GDPR regulations for writers using listbuilding giveaways like KingSumo

GDPR regulations for writers using listbuilding giveaways like KingSumo

Most of my author friends have spent the last 2 months freaking out about GDPR. I haven’t commented, because I’m not an expert and I’m not personally concerned. But since I encourage book giveaways to help authors build email lists of targeted readers, a lot of people have been asking specifically whether or not giveaways are still a good idea with the new GDPR rules.

So in this article I’ll quickly point out the main indications of GDPR that will actually affect authors, why giveaways are still OK (if you do them right) and also why I’m not worried about GDPR for my personal platform. I’ll also point out the stuff I think you SHOULD do, and the stuff I think you probably shouldn’t do.

#1 Do I need to start over?

Some authors are sending their lists a “reconfirmation” email, asking their list to resubscribe if they’re very interested. Most people probably won’t bother, so you can easily lose 2/3rds of your list. Some people will do that anyway, “better safe than sorry.”

But the truth is, just because they’re too lazy to jump through hoops to remain on your list doesn’t mean they’ll never be interested in your books. I prefer a re-engagement campaign asking them to unsubscribe if they don’t want to hear from me.

So for a few weeks, you can add a PS on the bottom saying, “you may have been added to this list after signing up for a free book or giveaway. If you’re no longer interested in hearing about (subject/genre), and don’t want to hear from me anymore, just hit unsubscribe down below and you’ll never receive another email from me. On the other hand, if you’re interested in my books but don’t like getting emails… I get it! You can follow me on social media, or on Amazon, instead.”

You want to stress the benefits of staying on your newsletter; offer alternative ways to follow you; and also make it really easy/obvious to unsubscribe. You also want to regularly clean your lists: if someone hasn’t opened any of your last 5 or 10 emails, they probably don’t want to hear from you. 

Send a re-engagement campaign saying “you’ve been unsubscribed” or “you’re about to be unsubscribed” or “it’s not you, it’s me” or “I think we should see other people.” (This is called the “breakup” email; you’re trying to get a reaction so they open your email. Ideally, you want to pull them back in by reaffirming your benefits, sharing a personal or funny story, offering them another free book…

#2 What SHOULD I do?

Going forward, you want to make it super clear WHAT people are getting involved in, so whenever you have an optin form – including a giveaway – make sure you’re clear who is running the giveaway, and that they’re also signing up to receive a newsletter. You could add a checkbox “I agree/confirm to be added to a newsletter and receive updates from the author” but I wouldn’t do that either; you’re find as long as you mention by joining the giveaway or downloading the free book they’ll also be kept in the loop about news and updates.

Alternatively, you could run a giveaway, send everyone who entered a free book as a consolation prize, but THEN ask them to sign up for your newsletter, either before they download the free book, or after (to keep your list down to real fans). The main thing is you don’t want anyone to be surprised or angry when you start emailing them. 

There are four big rules of GDPR that affect authors and email marketing:

  1. “Tell me what’s going to happen”
  2. “Show me my data” 
  3. “I want to change that” 
  4. “Forget about me” 

Some easy things to do:

*** Make sure you’re using a simple privacy policy and terms of use. Your sites / optins should have those anyway, you can search for a template to use. I wouldn’t worry about cookies or get them to confirm (that’s only needed if your site is collecting extra information, not essential to function. If you’re using Facebook pixels for retargeting for example… then it might be necessary). As a designer, I want to focus on usability. Visitors can make up their own minds whether or not they want to stay on my site or sign up for my lists. I want to make sure I follow the law as required, but do it in a way that doesn’t destroy the user experience.

*** Make sure your newsletters are always providing value. If you’re just sending spam or promotional stuff, people will unsubscribe or be upset. You don’t want to bait and switch, or offer them one thing and then try to sell them another. You also don’t want to assume that because they signed up to win a $50 giftcard they give a shit about you or your books.

*** Add “double-optin” on email optin forms, and make sure you set up the confirmation emails so they have charm and personality. Single optin makes it easier for people to get on your list to get the free stuff, but they’ll be less likely to care or know who you are. The confirmation email goes out automatically and by default says something like “please confirm your subscription”.

What you WANT to do is, rather than send people to your downloads page, send them to a thank you page that tells them to check their inbox, and confirm their email, so that you can send them their stuff. A really good one I saw recently even had a countdown timer so they were motivated to go check their inbox NOW.


Since the thank you page is also the main thing people will see, I try to improve mine with an author picture, signature, and some quotes/reviews/testimonials, plus relevant art or images that are attractive to my audience (so they not only know who I am, they’re more likely to check out my free stuff or start reading based on the reviews. Then I’ll overdeliver so much goodness to their inbox they are surprised by how much stuff I give away without asking them to buy anything.

