Tim Lewis: Now GDPR if you’re not familiar with those four letters represent a general data protection regulation, rules that are coming in sometime in May this year and are going to affect anybody who deals with anybody email or data within the European Union or United Kingdom. And they actually strictly speaking apply to anybody in the world who uses data from EU or British citizens.
Tim Lewis: Now, this is a very complicated and large subject because they’ve created some rules without properly fleshing out what the rules are about, so I thought I’d talk to an employment law expert and somebody who seems to be spending all their time now dealing with GDPR and the ramifications and she’s Annabel Kaye. I heard her interviewed on another podcast and she gave a very accurate description of what GDPR is and how it effects that particular sector but obviously authors and self-publishers are a different area and we have slightly different requirements. And also there are questions that were asked there, which wouldn’t apply here and questions that weren’t asked, so I thought I’d get her on the show to talk about GDPR.
Tim Lewis: Primarily the new changes designed to make sure that people aren’t signed up to email lists that they didn’t sign up to, that they know what they signed up to and that companies managed to keep everybody’s data secure and it’s too much for one interview, however, I do think we cover most of the pertinent details in this interview and certainly you can go to Annabel’s site and find out more. So now, to the interview.
Tim Lewis: Hello Annabel, welcome to the show.
Annabel Kaye: Hi Tim, it’s good to be here.
What is GDPR?
Tim Lewis: Okay, so we’re talking about the amazing, the exciting or not, GDPR, which is General Data Protection Regulations. In simple terms, what does GDPR make and who is covered by it?
Annabel Kaye: In simple terms, it’s a bit of a sea change because we’ve always as business rather assumed consent from people and we’ve used their data all sorts of ways to inform our marketing and GDPR is a big push back on that, that really wants the people whose data we’re collecting to know we are and to give consent to some things that previously they’ve not had to consent to. And who’s covered by it? Well it covers every person in the world who’s collecting data about EU citizens and that includes the UK, even post Brexit, don’t ask, that’d be another podcast.
Annabel Kaye: So, if you’re collecting information and that could include having an EU citizen on your email list, this applies to you, even if you’re somewhere else in the world.
Tim Lewis: Okay, and is it just electronic data this refers to? I mean, if somebody’s going round writing down in a book data about people would that also be the case?
Annabel Kaye: It covers any format of data, electronic or manual, which allows you to identify an individual. So, if you’re doing the classic author “I met a man once and he said,” that’s not covered but if it’s “I met a man in the Greenman Pub on Thursday and his dog was called George,” and that would allow everyone in the Greenman to know who the guy was, that would be covered. So, it’s about identifiable, living individuals.
What do authors need to do?
Tim Lewis: Okay. So, if an author has an email list of subscribers, basically it’s a mailing list they’ve built in something like MailChimp, so people are signed up to their MailChimp list that they’ve got because they’ve read one of their books. What do they need to be doing now and considering going forward in terms of the changes?
Annabel Kaye: First of all, the author needs to check how the people got on the list because we’ve all had different practises in the past. The ideal practise, I don’t think many of us have done it, is that everyone on your list has double opted in and that means that when they join the list they get another email going, do you really, really want to be on my list? You know the thing.
Tim Lewis: Yeah.
Annabel Kaye: And clicked it. That’s not the only way for things to be right but it’s the easiest way because if I was to come to you “prove to me that everyone on your list has agreed to be on your list,” the easiest way to do that would be to run the double opting report on MailChimp and MailChimp’s brilliant for that by the way. But of course in reality, that’s not the only way to evidence consent and consent is not the only way to get people on your list so, I’m getting a bit tacky here but if you’re in MailChimp, you should be able to show how they got on the list. The consent thing is about marketing to people who’ve never bought your books before. There’s a different set of rules for customers.
