GDP… what? GDPAaaaaaaaarrrrr! Don’t worry! YOUR STEP BY STEP GUIDE TO THE GDPR IS HERE!

If you are doing any sort of business online, and you’ve not heard about the GDPR you’ve most likely been living under a rock. OR, you’ve been focused on making MOVEMENT in your business rather than following the Y2k-ish posts that are flying around.

While it might seem like scare tactics are everywhere, it’s real.

Like, you are actually putting your biz in danger if you don’t follow the rules.

So… I’ve been collecting all the info for you and going to share a step by step guide for making sure you are protected as these laws change.

Hang on to your hats and glasses folks, this is a doozy!!

You are getting:

  • The Step by Step Guide to Surviving the GDPR
  • 60 Minutes of my personal interview with Attorney Joey Vitale
  • Amazing Show Notes that summarize all this GDPR goodness
  • One of our Speedy Recaps to wrap this up and put a bow on it
  • A list of links to do more research by



Disclaimer: I’m not a lawyer – it is your responsibility to do your own due diligence and make sure you are handling this in a way that is not putting you at risk in your biz.  I had a hard time sifting through the crazy of the legal jargon, so this is my plain English, basic steps you can take to make sure you are on the right side of the GDPR.

  1. Take a breath, this will all be OK. As Todd Herman says, tap into your WOW brain, not your OW brain.
  2. Get your Privacy Policy SET and make it available. We all should have had this in place anyway… sooo yeah. Make it a priority. You can get one when you book a 20 minute call with Joey Vitale – www.indilaw.com/discovery
  3. Check Your Lead Pages, Lead Magnets, and contact forms. Decide are you going to include a checkbox or change your lead magnets so that they include your newsletter as a part of the value?
  4. Check your pixels/tracking codes on your websites. You have to let people know you are. tracking their activity! (Bonus tip, check the data retention on your Google Analytics account.)
  5. Segment your current list (ie email, bot, fb etc.) if you can but remember, this applies to anyone who is in the EU or the UK, not just those who live there.
  6. Get confirmation from those who are on your list saying they want to stay, and give them a way to delete their info if they’d like.
  7. Got Bots?  We are going to start adding a little “manage subscription” button to the bottom of our bot messages so that people can opt out at any time.
  8. Let it go. Seriously, these changes help us to be better marketers!


1. What is the GDPR!

It is a European Union based set of regulations around privacy. GDPR stands for General Data Protection Regulation (GDPR). GDPR is the legal framework for collecting and processing personal information of residents and occupants of the European Union. It came into effect Friday, May 25, 2018.

2. Lead Magnets/Newsletters

Lead magnets and newsletters require opt-ins. What is important to know now is you can’t sneak into the consent for a lead magnet PDF all kinds of other things. You have to keep the lead magnet the lead magnet and then be specific with the other things like a newsletter or promotional content.

Here is the likely problem most of us have. We have a list of people that opted in for a lead magnet, usually a PDF… BUT we are also sending them regular emails about all the other stuff we are doing… newsletter kind of content. Under GDPR regulations this is not cool.

So you may be asking yourself why can’t we just tell subscribers that if they opt-in to my list, they will be agreeing to receive other updates and information from me. You can’t do that. You have to be clear and direct with what you ask them to sign up for then deliver on that promise.

Another key point is, you can’t have a condition. For example, you can’t say to get this free PDF, you have to agree to get my newsletter as well. That is a condition and not a legitimate interest by a subscriber.

So, people are adding copy or checkboxes to their lead magnet opt-ins so they can send newsletters as well. Be clear and direct in communicating you are asking to send them the lead magnet PDF… AND a newsletter.

Here are some examples of checkboxes for lead magnets and newsletters:

  • I agree to receiving the weekly newsletter
  • I want to receive occasional promotional content
  • I have read and agree to the terms & conditions
  • I understand that I can unsubscribe at anytime
  • Oh, and I would like to get some fries with that!

