, and payment details.

Data Sharing for marketing

You can no longer share email addresses of your readers with other authors to pool lists of potential buyers. If you do do this, you have to make sure that you give people an option tickbox to opt out of this sharing when they sign up. Some authors have been doing this for box sets, but the rules state that the email you use must have come from either, “a sale or a negotiation of a sale” to use their email in this way.

Email scraping

You can no longer scrape email addresses from Amazon to contact reviewers. There are many tools out there that do this, but it will now be considered illegal in the EU to use unqualified emails for this purpose, and because you have no idea where the reviewers are based, it is not a good idea to continue this.

Sending out “cold” marketing emails

You can no longer send marketing emails to unqualified addresses. Sending requests for reviews to people who have not agreed to be included in your marketing emails would be part of this law.
Ahead of this, Amazon seems to have recently removed all reviewers’ emails from their profiles, so from now on, forget this as a way of marketing for reviews.

Storing data about readers

If you do sell books directly on your site, you need to be aware that gateways like PayPal do send data back to your server to store. This means you need to stay on top of data storage, security, and access, with strong passwords for all logins. You must now have a Privacy Policy that includes a transparent statement citing what you keep data for, how long, and how you destroy it.

SSL Certificates

It’s time to invest in an SSL certificate, which adds a layer of security to payment from your website. These start at very low pricing, but need to be the right kind for your website. SSL certificates are mandatory for Google results now, with higher results for those who have added a certificate. You can call your hosting provider and ask them to add one. This will make your site “https://www…”, and shows a green lock, meaning the site is secure and monitored. You can see ours top left in the URL:

Register with the ICO

You may have to also register at the Information Commissioner’s Office in the UK, as it is illegal not to. They also share Top Tips for compliance here.

Privacy Policy

If you do collect data in any way, you will need to add a Privacy Policy to your website outlining how you use it. Because this is all a complete headache, we have created a template to download here, that you can modify for your author website.