Annabel Kaye: So, if you’ve got a list of people who might buy your books then you need to be able to show that they’ve got on the list for a legitimate reason. Consent for marketing is really important, we have rules in the UK known as the PECR regulations, or Personal Electronic Communication Regulations. You’ve got similar rules in America on the spam front, you’ve got CAN-SPAM in Canada. The days of just being able to just add people to your list and randomly spam them are going, if you’re there, you need to stop that. If they’ve consented to be on your list and you are sending them what they agreed to have, you don’t have a problem. But some of us have migrated haven’t we? We said “do you want to be on our list for this?” but over time you started sending that. And under GDPR consent’s going to be much more specific. Does that make any sense to you?
Tim Lewis: Yeah.
Annabel Kaye: So you need to look at, am I sending them what I said I’d send them or have I kind of migrated on? The big problem, I think, is not people who are opening the emails, which, if you’re a MailChimp user you know perfectly well who they are, it’s the people who aren’t.
Annabel Kaye: You know, cause in MailChimp you could unsubscribe and assuming that you haven’t deleted that which is a breach of MailChimp’s agreement, people who don’t want your stuff are unsubscribing to it, but there’s a subgroup of people who don’t open it and they’re the ones you’re going to get problems from, aren’t they?
Tim Lewis: Yeah. So, I mean when you were saying about customers being different from other people on the mailing list, the problem I suppose a lot of author’s will have and certainly, this sort of applies to me, with the very few people who have subscribed to my mailing list, is that they’re sent the books from Amazon or from a third party so, they may have signed up from a link in the books but there’s not customer data as much I suppose in as much as, we’ve not sold them anything, but it’s been sold through a third party. Is that right? So that wouldn’t be customer data in that case.
Annabel Kaye: Well it could be but if they’ve signed up from a link in a book they signed themselves up. So, you haven’t stuck them on a list and started spamming them with stuff they haven’t asked for so, supposing it says in your book “if you want to know when I produce my next book, sign up,” and that’s what they’ve done and that’s what you’re sending them, that’s absolutely fine. The problems come if you decide, I don’t know, “I’m not making enough money from being an author, I’ll try and sell them shoes,” and all of a sudden you’re sending them emails every day about buying my shoes, that’s not what they signed up for.
Evidence of Sign-up
Tim Lewis: So how are we able to evidence what they signed up for? Is this a case and it’s so nonsense, I’ve done the double opting, well I do the double opting but setting it up, is this something that should be in the email that was sent back to them or could you just show the link from where they signed up? How do you say that you didn’t also, I mean, how does somebody know that, let’s say that you did put in your books “I will email you about books and selling shoes” for example.
Annabel Kaye: That would be weird, yes.
Tim Lewis: Let’s say you did that but then somebody complains that “I’ve signed up in this book and I got an email selling me shoes,” how would you evidence that?
Annabel Kaye: You just go, look, here’s page nine in the book, this is how you signed up, this is what it said, that’s the reason why, when you’re publishing the book.
Annabel Kaye: I mean it’s not so easy if you changed what you’re sending them, but if you go back to MailChimp, which is a very common platform and it’s not the only one. If you look at your mailing list in MailChimp you have the opportunity to create signup forms.
Annabel Kaye: And on that form you can go, if you join this list, you can expect to get weekly, monthly, annual updates, I’ll be telling you about my new books, I might be telling you about my thoughts or philosophy, religion, depending what kind of author you are, you know, this is what you can expect from me. It’s all about expectations so when people agree to be on your list, they’re not suddenly being hammered with stuff they didn’t ask for. Some people have gone so far as to say how frequently they’re going to mail. Now, I’m the words worst emailer, I actually get written complaints from people on my list that I don’t email them often enough.
Annabel Kaye: But for other people, I mean, I don’t know about you, have you ever met someone at a conference, you’ve given them your card and said “we must chat,” and before you know it you’re getting 38 newsletters a day and sales pitches and certainly for me, getting texted on the phone saying “here’s the deal of the day” and it’s like no, this is not what I agreed to.
Tim Lewis: Yeah.
Annabel Kaye: Right, you don’t want to be the person pushing that out. GDPR is all about hang on a minute, people consented to what they consented to, don’t take Michael.
Why are there so many interpretations of GDPR?
