Part Two of the GDPR - It's all about transparency!

by Mckenna Hallett | Find Homes For Your Art

It’s all about transparency! (And a short soothing podcast, too.)

(Click here for Part One of this two-part series)

I am publishing this content a little behind schedule. I had no idea what a crazy rabbit hole I entered when I wanted to learn a “thing or two” about the General Data Protection Regulations – the GDPR. Holy Moly!

Since my post two weeks ago, I have attended two webinars, read volumes of articles, blog posts, and entire sections of the actual regulations and I am quite sure of one thing: the vast majority of you who follow me (especially my artist community) are already complying with the “intended” spirit of the law.

Wherever you are living and no matter what your business or industry, what matters is that anyone from whom you are gaining ANY personal data – even Facebook Pixels! – the person, whom you are tracking, (who’s data you are controlling) must be able to know what you’re doing with their data.

While for the moment, this applies to EU residents, I expect this attitude and the laws behind it, will be the norm worldwide before too long. It is simply the reasonable way to treat each other. Even if the US doesn’t write it’s own regulations, American companies, per Forbes Magazine just yesterday, has so far spent $7.8 Billion (yes….Billions) on GDPR compliance. Some of that money is going to scam “consulting” firms.

SO… here is a BIG warning to all Online Marketers. Whatever you are doing to grow your following – ONLY follow trusted sources when you are looking to learn about anything from the “interwebs”.

It’s not news to anyone that there are bad people doing bad things on the internet. However, this new regulation has brought out some very scummy, scammy, fear-mongering bullies who have created online businesses overnight to take your money and run!

BE VERY CAREFUL where you are getting your free resources, too. Look for the date of publication of the information to be sure it’s current! Don’t start spending money to get information from some “guru” who claims to be an expert. No one is quite yet an expert. Some of the regulations are still in a flexible status. And it will take some court cases for some of this to be settled law.

While I am not an expert, I have put real hours into this and will be putting more hours in as I prepare to teach this as a seminar later this month here on Maui. But I am ready to say “I don’t know” even 1% of what others (lawyers and IT people) know and they will tell you they are still trying to figure it out, too.

But these links below should help!

To help you get some of the basics from trusted sources, I go first to the ICO (The Information Commissioners Office) This is the horse’s mouth. However, watch out… you can be on this site forever. It’s taken the legalese from the regulations and tried to put in in plainer language, but it is still the world’s biggest rabbit hole. So to keep you near the entrance, here are two sections I feel you need to pay attention to:

This is the LINK you need to access the section called “Key Definitions”.

This is the LINK to learn about “Consent”. 

Have less than 250 employees? This is about Article 30(5) addressing the word “occasionally”  which many are addressing as it is now officially “a thing”. Vast articles are devoted to trying figure out what “occasional processing of data” actually means. This article will give you a headache, so just look at the graph and relax.

This last one is very long and yes, I read every word. However, you can just look at the pics and examples and I think you will get the gist of the article. It’s not unlike my post about Lead Magnets from 2016 but with more words. (LOL!)  It’s looking in depth at Consent and Opt-in.

That’s enough for now. Just know that if you have more questions, I am happy to read them in the comments per usual. The more questions you have the smarter I am getting, so please… ask away!


  1. Rebecca Vincent

    Hi Mckenna,

    Thanks for your hard work in helping us to prepare for this. The data laws seem to boil down to what we would consider normal, polite and transparent ways of communicating with people! I’ve been looking at the ICO documents and I’ll be taking some simple steps to comply:

    Using the advanced permissions in Constant Contact
    Writing a new privacy policy and letting people know about it
    Updating my online and offline email collecting forms to make them more explicit what I’ll be doing with people’s data

    Thanks to you guidance in the past it’s a reasonably light touch. I won’t be doing the opt-in email thing.

    • McKenna

      You got that right, Rebecca. It’s really just about using “good manners” and being very open and clear about your intentions with any data you collect.

      Frankly, it’s not even necessary to do the advanced permissions. But with you living in the EU (Brexit or not) you might feel comforted by that and so why not… there is a very small risk that people will not jump through an extra hoop, but so be it.

      I am putting together a seminar for Maui businesses to attend and I might turn that into a webinar. Stay tuned!

      One of my favorite “tests” from the ICO site is asking yourself something along the lines of, “Would you be comfortable explaining why you need their personal data?”. If you can answer affirmatively to that question – that is pretty much a key to success!

Submit a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: