TL;DR: What is GDPR & How to Make Sure Your Content Is Compliant (Featuring Attorney Richard Chapo)

If you’ve been paying attention to the news in recent months, you may have seen headlines with the phrases “GDPR” and “European Union” popping up more and more often.

“GDPR” refers to “General Data Protection Regulation.”

It’s legislation that the EU approved back in April of 2016. Once approval happened, businesses were given 2 years to comply with new stipulations for collecting and using consumers’ personal data.


In a nutshell, the European Union strengthened the consumer’s right to control their personal data.

That’s great, but…

Why should we care, as content marketers and business owners not located in the EU?

(I don’t blame you if you look like this right now.)

But here’s the thing.

If you have customers in the EU, or operate at least in part there (including collecting EU consumer data), you will be affected by this new legislation, which will go into effect on May 25, 2018.

GDPR protects Europeans’ data no matter where they go virtually. Since we live in a global, digital economy, this applies to most of us who operate online.

To help you navigate these murky waters, I’m discussing the main pieces of GDPR that are most likely to affect you.

Then, to help you figure out what to do next, I talked to Richard Chapo, an internet lawyer I previously chatted with on The Write Podcast about copyrighting in content marketing. He has some advice about what to do in the face of GDPR.

Let’s get into it.


Which Parts of the GDPR Should You Be Most Worried About?

1. If You Collect Personal Data from EU Consumers, You Will Have New/Increased Responsibilities

The “personal data” that GDPR affects is the basic stuff you collect from customers and leads all the time: names, email addresses, and any other information that is personally identifying.

Specifically, GDPR stipulates that you are wholly responsible for the security and safety of the personal data you collect.

This also means you are responsible TO the consumer/customer. Above all, GDPR protects their rights.

2. EU Consumers Will Have Expanded Data Privacy Rights

GDPR mainly focuses on expanding and strengthening EU consumer data privacy rights. Here are the major points:

  • Consent must be crystal-clear. When consumers give their consent for you to collect their personal data, you must stipulate exactly how and why you’ll be using that information. You can’t use confusing or misleading legalese or fine print to state this information – it must be accessible, clear, and easy to understand.
    • This also means you can’t collect data for one purpose and then reuse it later. For example, you can’t offer a free download in exchange for emails, and then keep those emails and use them to populate your mailing list. You have to tell consumers EXACTLY what you will do with their data when you ask for consent.
  • You must collect the minimum amount of information needed to achieve your objective. For example, if you want consent to collect a consumer’s email address to send them your newsletter, you arguably don’t need their age or employment status to do it.
  • Consumers have the right to access and review the data you collect from them.
  • Consumers have the right to have the data you collect be “forgotten” – erased from your databases and therefore no longer used/processed.

There are lots of other points in the legislation, but these are the top ones you should know about. To read the others, check out MarTech’s in-depth explanation.

3. You May Be Fined If You Fail to Comply, But Fines Are Situational

The maximum fine an organization can incur from breaching GDPR is 4% of their annual global turnover, or 20 million euros (whichever turns out to be the larger number).

This is relevant to mega international companies, but to you?

Not so much.

Instead, what you need to worry about are tiered fines, which vary depending on the severity your infraction.

For minor infractions, organizations or individuals may be given a reprimand rather than a fine, but only if the fine would impose a “disproportionate burden” on them, according to article 148 of the official legislation:

What to Do Next: Advice from Attorney Richard Chapo

What should you do next in terms of GDPR’s far-reaching effects?

To find out, I talked to Richard Chapo, an internet lawyer with 24 years of experience in topics like fair use and copyright law, licensing, and other legal issues that affect online business owners.

(You can find Richard at, or you can connect with him on LinkedIn.)

Here’s the sage advice he has for anyone who will be affected by GDPR, whether you’re a blogger, an online business owner, or a content marketer:

“The GDPR contains massive penalty provisions, and we’ve seen a good bit of scaremongering online because of them.

The purpose of the GDPR is not to generate massive fines. The purpose is to protect the personal data of subjects located in the EU. Make a good faith effort to comply, and you are unlikely to be wiped out by a GDPR fine.

As Elizabeth Denham, the UK Information Commissioner stated, “…it’s scaremongering to suggest that we’ll be making early examples of organizations for minor infringements or that maximum fines will become the norm.”

Under the GDPR, you cannot collect personal data from a ‘child’ under 16 without getting verified parental consent first, although some countries can set the age as low as under 13. If the subject matter of your site is directed at kids – video games, education, etc. – you need to be wary of this requirement found in Article 8 of the GDPR.

The world will not end on May 25th if you are not GDPR compliant.

Many companies large and small will fail to meet the deadline. If you’ve just learned of the GDPR and are panicking – don’t.

First, panicking doesn’t accomplish anything. Second, get moving on compliance. If you receive an audit notice from an agency in the EU, providing evidence that you are in the process of complying will mitigate any penalties.”

Bottom Line: Get Familiar with GDPR and Understand If You’re Affected – Then Get Moving on Compliance

As Richard says, it’s important to start making sure you’re in compliance with GDPR if it will affect you. Even if you’re a little behind, this shows a good faith effort and may help you avoid penalties.