What Joey is educating people on is to at the very least have a few key checkboxes:

  • I agree to receiving the weekly newsletter
  • I have read and agree to the terms & conditions of the privacy policy

Here is the challenge. GDPR is a 200 page regulatory document and nowhere in it does it say… “this is what your opt-in should look like”. This is why it is confusing. The group that will be policing the regulations is still forming. It is small and things will unfold along the way as cases come in and more clarity will happen.

Take a deep breath and chill out with this whole GDPR thing. Learn what the best practices are and be aware how it affects you. What they are really going after is big businesses like Facebook and Google. Not small business owners like you and I making a living on the internet.

Here is how you can tell if you are a big business or not. It is a matter of Collecting vs Processing information.

Most of us running a business online are collecting information. Where as companies like Facebook and Google are both collectors and then processors of information. The GDPR is the first regulatory process that holds “processors” of information to this new higher standard.

It is your business and you are responsible for it and any services you have accounts for. That is why we did this broadcast to inform you and move you forward with this whole GDPR topic.

Todd Herman has a quote that makes the point  “GDPR = Y2K”. Remember the whole Y2K thing in 1999 when everyone was worried what would happen with computers when the calendar changed to the year 2000? Some thought the sky was falling. The reality: Nothing happened. It was business as usual. I think there is a bit of this at play here.

Let’s get into the checkboxes some more…


3. To Check or Not to Check

There are a few important points to make here.

First, all reputable Email Service Providers (ESP) are updating their systems to be compliant with the new GDPR regulations. In practical terms this means you don’t have to worry about having a system that can do what needs to be done, they are updating their systems for us. For example, I use Convert Kit as my ESP and they had the ability for me to add a checkbox already in place. I’m sure yours will as well.

The second important point about checkboxes is this: they must NOT be already checked off. You can not presume people want it checked off and check it for them. You can’t presume they will UN-check it. That worked in the past but does not cut it with GDPR regulations.

To be GDPR compliant, they need to be the ones to proactively select whatever checkbox you have put there.

You can either have the check box there, or not have a checkbox there. If you don’t have it there, part of your follow up campaign from their initial sign up can be to sell them on the value of another thing they can opt-in for. For example, if the initial opt-in was for your lead magnet PDF.. the next offer you could talk about would be your newsletter. This would be the next thing they say yes to. Then you can send information on both.

OR – You can leave it off and include the “Newsletter” or “Weekly Tips” as a part of the promised value up front. This idea looks best to me. Read more about it here: My friend Jennifer Dunham sent this one! Love it! Seriously, so good. https://thrivethemes.com/gdpr-for-email-marketing/


4. Your Current List! Segmentation and a Re-Engagement campaign:

Ideally… you have your list segmented already. You know what part of the world your subscribers come from. You have clearly asked to send them information on a given topic… and they are clearly expecting to be sent that information.

If this is not the case you will need to do some work. Take a look at your current list and identify where your subscribers are from. And they will probably fall into three broad groups:

  1. Those you know are in the EU?
  2. Those whom you know are not?
  3. Those whom you do not know where they are from?

From here create a re-engagement campaign. First set aside those whom you KNOW are not in the EU. These subscribers are business as usual. Now take the rest off your list and do a re-engagement campaign with them. Those you know ARE in the EU and those you haven’t a clue where they are from.

With this group, you can re-engage and have them sign up for your clear offer with legitimate interest. Will you lose some subscribers, sure, but the better news is you will have a more engaged list and you will become a better marketer.

What could you send them? Here is a quick, simple even cheeky re-engagement email? A business colleague of Joey’s sent out the following email.

“Hey! Everybody is annoyed by the GDPR. Just click below if you want to get a newsletter from me.”

This is quick and simple and at least covers your butt in the short term.


4.1 Molly’s ninja tip:

So here is the situation: Email open rates are about 20%. That means that 80% of that list is not opening the email to know if they want to stay on the list. So what do you do?

If you are doing what we recommend, and that is you have a Messenger Bot, of course you do right!!… and you are using the awesome tool we recommend which is ManyChat… then you have a built-in segmenting tool right inside ManyChat!