Tim Lewis: Yeah, okay. So, some people, we talked about, we had a pre-chat a while ago but why are there so many different opinions as to what GDPR means for small businesses?
Annabel Kaye: Well the first reason is that in the UK at least, the regulations that are implementing GDPR and I am talking to you in February and this is coming into effect towards the end of May, have not been finalised. So, we are talking about what will it be as much as we’re talking about what is it? SO that’s one reason, its not finished, there’s lots of draught guidance on things like consent, I’m fairly confident that they’re not going to change substantially but they could. So, different people have got different takes on that because lots of stuff’s in draught.
Opinions about GDPR
Annabel Kaye: The second reason why you get a lot of opinions on GDPR is that it’s really an attitude and system change. It’s about collecting only the information you need, it’s about using consent if there’s not business necessity and by the way, business necessity doesn’t mean I need to know everything about everybody. It’s a much more narrow term than that. It’s about storing it securely, it’s about not sharing it too widely, it’s about not sharing it with third parties without people’s knowing that’s going on. It’s a systemic change. So what’s happening, you know the old saying that to the man with a hammer every problem is a nail?
Tim Lewis: Yeah.
Annabel Kaye: So, if you go to a service security expert and they go it’s all about securing your websites, it’s all about encrypting your email. If you go to a lawyer they’ll go it’s all about getting your contracts right, you need to make sure that you’ve dotted the I’s and crossed the T’s. If you go to a marketing specialist they’ll say, well obviously no one’s is going to double opt in unless email list is fabulous, you need to hire me to make them better.
Annabel Kaye: So, why you’re getting different opinions is people are coming at it from different angles and it’s a bit like the old story “The Six Blind Men and the Elephant,” isn’t it? Some people have got the tail, some people have got the ears and neither of those represent the elephant but they’re all parts of the elephant.
Tim Lewis: Okay.
Annabel Kaye: GDPR experts, myself included are six blind men and the elephant and biting and hanging onto the ears.
Tim Lewis: So, let’s talk about the wider elephant then, because I mean, I kind of heard bits and pieces about all of these other areas, now obviously you’ve got your bits of the elephant that you know about, what you’ve felt while groping around in the dark. How do things like contracts and website security, how are they broadly being affected by this, I mean, I’m not sure how much of this is relevant to authors but some of it maybe because a lot of self-publishers do all sorts of funky things all the time.
Annabel Kaye: Yeah, well let’s take as it were the cycle of the business of being an author if you’re self-publishing, right? So, I’m going to assume you’ve written a book and somehow you got it send into electronic or physical format and it’s actually available for purchase, either through Amazon or directly or both, I mean, people do it in a variety of ways, don’t they?
Tim Lewis: Yeah.
Annabel Kaye: If you sit back and let your publisher, you know, or yourself wait for sales, I don’t know about you, but I wouldn’t expect to get many. Part of being a self-published author is the self-marketed author, isn’t it?
Tim Lewis: Yeah.
Annabel Kaye: And I don’t know, maybe someone has got a different business model, so you go out there and what do you do? You might speak at conferences or book clubs or even in bookstores, do book signings, wouldn’t you? All with goal of selling your book. Now, if it’s a physical book, it’d be in a bookstore and that may be the end of your exchange with the customer, you might even sign it, give them your autograph and off they go. But in the online world that’s not how things happen is it? Say they might come to your website, you might have an inquiries form “do you want to know what books I’m publishing next,” you might add them to a mailing list, hopefully with their consent and you might be mailing them because you are building an audience for your work.
Annabel Kaye: And in the modern world, we do that across all sort of mediums. So you’re going to have information about potential readers and possibly actual readers and customers somewhere, coming through your website, maybe on the email list, maybe on the physical mailing list, maybe you posted them a copy of your book. I don’t know how else people deliver books, I’m sad to say I’m not an author, so I don’t know. But you’re going to have some data about the people who read your books and if you’ve got stuff in the back of your books that sell on Amazon, people are coming to your list.
Annabel Kaye: Now, in the old days, despite the fact that law didn’t really encourage it, you did what you wanted with that data, you might have swapped it with another author, who was in a similar way, you might have collaborated, you might have bought a list if you’re that kind of author. All this data is drifting about, you might have given it to your external VA to create some kind of external advertising campaign. And the data your customers gave you was drifting, wasn’t it?
Tim Lewis: Yeah.
Ownership of Data
Annabel Kaye: Now I’m not saying that was every legal, it was all a bit shaky in some areas but as a small business, we kind of think we own the data, we do what we like with it. What GDPR is about fundamentally is the customer continues to own the data, you can only use it either with permission or with necessities so, in reality you’re kind of renting it, is one way to look at it. And you know if you rent a flat, you can’t knock down the walls without the landlord’s consent.
Annabel Kaye: So, it’s making the people who use data, the equivalent of data renters, rather than data freeholders because the freeholder, for the first time, clearly established in European Law is the data subject I.e., I own my data about me, I may consent for you to do certain things with it, but the fact I’ve consented for you to do some stuff with it, doesn’t mean you can do what you like with it.
Tim Lewis: So, I’m going to go off the scripted questions again but the whole sort of, author’s sending each other, giving email addresses to other authors, I mean, that’s clearly sort of a bit of a no-no now unless somebody specifically said, I suppose in the consent that they may send this to other relevant authors in the genre or something along those lines.
Annabel Kaye: What’s still unknown because we’re in draught, is whether you have to go right down to naming those authors, which would make life a bit difficult cause you’d have to be psychic and know who to publish in the back of your book. Or whether it’s sufficient to go, in the relevant genre, that’s one of the grey areas.
Tim Lewis: Yeah.
Annabel Kaye: I think it’s a bit impractical to be psychic but you know, you should be specific but again there’s a bit of loose practise about that. Have you ever spoken promote your book at an event, and they’ve said to you “can’t afford to pay you darling but we’ll give you the delegate list?” Well a list of people at that event, under GDPR, have positively consented that if that should go on, when you use the data you’re going to be in the wrong as well as the event organiser.
Tim Lewis: Yeah, well I’ve been at book signings and events where they’ve sent a bit paper around where people write their email address down and then I’ve found myself added to email list and I’m assuming that kind of thing’s probably-
Annabel Kaye: Well that place where you sign physically should now say “this will get you added to the following email list.”
Tim Lewis: Yeah.
Annabel Kaye: I think that’s a good thing, I mean, personally, I get about a thousand spam emails a day, I’m not joking, I use electronic mail filters to help me actually read the emails from the people that I want to get emails from and respond.
Where do you register?
Tim Lewis: Yeah. Okay, so, something that I know I need to do and I know a load of other people need to do is I think we have to be registering with the data protection offices, whatever, EU nation or UK we are. But who should you be registering with if you’re based in the EU and if you’re based outside who should you be registering with? For example, the US.
Annabel Kaye: Okay, let’s get a little bit of jargon to answer that question. If you’re collecting data about me, I’m the data subject. You’re collecting it so weirdly, you’re called the data controller. I’ve never got that cause I think I should be the data controller, it’s my data but anyway. If you give it to say, your virtual assistant or your publishing assistant to use, in that capacity they are the data processor. So many of us are data controllers for our own business but we’re also receiving data from other businesses because that’s our job to process. So if you’re a lawyer or an accountant or a virtual assistant, you will be data controller in your own business but data processor through your clients business, does that make sense?
Tim Lewis: Yeah.
Annabel Kaye: The reason why I’m saying this is if you are the data controller you have to register, if you’re in the EU in the country, which you’re in. So, I’m in the UK, I register with the information commissioner in the UK, if I was in Germany I would register with the German commissioner. And it’s not necessary to register in more than one country. As the data you don’t have to register anywhere. If you are outside the EU and you are a big user of data and I can’t find a definition of what big means because the world of the bureaucrat is not the world of the online marketeer, so I have clients who’ve got two million on them, now is that a big list or a small one? Nobody knows but big users of data are supposed to appoint a data registrar, someone to be their representative inside Europe. Would many authors outside Europe be having lists of that scale? Maybe not, maybe some of the publishing houses do.
Annabel Kaye: So, they actually don’t have to appoint a representative inside the EU. Not withstanding this, the EU takes the view that their ability to fine the data breaches, which is four percent of turn over or 20 million euros, not petty cash, extends right across the world. So we deal with Americans who go “well, they can come and fine me.” Well of course if you then want to do a European book tour and you’ve got a fine for half a million Euros sitting waiting for you at the airport, that could be a bit of a fright, couldn’t it?
Tim Lewis: That’s a lot of books to have to sell.
Annabel Kaye: I know, I mean I just hope you’ll not get.
Annabel Kaye: In reality though, I don’t think the average small, self-published person is going to get a knock on their door any time soon. At least in the UK, the Information Commissioner’s gone on public record and said, from this moment it comes in, from the first year, their regime will be advisory rather than fining of everybody. I think they’re going to be raking to find people who are breaching the current regulations because one of the changes GDPR brings in is that there’s no maximum fines.
Tim Lewis: Yeah.
Annabel Kaye: So, some people who got fined 60 thousand last month would be fined six million after May for the same offence, I think that where they’re going to start. I don’t think they’re going to be knocking on every self-published author’s door going, you’re in breach. I think when you’re going to get into problems is if you’ve got people complaining about you, more than once, and they’re going to the information commissioner over and over, going this person keeps sending me stuff, I can’t get off the list, what do I do?
Annabel Kaye: One person probably won’t get you fined but if it’s a hundred or a thousand at some point they’re going to go, now look, you’re going to have to stop this and they will advise you to stop and if you still don’t stop, they will fine you.
Tim Lewis: Yeah. So, it’s probably good to know the information offices anyway so you can complain about people if you’ve got a lot of spam from someone.
Annabel Kaye: But they’ve actually got an online you know, if you want to complain form and I’ve been sort of tempted myself, I mean, there is a list I was put on this week without my consent, which by the way is not lawful today, pre-GDPR in the UK. I said to them, there isn’t an unsubscribe button, can you please take me off and they didn’t and they emailed me again and they didn’t and I kind of hovered over the report button. And would you like to know why I hovered and didn’t hit it?
Tim Lewis: Why did you hover and not hit it?
Annabel Kaye: Because the fines will be higher when the GDPR is in and I thought I’d wait.
Annabel Kaye: And if they’re still doing it in May there’s going to be payback.
Tim Lewis: Email revenge is a dish best served cold as they say.
Annabel Kaye: Absolutely. I just thought, you know what? But I did ask them nicely. So, GDPR is a big one and I don’t want to alarm or trigger anyone but you must be aware of the #MeToo campaign? And there is a sea change elsewhere I think between the genders about the idea of entitlement and there has been a view amongst certain minorities of men, many of whom I have not met and do not wish to be acquainted with, that unless someone says “no,” it must mean yes. And I think we have been guilty as businesses of taking a similar view with data that we’ll take the view, unless they say no they must mean yes. And GDPR makes it firmly round the other way, unless they’ve said yes, it means no, unless you can tick some of these other boxes, which by necessity are in fulfilment of a contract.
Annabel Kaye: So, if somebody emails you and says, I want you to post me four books and here’s my address, you don’t need permission to keep the address because A. They’ve sent it to you and B. It’s necessary in order to ship the books, isn’t it?
Tim Lewis: Yeah
Annabel Kaye: So, we’re not I in a world where you have to say to people, before I ship you your books can you double, triple sign off that you actually want me to have the address? We haven’t gone that crazy, which is good, you know, it would make life very difficult because that’s to fulfil a contract. And obviously you have to keep a record of the invoice for accounting purposes, don’t you? You can’t just shred everything that minute the books have gone.
Tim Lewis: Yeah. So if you meet somebody at a conference, say, and they give you their business card, now obviously you shouldn’t really be adding them to your mailing list but presumably there is no issue with just ad hoc emails or other uses of business cards and keeping them, you don’t have to sort of be shredding business cards because of their right to be forgotten or anything like that do you?
Annabel Kaye: Well no, only if somebody says, “I wish to exercise my right to be forgotten,” but if to be honest I’ve forgotten the vast majority of business cards I’ve ever picked up anyway. I think that would be quite an easy one to fulfil really. It’s significant some would say of the cards I’ve forgotten. So, I don’t think an ordinary say, if I gave you my business card and said please call me, I wouldn’t expect you to go well, before I do I want it signed in triplicate that it’s okay. But if I said please call me I wouldn’t expect you to send me a hundred pre-programmed texts a day going buy my stuff, buy my stuff, buy my stuff!
Annabel Kaye: So, I think it’s really a question of sanity, it’s a question of manners and it’s a question of expectation and it’s not your expectation or mine, it’s the person sending the stuff, it’s the reasonable expectation of the person receiving it. So if I said let’s have a cup of coffee, would you call me? I do not expect a thousand texts, why would anyone expect that. Now I know there are some people who are hardcore ’80’s and ’90’s style marketing, who will say to you “they gave me their number, it’s fair game to do anything after that.” GDPR says “No it isn’t”.
Tim Lewis: Yeah.
Annabel Kaye: But on the other hand, do you really want to irritate everyone at conferences by deluging them with texts.
Annabel Kaye: Would that make you best selling author of the year, do you think?
What about InstaFreebie?
Tim Lewis: Probably not, so yes, that’s true. Another thing that comes to mind is certainly in the fiction world at the moment there are quite a lot of, well, there’s one big sort of give away service called InstaFreebie and what they do is people sign up basically, they use this service and they get a free book and then they’re added on by automation to the author’s mailing list. Now, how should you be coping with some sort of third party service where you get emails, its similar with Facebook ads and things like that, should those all be going through double opting? Is that the way to kind of get round a consent issue, that you’re actually getting it from another source?
Annabel Kaye: Well, if the people who are signing up for these instant books, no, that in exchange for the free book they’re going to be added to the author’s email list and that’s there at the sign up point and they’ve signed themselves up as opposed to you grab their business card and sign them up, I think that’s sufficient consent, I wouldn’t go for double opting on that because they’ve signed themselves up.
Tim Lewis: Yeah.
Annabel Kaye: I think double opting is a nice basis because you can show that they really must’ve known, but then you could say until you’ve double opted then you’re not getting your book, you could move the book further down the cycle. But at the end of the day, if people have been told quite clearly if you get this free book you’ll go in the author’s mailing list and there’s an unsubscribe, which means they can easily come off it if you’ve irritated them, whilst it may not be right up there with the prissiest of everybody’s double opted in, I don’t say it’s a practical problem unless you start baring them in emails.
Tim Lewis: Yeah.
Annabel Kaye: I mean, I would like to see on that insta thing, and the author will send you a monthly newsletter or a quarterly message about their work, because that way, you’re not being taken by surprise, it’s the ambush side of email marketing that causes friction, when you thought you were just getting a book and now you can’t get off the mailing list. I mean, I signed up once about four years ago, and I’ll always regret it, to an online webinar about how to have a successful online business and I thought, brilliant. To this day I can’t get off the bloke’s list.
Tim Lewis: Is that waiting for GDPR as well?
Annabel Kaye: Absolutely, he’s on my May 28th, mate. I can’t get off his list, I’ve unsubscribed, I’ve asked him, I’ve phoned him, I’ve put him in spam, I’ve complained to MailChimp that sends the lists out that this is spam, cannot get away from the bloke. It’s like rent your own stalker.
Annabel Kaye: What I don’t understand is when anyone in their right mind forgetting the law thinks that’s a great way to promote your work.
What about Social Media?
Tim Lewis: Yeah. The other question I have beyond the questions that I gave you beforehand was how does social media and things like that fall into this, I mean, if you’re messaging people on Linkedin for example, does that follow the same sort of rules, I mean, it’s not really automated as such.
Annabel Kaye: Now I’ve got a blog on my site and I’ll give you a link to it, which was expressly about Linkedin.
Tim Lewis: Yeah.
Annabel Kaye: And the reason for that is a lot of people do something known as Linkedin scraping where they either pay a VA to go through all their contacts and get the email addresses or sometimes they even get an automation to do it, you can actually pay a kind of bot to do it if you’ve got that kind of money and that kind of number of connections to make it worthwhile and this results in people like me being added to this just because we’re connecting with someone on Linkedin.
Annabel Kaye: One, that is a breach in the UK of the Common Marketing Laws, which say consent. Two, it’s actually a breach of the Linkedin rules, cause what Linkedin says, is don’t approach people with cold propositions, don’t add them to a mailing list. And on my blog on the KoffeeKlatch site, I actually set out which rules it’s a breach of. Now, I perfectly understand that we’re all on Linkedin to network and do business, but the distinction I’m drawing is, do not add into your daily, hourly, by the second texts because I didn’t ask you to.
Tim Lewis: Yeah. Something else that people could do with those email lists is you can upload them into Facebook into what’s called a custom audience and send adverts to people on that group. They sort of become much more anonymized in that regard. Would that be under GDPR or? I mean it would be very hard to actually prove you are receiving a Facebook advertisement because somebody added you on but is that something that would be outside of the spirit of it anyway?
Annabel Kaye: Now when people know that, they can go, right, not coming to you cause I don’t want to be part of your aggregated advertising campaign.
Annabel Kaye: I’m thinking of putting into, you know, everyone’s got a cart abandonment thing haven’t they? To help your carts if they were abandoned and you can be my consultant, you know? And I’m thinking of putting on mine, by the way we’re thinking of running an advertising campaign to people who fail to checkout because quite often, the kids come in, the phone rings, you meant to complete the sale and you didn’t, did you?
Tim Lewis: Yeah and then you’ve got an advert that reminds you and you go back into it, so.
Annabel Kaye: As long as people know that I think that’s okay, I think what’s really irritating though and I don’t want to name brand names but if you go on some of the really big shopping sites and you buy something, so you’ve actually bought it and you only need one of it, and then for the rest of your life you get ads everywhere about, go buy it. And I would like to feel that we could arrive at the point where we could at least figure out you’ve just bought it, you really don’t need another one, cause that’s one of my pet hates.
Tim Lewis: Yeah, that’s certainly-
Annabel Kaye: It’s a bit cheeky by the way, I had teenage sons years ago and I bought some stuff as sort of joke Christmas presents for them and I got chased round Google and Facebook for about three months with some really raunchy products cause they obviously thought they knew what I was like and one of them popped up and I was in a meeting and I was like, no, I don’t need this.
Tim Lewis: Yeah, that is a trouble with browsing history being a bit more public isn’t it?
Annabel Kaye: Turn cookies off, or clear browser cache, good idea if you’ve been shopping out of profile otherwise you do get the weirdest of both. But we live in this world, don’t we? And the fundamental idea of GDPR is you should know when you do something what the likely consequences of it are, so it would have been nice when I went on that site that for the rest of my life I’d get rather dubious advertising that would pop up all over my desktop regardless of who was with me.
About Annabel Kaye
Tim Lewis: Yeah. Anyway, how can people find out about Annabel Kaye and GDPR and the things that you do?
Annabel Kaye: Well I think the best thing to do is to either check out the KoffeeKlatch Facebook page, which is oddly enough called KoffeeKlatch, that’s all K’s and F’s by the way, no C’s in it. Or check out our webpage KoffeeKlatch.co.uk, we have page for what we’re doing all GDPR, which is Reddit/GDPR and we have free emails about GDPR, which by the way if you sign up to you won’t get emails about anything else.
Tim Lewis: Strange that really.
