Cut through the “hype” about the new General Data Protection Regulations and learn how they impact the genealogy industry
Updated 7:00 am, Friday, May 25, 2018
GDPR stands for “General Data Protection Regulation” and over the next week or so, you will probably be sick of hearing about it. GDPR has been on my radar for several weeks since it impacts me as a genealogy business owner. However, it is important that ALL genealogists including genealogy business owners, genealogy society board members, and even genealogists understand the impact of GDPR.
Basically, GDPR is a new regulation in European Union law related to data protection and privacy that goes into effect on Friday, May 25th, 2018. What GDPR should do is give EU citizens and residents more control over their personal data especially when it is shared online and with businesses and individuals. For a complete explanation of GDPR, I recommend the Wikipedia article HERE.
Whether we like it or not, we live in a global economy in the 21st century. For me, as a US-based business owner, I must follow the GDPR regulations when it comes to data provided to me by citizens and residents of the European Union. Not only must I make my data usage policies transparent starting on May 25th, I also need to ensure that I can “prove” that any EU person has opted-in to my various mailing lists.
What Does GDPR Mean for the Genealogy Industry?
Starting last week, many genealogy entities including businesses, professional genealogists, and even genealogy societies have been notifying their customers, viewers and members about GDPR. IMPORTANT: these notices are NOT SPAM; however, you should always be hesitant when clicking links in an email, especially if you are unfamiliar with the company.
Have Genealogy Sites Shut Down Due to GDPR?
Yes, this is true and not rumor. Both Judy Russell of The Legal Genealogist and Dick Eastman of Eastman’s Online Genealogy Newsletter have written about this topic. Some sites have shut down, some are just abandoning their mailing list and marketing via Facebook, and there are other actions as well. See the Resource List at the end of this article for information on genealogy website shutdowns.
What I’ve Done with My Websites, Blogs and E-Newsletters
I have several genealogy businesses that I run, all on-line, and the impact of GDPR for me is HUGE. I can’t begin to tell you how much time and money I’ve had to spend to come into compliance with these new regulations. Should I be worried?
This is just my personal opinion: I understand why the EU Parliament has put GDPR into place. I believe they are more concerned about big businesses like Facebook (especially given the recent Cambridge Analytica user data fiasco) than small businesses like mine. However, since there is a burden to “prove” that someone has opted in to your site or email list, and that there could be an “audit” of your data, and that the fine is up to 4% of your annual revenue, I just can’t ignore GDPR.
So here is what I have done or will be doing for all of my online assets:
- I have updated all of my privacy and cookie policies on all websites to make sure they are in compliance with GDPR requirements. I have never allowed a third-party to use any data I collect without proper notice to individuals, so I’ve always been in compliance.
- I have updated my e-news sign up forms for all of my e-newsletters and mailing lists to comply with GDPR regulations.
- I have sent, or am in the process of sending, “update profile” reminders to everyone on my mailing lists.
- On May 25th, I will remove anyone who has not opted in and move them to the “unsubscribe” container on MailChimp.
- After May 25th, I will start a new marketing campaign to remind people to sign up for my various e-newsletters.
I anticipate that my current number of subscribers – around 25,000 – will end up being about 5,000. On the downside, I will have to work hard to build up my mailing lists . . . again. On the upside, I will be paying much less to MailChimp each month plus my open rate and click rate should go way up!
UPDATE for Blogger Users:
As of May 25th, you will see the following message from Google in the Administration area of your Blogger blog regarding GDPR:
European Union laws require you to give European Union visitors information about cookies used and data collected on your blog. In many cases, these laws also require you to obtain consent.
As a courtesy, we have added a notice on your blog to explain Google’s use of certain Blogger and Google cookies, including use of Google Analytics and AdSense cookies, and other data collected by Google.
You are responsible for confirming this notice actually works for your blog, and that it displays. If you employ other cookies, for example by adding third party features, this notice may not work for you. If you include functionality from other providers there may be extra information collected from your users.
Learn more about this notice and your responsibilities.
My Recommended Action Plan for Genealogists and Family Historians
Here is what I recommend if you are a genealogist who is concerned about GDPR. The main impact on you and your genealogy research is this: you will likely receive an “update profile” or “opt in” notice from any website or e-newsletter where you’ve signed up previously.
- Always make sure that any email containing links looks legitimate. If in doubt . . . throw it out! And go directly to the website and sign up again. If you do have an account there, they will let you know.
- If you remember signing up for that mailing list, then click the link and update your profile so that you can continue receiving the emails from the website.
My Recommended Action Plan for Genealogy Website and Blog Owners
Again, just like many of these regulations that get hyped up in the media, there is more panic than action needed. Here is what you might want to do if you own a genealogy or family history website or blog:
- Remember, that overall most website and blog (as well as e-newsletter) owners likely have already been in compliance with GDPR. The downside of the new regulations in effect as of May 25, 2018, is the need to “prove” that someone has opted-in to your list if there were to be an audit of your site.
- If you don’t have a genealogy website or blog that you run on your own – DON’T WORRY. If you are running a Facebook group or page, realize that data collection is handled by Facebook and you don’t need to give any notice. Users of Facebook are governed by the Facebook Terms and Conditions.
- If you own a genealogy-related business that uses the Facebook Business platform, see https://www.facebook.com/business/gdpr for action items.
- Even if you don’t think you “collect” data from visitors to your site, realize that your site might be using cookies. If you don’t have a Cookie Notice in place, now is the time to make sure you notify users. See the Resources List below.
- If you maintain an e-newsletter, you will need to follow the GDPR instructions for the email marketing platform you are using. For MailChimp users, there is a variety of options – see https://kb.mailchimp.com/accounts/management/about-the-general-data-protection-regulation.
- Continue to monitor the GDPR news after May 25th! It would be a good idea to set up a Google Alert for either “GDPR” or “GDPR genealogy” to stay on top of the latest news.
My Recommended Action Plan for Genealogy Societies
Most, if not all, genealogical and historical societies must comply with the GDPR just as any other business would need to comply. Your status as a non-profit does not matter.
- If you are using an electronic mailing list make sure the signup form is in compliance and that you’ve notified existing subscribers to opt-in again.
- Review any postings of member information, whether on a publicly accessed page or members’ only section. If any information is from EU citizens, you should get permission to post the info. Some societies have found the burden of sorting out who is EU and who is not EU too burdensome, so they’ve just opted to remove the data or even shut down! (See Have Genealogy Sites Shut Down Due to GDPR? above).
GDPR Resource List
- About the General Data Protection Regulation – MailChimp
- Common Sense and GDPR – DNA Explained
- Cookie Choices – Google
- Cookies notification in European Union countries – Google/Blogger
- GDPR and Lead Magnets
- GDPR, DNAeXplain and DNA-Explained.com – DNA Explained
- GDPR Takes Effect in May 2018 — Is Your Nonprofit Ready? – TechSoup
- General Data Protection Regulation – Wikipedia
- Getting GDPR Ready – PayPal
- Some Genealogy Sites Closing Due to EU’s General Data Protection Regulation – Eastman’s Online Genealogical Newsletter
- The Casualties of GDPR
- The GDPR, You & Me – The Legal Genealogist
- What is the General Data Protection Regulation (GDPR)? – Facebook
- What the General Data Protection Regulation (GDPR) Means to Genealogy Bloggers and Others – Eastman’s Online Genealogical Newsletter
Disclosure statement: I have material connections with various vendors and organizations. To review the material connections I have in the genealogy industry, please see Disclosure Statement.
©2018, copyright Thomas MacEntee. All rights reserved.