ManyChat has the ability to segment the list inside it by location/timezone. Bam! (And as a side note GDPR includes Messenger Bots.)

I will be doing a separate training on this in the future. Stay tuned for that. But the short version, for now, is to go into ManyChat and filter your list by “locale” and “time zones”. It will then show you all the places your Messenger subscribers are from.

You may be wondering if you can port your email list into ManyChat and have it segment it for you… but that is not possible. People on your list need to also subscribe into the ManyChat Messenger Bot. Which you can do with a simple FB ad campaign. Remember all of these best practices are making you a better marketer!

Next, set up Zapier and do a Zap to tag people from ManyChat into your ESP (I use Convert Kit). This is an advanced strategy, and your ESP needs to have tagging ability. Check if your’s has tagging abilities as not all do this advanced tagging function.

Now, what if you are not that sophisticated or are just starting out? In this case, just do a re-engagement campaign to all those on your list whom you don’t know where they are from. Treat them all like they are from the EU. You potentially will lose many on your list whom either don’t want to re-engage or whom didn’t even see the email. But you will at least have a clean list.  

Keep in mind doing this kind of work is good marketing. Deleting those off your list whom are not engaged makes for a better list. There are lots of benefits!

  • Your open rates will increase.
  • You will get better deliverability with you ESP.
  • The cost of your ESP service will likely go down as most charge by size of your list.
  • This is all good stuff.

If this is confusing here is a quick reminder why we are doing this. The GDPR requires you remove people from the EU from your email list that have not given expressed permission to be on your list. So that is only people in the EU and not the US or Canada or Australia or anywhere else.

5. Privacy Policy

First off, if you are doing business on the internet, you need to have a privacy policy. Long before any mention of all this GDPR discussion and the May 25th 2018 date, people doing business online need to have a privacy policy. Period.

There is a California law that states if you are selling to people in California you need to have a privacy policy. So even if you are just selling to people in the US it is likely going to include California, so you need a privacy policy.

Joey says you need to be transparent on a few specific things.

  • You need to disclose how you are collecting information either personally provided on a Contact Us page or technology wise via pixels and cookies.
  • You need to disclose how you are using that information.
  • You need to disclose how you are storing that information and keeping it secure.

So the existing California law is about collecting, using, and storing people’s information.

There are many DIY services out there. There are plugins available so you can write your own. But let’s face it, none of those options have you covered if your policy is challenged in any way. To that end, Joey has an amazing offer where they will create an attorney backed and supported privacy policy for you for a very low price. This is a no-brainer. Just go to his site and get the details for his discovery call. [IndieLaw.com/discovery]


6. Pixels, Cookies, and Google Analytics

If you are using technology on your site you need to tell people you are doing so. Be it Google Analytics or a FB Pixel or Cookies etc. At least in your privacy policy or a best practice is to have a discrete popup or ribbon at the top of your site or the side that says you use pixels or whatever you use.

Google Analytics is changing how it does it’s function with respect to length of time it stores information. They are now auto-deleting everything before I believe it is 26 months ago. If you want to keep that data you have to go into your settings and change it.

Let’s pause and take a deep breath again. Keep in mind the accounts we all have to run our businesses are adjusting their systems to help all us users to be compliant. We are responsible for our businesses but the service providers we use are all doing a great job of updating their systems to help us all be compliant.



It was such a pleasure to have Joey on live with us. And to continue the goodness he has two ways you can get more awesomeness from him.

The first is the Discovery call with Joey to not only talk with him but to get a privacy policy set up for your business if you don’t have one already. He has made this a no-brainer cost and you can get the details at his website here [www.IndieLaw.com/discovery]

The second is his FB Group called Friends of Indie Law. His group is way more than just about legal stuff. Joey has put together a community of business services that shares the same values as we all do of good honest business. I can’t recommend him and what he does enough.