Smartblogger has some fantastic advice you can put into action right now for compliance. They recommend following 7 steps, including:

  • Doing an inventory of the personal data you collect
  • Quitting collection of any data you don’t need
  • Making sure you’re totally clear about the information you ask for and receive from consumers
  • And more:

Via SmartBlogger

A little work now will go a long way toward your peace of mind concerning GDPR as it goes into effect. The key is to start A.S.A.P. – then you can breathe a sigh of relief.

Questions? Thoughts? Comments about the new legislation? I’d love to hear them in the comments!


​The Write Podcast, E33: Copyrighting in Content Marketing - Knowing the Legal Side with Richard Chapo

​The Write Podcast, E33: Copyrighting in Content Marketing – Knowing the Legal Side with Richard Chapo

As content creators, we regularly cite sources and use elements in our content we probably didn’t create – images, audio, video, and more.

Are you sourcing and crediting these pieces in your content responsibly? Or, are you unwittingly committing copyright infringement?

That’s our hot topic of discussion in episode 33 of The Write Podcast. I sit down and chat with Richard Chapo, a veteran internet lawyer with over 24 years of experience, who got started at the very beginning of the internet explosion. He has knowledge of everything from DMCA compliance to fair use and licensing.

I asked my Facebook group, Profitable Content Strategists & Marketers, for questions for Richard, and boy did they deliver. This is a meaty episode with lots of practical advice and information, so make sure to tune in and grab a pen and paper – you’re going to want to remember these lessons!

​The Write Podcast, E33: Copyrighting in Content Marketing - Knowing the Legal Side with Richard Chapo

The Write Podcast, E33: Copyrighting in Content Marketing – Knowing the Legal Side with Richard Chapo Episode Show Notes

  • 2:30 – How Richard Became an Internet Lawyer. Richard began his career as a litigation lawyer for wrongful death cases in the late 1980s. As he says, that got old quickly. Eventually, he got involved with doing legal work for an old colleague who had started an internet company. Today he represents small businesses and protects their interests online.
  • 5:23 – The Proper Way to Credit Sources in Your Content and the Basics of Copyright. Copyright laws don’t translate well to the web. A lot of it is new territory, especially for fresh platforms coming onto the scene (think Instagram and Snapchat). How do you credit the content you use in YOUR content? Richard breaks down the basics.
  • 8:40 – Examples of Exceptions to Copyright, Including Creative Commons Licenses. There are exceptions to copyright where you CAN use someone else’s creative work (blog posts, images, videos, audio recordings, etc.) in your content. Richard gives us some good examples.
  • 11:00 – How Can You Avoid Copyright Issues? You can easily avoid getting entangled in legal issues pertaining to copyright infringement. The first way? Make your own content!
  • 14:10 – Even If You Purchase Content, Should You Still Credit the Creator? Sometimes purchasing content isn’t clear-cut. If you buy an image from Shutterstock, for example, do you still need to credit the creator when you use it in your content? Richard explains.
  • 15:50 – Richard Debunks a Myth About Linking to Content You Reuse (Attribution). Even if you link back to the source of the content you reuse, it’s not always enough.
  • 18:25 – Google Images: Dangerous Territory for Copyright Issues. Richard explains why using Google Images can be a trap, and why you just shouldn’t use an image if you can’t find the license or terms of use. (Not worth it!)
  • 19:51 – The Case for Creating Your Own Content. The value of creating your own content is huge, not just for you, but also for your audience. And, these days, it’s easier than ever. We delve into why this holds true, and why it’s partially about being real.
  • 25:34 – What is Fair Use, and Why Is It Important? The concept of fair use details exemptions to copyright law. Richard gives a rundown of why, when, and where fair use is an acceptable defense for copyright infringement.
  • 32:52 – What Should You Do if Someone Steals Your Content? Richard runs through the options available to you if you find out that someone has stolen your content word-for-word. The first one: Contact the person and ask them to take it down or provide proper attribution. The second one: Submit a DMCA take-down notice.
  • 37:00 – Sometimes Legal Action Isn’t Always the Right Approach. Sometimes you run into a situation where your fans are unintentionally using your content without permission. Richard explains how you can swing this to your advantage without getting full-on legal.

Quotes to Tweet

'Copyright law was written hundreds of years ago well before the internet appeared – it does not translate well to the web.' @richardachapo Click To Tweet 'Can you take that copyrighted image, publish it on your site, and then link back to the original site (a concept called attribution as a defense to copyright infringement)? No. No, no, no, no, no.' @richardachapo Click To Tweet 'People get sued on this all the time. Attribution – linking back to that original source – is not a defense to copyright infringement. It is a defense claim of plagiarism.' @richardachapo Click To Tweet 'Most people who commit copyright infringement are not evil black-hatters, they're just somebody who didn't realize there was an issue.' @richardachapo Click To Tweet 'Look at who's stealing your content and ask yourself what they're really trying to do. In some cases, they're fans.' @richardachapo Click To Tweet

Links Mentioned

Follow, subscribe, and listen to The Write Podcast