The optin allows you the right to start a conversation and increase trust by providing value. If you sustain that value, and write fun/informative/educational emails while building relationships with readers, they will want to keep hearing from you. Double-optins aren’t required by GDPR, and I haven’t changed mine yet (though I probably will). What’s required is consent – and double-optins make users work harder to prove they really want on your list… so you’ll get higher quality followers and engagement, but reach less people (I’d rather reach MORE people and have the chance to try and engage them over time).


#3 What NOT to do

Group giveaways where they sign up and everyone shares a list; or giveaways where they sign up for 20 lists at the same time to win stuff. Or giveaways that only give 3 other author’s books away (even if you say “not endorsed by Author Name” – they still won’t realize they’re signing up for your list.)

You can give away famous author’s books, you just need to make sure you introduce yourself and explain why before they join your list. Hopefully you’ll have your name and picture very prominent on your site/optins, and use the same branding or picture in your emails. So when they get the email, they recognize your name and remember signing up. Still, when they signed up for a free book on BookFunnel or Instafreebie, or when join a KingSumo giveaway, they probably didn’t notice your fine print that said “by signing up, you’re also joining the author’s newsletter”. It should definitely be there, but just because it’s there doesn’t mean users are explicitly agreeing or giving consent.

It’s up to you to make sure they know what’s happening, why it’s happening, what’s going to happen next, and then keep them hooked and interested with great content. Surprising and delighting them, by giving them far more than they asked for, is OK – unless you’re being salesy about it.

#4 Proof of consent

One of the more challenging aspects of running book giveaways, is that you need to hold on to “Proof” that people signed up to your list willingly. If you’ve moved email providers, like I did recently (from Mailchimp to Mailerlite) then you’ve just downloaded and migrated your lists – and won’t have the history needed to prove consent. While Mailerlite, Mailchimp, Convertkit etc and most big players (including Sumo, which runs KingSumo giveaways) are working on becoming more compliant, if you started building your lists years ago you may have lots of emails that DID sign up themselves, but you don’t have the records to prove it. This is why main people are saying you need to ask them to resubscribe, so you do have the proof/records needed. The only problem with that is – if you send an email asking them to join your list, to people you can’t prove already opted in on purpose, it counts as a marketing email and is already breaking the rules!


#5 For book giveaways

You can’t make people pay for entry (though you can have a free entry and a “buy my book for extra chances to win.”) You also can’t really ask them to do work for you in exchange for more changes to win, what this article calls “consideration” – because the giveaway has to be random and fair. So technically, those writing contests where you pay $20 and write 500 words to win a castle, or even any writing contest where you enter for free but write 500 words to enter (if you’re using those 500 words as content to drive traffic to your blog) shouldn’t be allowed (but they are).

You don’t want to be biased or pick a winner and then be accused of cheating because the winner’s effort, work or skill swayed your decision. The main thing with giveaways though is to make sure it’s fair and transparent so that nobody can claim you were being biased. As long as everyone feels good/safe/happy and doesn’t try and sue you because your giveaway was misleading or unfair, you’ll be fine (and also, this is one of those places it could be helpful to have a business LLC set up). My modus operandi has always been: be fair, be honest, do the best you can.

But I make mistakes sometimes, and it’s a good idea to protect yourself (that said, I don’t think an LLC is necessary until you’re actually making a profit with your books.


The legal stuff

The main reason I’m not worried about GDPR is, not only am I from the USA, as are most of my readers (so it’s questionable to what extent we even need to follow EU laws), but also because it’s really set up for Big Businesses, who are doing really dodgy things with their data. It’s extremely unlikely that EU can or will prosecute or fine any authors, even EU or UK authors, for non-compliance (I’m not a lawyer, but I’ve heard this from several lawyers, even when talking specifically about author businesses.)

So while I agree with the spirit of the law and am doing my best to make sure I’m within the laws, I also know readers are getting dozens of emails about GDPR from tons of scared authors already. I plan to fix my sites as best as possible, and improve the user experience for more transparency, and clean my lists regularly. What I’m NOT going to do is stop building my list or stop running giveaways; I’m also not adding the cookie policy warning. Does my site collect information? Maybe. Am I using it for anything? NO. Fines will come from misuse or leakage of data.

I’m also not sending a reconfirmation email, even though I don’t have the original proof since I’ve moved my lists – as I pointed out above, there is no consensus of whether this is necessary or a good idea; could potentially be illegal anyway; and is likely to hurt or annoy users who DID signup willingly more than anyway else.

While I’m not a lawyer, this is a summary of the best research I could find on the topic, including dozens of heated Facebook groups; the main point, like all things in life, is to do the best you can, but not freak out or overcompensate because the sky is falling.



PS. I’m going to add a section on GDPR compliance in my course on email list building and engagement.




Go from zero platform to #1 bestseller in 90 days or less with my book, Guerrilla Publishing. Download now for free and get access to my new companion workbook and book launch roadmap (this is advanced stuff you won’t find anywhere else).