8. Implementation:

Okay now here is Joey’s and my challenge to you:

  • Set aside 3 hours and research this subject.
  • Inform yourself about this topic. But not only inform yourself but start implementing these things and moving them forward in your business.

Let’s get really practical and break that down further.

  • Take the first hour to review these show notes and links.
  • Then take the next two hours to implement what you learned for your business.


9. And – Maybe you need a Speedy Recap?

What is the GDPR?

  • A new set of regulations that go into effect May 25, 2018
  • It is for people in the European Union, not live there just be there
  • If anyone on your list or visits your website from the EU you need to pay attention the GDPR regulations

It covers Lead magnets and newsletters:

  • Modify your Opt-ins
  • Add a checkbox or change your copy to be clear and specific on what people are opting in on
  • Suggestion: include both your lead magnet AND your newsletter in your copy! That was easy!
  • Oh and don’t blackmail people and say you can only get my newsletter if you get my lead magnet.
  • Say something like… my newsletter comes with my lead magnet!

To Checkbox or not to checkbox:

  • You have to decide if you want to use them
  • They MUST be UNchecked at first
  • Perhaps with better copy and more clear copy you won’t need checkboxes

Privacy Policy:

  • You need to have one regardless if you are selling to the EU
  • Jump on Joey’s Discovery call and pay the very low price for this simply but needed service
  • Get the details from his website at: IndieLaw.com/Discovery

Pixels and Cookies:

  • Have a simple popup on your website that is a ribbon that informs visitors that you use pixels and cookies
  • At the very least have it in your privacy policy

Your Current list – Segment it!

  • Molly’s ninja strategy is to use Bots and Zapier for segmenting you list
  • Joey had suggestions for a re-engagement campaigns
  • Take a deep breath and don’t stress about it
  • After segmenting perhaps you will delete those on your list from the EU that don’t want to be on your list
  • If you have a really big company that they could sue you for lots of money they could do that

Google Analytics:

  • You might want to check your Google Analytics settings
  • They are looking to remove data that is more than a certain number of months old
  • I think it is 26 months but do your own research
  • If you want to keep the old info you have to change the setting inside your account

Joey Vitale:

  • Is an awesome lawyer that has your back
  • Visit his website and his Facebook group and get the support you need from him; links are below

JOEY VITALE: OMG How awesome was he! First of all… Joey Vitale is a great lawyer, but he is not your lawyer, and watching this video does not make you a client of Indie Law. The choice of a lawyer is an important decision and should not be based solely upon advertisements. Past results do not serve as a guarantee of future results. The information in this video is for general information purposes only. Nothing on this video should be taken as legal advice for any individual case or situation. This information is not intended to create, and receipt or viewing does not constitute, an attorney-client relationship.

Summary of the links to keep you on track:

You can get in on one of Joey’s awesome calls right here – indielaw.com/discovery

A GREAT GUIDE FROM MY FAVE EMAIL SERVICE PROVIDER, CONVERTKIT: https://help.convertkit.com/article/786-gdpr-faq  If you aren’t using ConverKit – I have a free trial! http://www.ThePreparedPerformer/convertkit 

A GREAT GUIDE FROM MY FAVE BOT SERVICE PROVIDER, MANYCHAT: https://blog.manychat.com/gdpr-manychat-updates/ 

AMY PORTERFIELD: I mean, duh! Always gold. http://www.amyporterfield.com/2018/04/gdpr/

THRIVE THEMES: My friend Jennifer Dunham sent this one! Love it! Seriously, so good. https://thrivethemes.com/gdpr-for-email-marketing/

GREAT GDPR FB GROUP: Thanks to my mentor and friend Mari Smith for sharing this one!  https://www.facebook.com/groups/GDPRforonlineentrepreneurs


How Can We Serve You?

Would you like to get more support with ManyChat and Messenger Automation? Click here.

Want to get your messenger automation basics built for you! Quick, easy and hassle free! Click here.

Big thanks to my friend Tom Birchall (fb.me/TomBirchallBizPage) who helped to write up these awesome show notes!