As we know, there are some big changes going on with European Union and the GDPR (General Date Protection Regulation) that will affect the way we obtain emails for opt-ins, freebies, you name it. That means, creating an opt-in incentive download and automatically adding them to your newsletter is illegal under the GDPR and those […]

Post intro

How I’m making my email and website GDPR Compliant

tips + tools

As we know, there are some big changes going on with European Union and the GDPR (General Date Protection Regulation) that will affect the way we obtain emails for opt-ins, freebies, you name it. That means, creating an opt-in incentive download and automatically adding them to your newsletter is illegal under the GDPR and those in the European Union. So, I thought I would share how I’m making my email and forms GDPR Compliant.

BEFORE May 25th

1. Anyone within the EU will have to get expressed consent from alls subscribers.
2. Anyone in US (and other countries) will need to have all EU subscribers re-opt in to your list…because currently they may be on your list illegally.
3. Anyone from the EU on your list who did not opt-in again will NEED TO BE REMOVED from your email list by the 25th.

AFTER May 25th

1. Remove all EU subscribers who did not re-opt into your list (more on that with ConvertKit)
2. Put an updated PRIVACY POLICY on your website that includes GDPR — You can get 10% off with code: SAFFRONAVENUE10 for this one HERE and even getting a terms + conditions HERE that states how your visitors can use your information (aka: those who might think it’s okay to use your text and images)
3. If you are using COOKIES on your site, you need to make it clear (I use this one HERE)
4. Change all free incentive opt-ins/sign-ups to include exactly what they are receiving, include a link to your Privacy Policy, and do NOT add them automatically to your list.

 email and website GDPR Compliant




Luckily, ConvertKit has been working hard to make sure we are all compliant and have the necessary tools to do so,  which I’ll show you below. {P.S. HERE is the info for MailChimp} Basically, you will have to email all EU subscribers and ask them to opt-in again, and if not they will have to be removed from your list (so if they don’t open the email or click to re-subscribe you must delete them). Keep in mind, this could be an opportunity to clean up your list and start fresh..which I might do.


Hey there,

You may have heard about the new data protection law in the European Union called the GDPR which regulates how personal data is processed. Under GDPR, I need to make sure I have your explicit consent to send you my newsletter and marketing emails.

If you’ve been enjoying my content, just click this link and check the two boxes on the next page:

{{ gdpr_consent_url }}

If this is not for you, just click unsubscribe below, and I won’t email you again. Thank you so much for reading and have a great day!






Remove from your list

Once you have sent all subscribers the email above, you’ll see who has been tagged (clicked to re-opt in) and moved out of the segmented list. Once May 25th comes you will need to go back into that segment ‘EU Subscribers without consent’ and DELETE all of them.  It sucks, but they simply might not want to be on your list anymore and that’s okay!


Update Your Privacy Policy

This is huge, and something you NEED to have on your site!! This should be on every page (aka: footer) and especially available and clickable where you are receiving personal date, aka: emails. (contact forms, comments, email sign-ups, freebie opt-ins, etc). I recommend getting the one below and filling in your info and popping it on to your site.  P.S. I added this to my footer, my email newsletter template, and my pop ups (just to be safe). – Not only that, but having a Terms + Conditions contract on your site is also very important to state how others can use the information (copy and images) on your website.



Your Website Cookies

These are basically small files stored on your server which are considered personal data of those visiting your site. To keep it simple, if you use google analytics, any ads, are collecting cookies to analyze your visitors. With the new GDPR update, it is safe to enable a cookie policy on your website (similar to what you probably saw with mine).  If so, need to add a pop up to notify those visiting your site that you are collecting cookies. I currently use TERMLY  which can be free, unless you are like me and want to customize to not be ugly ;)

 email and website GDPR Compliant


Update Your Email Forms

This is huge. With the new regulation, we don’t really know how the US is going to enforce it…but in my opinion (just mine) I think it’s safe to do this across the board for all of those who get a freebie and signup for my list.  Below you’ll see a few examples of what I recently changed to try and be GDPR compliant. A big thing is that they want you to explicitly tell the person why and what exactly you are going to do with their email and that it is optional to sign up.

you can no longer provide a free download and automatically add that person to your email list. You can only add people to your list with proper express, explicit consent, freely given and only for a specific purpose

– via Paige Hulse

So, what I’m doing is changing up my freebie forms to simply send them an email (with the download), and then giving them the option to opt-into my email list. Consenting to be added like below and stating what they will receive from me. Not only that, but I note how I will keep it secure and even link to my privacy policy. If they do not signup and simply download the freebie (and delete the email), they will not be added to my list.

 email and website GDPR Compliant

Now, GDPR says they need implied and explicit consent, so stating exactly what you will be giving them and how you will use their info. I will be changing this a bit more, but for now, I added a simple line stating what they would be receiving from me if they choose to sign up for my list. NOTE: Once Convertkit enable checkboxes I would highly recommend you put that on all your pop-ups stating: ‘I consent to receive emails about your products and special offers’

 email and website GDPR CompliantIN CONCLUSION

Basically, get yourself a GDPR Privacy Policy –  Ask for EU subscribers to re-subscribe to your list  –  Don’t automatically add their emails to your list when offering a free download  –  State exactly what/why/how you are going to use their email when signing up – And NEVER just copy/paste or upload emails into your LIST, that’s just illegal…they have to choose to do so.


– SHOP POLICIES HERE! Code: Saffronavenue10 –

P.S. this post is just my opinion, and recommend you learn more about the GDPR here to make sure you are making the correct updates. If you notice any errors, please let me know!

I Think You'll Love...

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. Heather says:

    ConvertKit actually had an awesome GDPR consent system. You do have to use their embedded forms, not a plugin. But you can opt to only ha be your EU subscribers sent to a GDPR consent page when they sign up for explicit consent. No need for checkboxes on opt-in forms and no need to change how you handle your non-EU visitors. Just be explicit in your GDPR consent page. I like this method better than any other option I’ve seen.

  2. I absolutely adore your blog posts! They’re so inspirational! I love what you do, and the things you post is exactly the kind of things I’m interested in. 💋