Music Business

The Musician’s Guide to GDPR [Cyber PR]

image from cyberprmusic.comNotice you're getting a lot more opt out and terms of service updates lately? The reason is The General Data Protection Regulation, a law designed to protect online privacy in the EU. But did you know your website and email list must also be GDPR compliant?


By Ariel Hyatt of CyberPR 

image from cyberprmusic.comWhat is the GDPR and how does it apply to Musicians & Artists?

You’re an artist, and you’re in business on the global internet. For years, or possibly only recently, you’ve taken our advice maintained a website, set up your email list, created a presence for yourself on a variety of social media channels and regularlyemailed your email subscribers.

As an artist running a business using any part of the internet, chances are you have crossed physical boundaries with your marketing channels which you could not have crossed prior to the internet, and the invention of email & social media. As a result, you are likely managing a website and email list which touches residents of the European Union. For this reason, you need to know about the GDPR. But What is GDPR, Exactly?

In a nutshell, the GDPR is a new privacy regulation in the European Union.

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA.

[Source: Wikipedia]

After a specific deadline, residents of the EU will be using the internet with a greater level of data and privacy protection.

The deadline to comply with the new GDPR was Friday, May 25, 2018. If you haven’t taken appropriate measures to make sure your website & email list are compliant, It’s not too late. There’s still time to meet the deadline. If you’ve missed the deadline, we advise that you take steps to become compliant as soon as possible.

We realize it may be a little confusing, so we created this guide to help you. But, we are not Lawyers. To make this guide, we used information supplied from various sources & compiled it into one guide. We hope this makes your transition to GDPR compliance smooth and easy.

What Do I Need To Do About My Store & Email Lists?

  • If you have one on your site, update the privacy policy for your webstore / email list so it is compliant. Disclaimer: We are not lawyers.
  • Ensure that every EU citizen has the choice to opt-in. Create a “required” checkbox which requires the recipient or viewer to read your privacy policy & link to the privacy policy you created above. The easiest way to make sure that you’ve covered all of your EU subscribers
  • Send an email to all of your subscribers which prompts them to re-confirm their subscription or makes it very obvious that they can unsubscribe. You are asking them to confirm that they really want to receive emails from your list. Since you followed the rules to begin with and didn’t sign anyone up who didn’t sign themselves up, there’s a good chance they will continue to subscribe. If not, there’s nothing you can do – do not sign anyone up for a list without their proven consent.

I use Mailchimp. Do I Have To Do Anything?

  • Mailchimp has made it easier for you to set up for compliance, but you’ll still have to log in and  1) create an opt-in form and 2) make sure you understand their privacy policy, and how it applies to your business
  • You can find the instructions for setting up your Opt In  form on Mailchimp here
  • If your privacy policy is the same as MailChimp’s privacy policy, you can find that language here 

I use Shopify, What Do I Have To Do?

  • If you have a webstore which uses Shopify, log in to your account and follow their instructions to make your store compliant.
  • Visit Shopify’s guide for compliance for all Shopify users here:

But What Do I Write Exactly?

Here is an example of an email sent from UK based artist Jamie Cullum.  As you can see he’s kept it short and sweet and it’s got the unsubscribe link at the bottom!

Jamie Cullum GDPR Example

But What If I don’t Know if Any of My Fans Reside in The EU?

Ariel works with a partner who gave great advice saying if in doubt just sent the email to your entire list – this way you are covered!

Final Disclaimer

Check with your web host to ensure that their privacy policies are updated and again please remember we are not lawyers just two artist advocates trying to help!

We hope you found this useful. Please do share with any artists who you know have a mailing list and could benefit!

Ariel Hyatt is the founder of Cyber PR; a Brooklyn-based social media PR firm. Her Cyber PR campaigns, books & seminars help connect artists with new media makers and coach them to create authentic relationships with fans.

Share on:

1 Comment

  1. What to do if you missed the deadline?
    You can’t contact the email list anymore to ask for compliance, right?
    So just delete it and start all over?

Comments are closed.