Annabel Kaye: And you’ll probably end up complaining to me that I haven’t sent you enough emails because actually people are quite hungry for that sort of content. We’re working with businesses and groups, we’re just about to launch a new group, we’re already supporting VA’s, we’re supporting trainers, we’re supporting businesses who are primarily outsourced and next week we’re launching one, which is going to be called the Digital VIPs, which is really looking at people who market their services online because you’ve got all this matrix of Facebook, you’ve got Google Analytics, you’ve got how do you run your email campaigns, what do you do if people you sign up into your webinars, you know, it’s just endless. And you just have to go through and tick the boxes, really.
Annabel Kaye: And we’re gathering people who operate in similar ways together, we’ve worked together for a year and most of our groups got 50, 100 people in it, so that sort of number. Finding out between us how this works, because if anyone tells you they know absolutely how to implement GDPR today, I think you should either call for the mental health people or be aware of the fact they really can’t be telling you the truth because nobody knows everything about this. And we’re finding a way with various of the micro businesses and in a way it’s a nice thing cause they all work different ways, you’d think everyone’s email campaigns ran the same way, I’ve come across platforms I’ve never even heard of.
Tim Lewis: Yeah it’s interesting the range of products that people actually use, isn’t it?
Annabel Kaye: You know, if some of them picked a platform 10 years ago that is so insecure today you kind of wonder why they haven’t noticed.
Tim Lewis: Yes, I think people emailing from their own PC’s is probably, to groups of people isn’t a good idea, they should be using some sort of proper service anyway, if nothing else.
Annabel Kaye: I think they should, here’s my tip of the day you can have this for free, make sure you’re on the most up to date operating platform as you can be and if you’re on Windows 95, please, really find some upgrades, you know? Encrypt your hard drive.
Annabel Kaye: If you’re on model Windows 10 or the latest version of Apple there’s just button called turn on encryption, by the way do not do that when you’re about to hit a deadline because it took mine all night, right? Pick a moment when you’re not going to do something. Encrypt your mobile phone, it’s full of addresses and emails and personal data about all sorts of people, the biggest source of data loss, is losing stuff.
Annabel Kaye: The Benefits Agency have done it, the Ministry of Defence have done it, you know, what makes you think you won’t?
Tim Lewis: Yeah, well that’s a whole another issue over and above GDPR, I suppose if you’re losing data then-
Annabel Kaye: In GDPR, it says hold it securely so, leave the train doesn’t come under the heading of hold it securely.
Tim Lewis: Yeah. So it’s kind of the 101 I supposed of GDPR, make sure that you don’t lose the data and end up being fined for that.
Annabel Kaye: Yes. And then maybe you wouldn’t even be able to have the data on what you’re supposed to pay, who knows. But we collect tonnes of data, we are nosy businesses even then tiniest ones. You know, we just collect data because we can and we hoard it and how many people dispose of a laptop that’s got hundreds of old emails on it without bothering to shred the data on that?
Tim Lewis: Yeah, well I’ve always taken out all the old hard discs of any machines I’ve had and then I kind of hit it with a hammer-
Annabel Kaye: The hard drives?
Tim Lewis: Yeah, so yeah. Hopefully I’ve at least completed that.
Annabel Kaye: Of course, from an author’s point of view, backups are really important, you know you have to back up what you’re writing, cause it’s just heart-breaking if you lose it. But if you’re backing up data about other people don’t forget to encrypt your backups.
Annabel Kaye: And these are simple things, I mean it’d like, you don’t have to work for MI5 to do this, but it would reduce your chances of losing other people’s data by about 80% wouldn’t it? Because if it was lost, no one could read it.
Tim Lewis: Yeah, anyway. Thank you for being on the show today, Annabel, you’ve been very helpful.
Annabel Kaye: I hope so, it’s a big subject and I wouldn’t want anyone to be scared by GDPR, people are telling you can’t trade, you can’t do anything, you can’t run your business anymore, they haven’t fully understood it just treat your customers and their data with respect and you’ll be fine.
Tim Lewis: Okay, yeah, well that works that’s a very good idea. So, thanks a lot for being on the show.
Annabel Kaye: You’re most welcome.
If you liked this show then you might like Legal Issues with Helen Sedwick , Website Security with Chris Varnom and The Importance of Timing and Quality