Why is everyone updating their Privacy Policy? (And what the heck is the GDPR?)


Your inbox may have gotten flooded first with emails asking you to stay on their mailing list.

My first thought oh wow! They are doing all the work for me. Of unsubscribing. I have a bad habit of hoarding, which also extends to collecting emails by signing for various mailing lists! I spend more time deleting emails rather than reading them (because I never got around to unsubscribing). Basically this time,  I had to do nothing? Wow! So I am doing nothing. Yay!

And in the last few weeks leading up to May 25, 2018, I then received an influx of emails informing me of updates to their Privacy Policies. 

What’s going on here?!!?

If you’ve living under a tiny rock they call Singapore (like me) - there is this 4 letter word being thrown around in Facebook. It could be the one that starts with "F" ends with "K" (Am I F**Ked??!!)


Nope it’s not a virus or a new yoga pose. it's a new data protection regulation coming into effect in the European Union (EU) from 25th May 2018. It's being put in place to protect you and your data. (And apparently if not adhered may cause you and your online business a millions dollars in fines)

Had a mild panic about it all because really I have a tiny list and maybe a handful of friends who signed up and they live in the EU. (Am I F**Ked??!! I will not panic! No Switzerland is not in EU! Phew! Oh but I got a friend in France! Uh Oh! Am I F**Ked??!! I will not panic!)

But then I’m not so sure, plus with the move the UK pending and my dream of building an online business - I’d better see what’s all the fuss about!

Note: This post isn’t intended to be a guide to GDPR (when it comes to that, I’m probably just as confused as the rest of us). If you want to find out more, I recommend you scroll to the very bottom for valuable links about this GDPR from the experts.


What exactly is a GDPR?

GDPR means General Data Privacy Regulation.

It is a new privacy law that is being introduced by the EU. Its function, basically, is to protect the data gathered from people in the EU. For business owners, it means we now have to comply with that law when ‘processing’ people’s data (which can be something as simple as name and email address). If you collect data from someone who is in the EU, you are liable to comply with this new law…no matter where you live or operate from.


If you are a normal average human, who loves signing up for mailing lists - it doesn't affect you but you’ll be glad to know your private information is protected under the GDPR ruling. If you are business owner living outside of the EU, it may not affect you but if you or your business, has personal data of EU citizens, this applies to you. If you’re in the EU, you should already be in action to protect yourself and your client. If not, hopefully the links at the bottom will help you.

What countries are in the EU?

Yup, I asked myself this question. Lol. The professional link below will be a better information portal in case the name of the countries change. https://www.gov.uk/eu-eea

Am I too late to get in line with the GDPR deadline of May 25th?

Well according to Elizabeth Denham who is the UK Information Commissioner at ICO, in her April 2018 speech:

"So here we are, days away from the first day of a new era for data protection. Does it feel like there’s a light at the end of the tunnel? We want you to feel prepared, equipped and excited about the GDPR. I know many, many of you do. For those that still feel there is work to be done – and there are many of those too – I want to reassure you that there is no deadline. In fact, it’s important that we all understand there is no deadline. 25 May is not the end. It is the beginning. This is a long haul journey. But it’s not a holiday. There’s a lot of work to be done along the way. I am sure you have bosses that are waiting to pat you on the back, buy you a drink or present you with a bunch of flowers on Friday the 25th. They’ll be pleased that you got them across the line. That you made it and you can all finally relax. It’s your job to make sure you keep your foot on the gas. Your preparations, your work – your important work – must continue beyond the 25th. Perhaps that’s when the real journey begins.”

I will listen to her. I will not panic.

I just woke up and its now Sept 2018, and I just saw this GDPR notice? Am I F**ked?

Stop panicking - do this: Step 1: Update your privacy policy Step 2: Cull your mailing list. I use Mail Chimp and you can do segment your list to those living outside of the country you are in. Step 3: If need be, email your “EU” segment, and send a re-consent email Step 4: Check the settings on your mail provider to ensure the it’s GBPR compliant. Step 5: Cross your fingers, especially if you are living in the EU.

I thought I was F**ked! But I didn't panic.

My first plan of action is to go on my trusty B-Schoolers Facebook group - and not surprisingly there’s a whole ton of useful resources and advice given. Aside: You do need to be a B-School alumni to be on this group. I love Marie Forleo's School, and it is my life map for when I am exploring a new business idea and when I need to find my why. Email me if you want to know more.

Nope. I don’t have to panic.

Firstly because I'm a fish in a big ocean. Secondly I have a small list (which is good and bad I guess) . Thirdly, I live in Singapore, and most of my subscribers are local and I know most of them. And a handful are from friends from the EU, which I will contact separately. (In Time) But I think I have clear proof that they either attended my classes and has expressed consent to be on my list. But just in case, I will do my due diligence.

So, no I’m not sending re-consenting emails out to all of you! It’s a completely waste of time - even the Information Commissioner's Office (ICO) has said a lot of these reconsent emails are not necessary. It's good to cover your basis but it's not necessary. https://www.theguardian.com/technology/2018/may/21/gdpr-emails-mostly-unnecessary-and-in-some-cases-illegal-say-experts

BUT if any of you reading this, and you are currently living in the EU - and may have inadvertently signed up to my mailing list via any of my freebies, I thank you first in advance, but PLEASE CAN YOU EMAIL ME? Help me not be slapped with fines!!

I want to do something! I want to protect my sweet peep's data. I want to be a good responsible citizen.

Yes I don’t live in the EU. And there are so many global events that doesn't affect me. But I should stop thinking of myself. You matter.

I've never shared your details with third parties and I’ve always been transparent about who I am and where I am coming from. You are with HERE with me either because you are my friend, or my sister, or you are my student. You’ve signed up for my mailing list on Soul Aktive or AMI Power Yoga. And perhaps you are a friend of a friend. And maybe if you are my rare find on the internet, I am 100% committed to protecting the personal information you choose to share with me.

And although I don’t totally understand the legal terms being thrown at me, I do know that it’s important that I tell you what the GDPR is, how it affects you even if you are not living in the EU and also what I am doing to comply with the new ruling.

Right now, I’m only doing Step 1; and slowly getting into Step 2. I’m going to be transferring my soulaktive.com/blog to sophiexsanders.com in a few months; and I’ll revisit this again.

I don’t live in the EU. I just started writing my blog. I don’t have a lot of followers. Should I worry?

Easiest answer is to do nothing. But it’s also a good thing to be a socially responsible online citizen and be accountable to your reader's privacy and confidentiality. Every country has its own privacy act, maybe not enforced as strictly as the GDPR; so the GDPR is sign of times to come. So I'd say get your act together now, so that it’ll be easier in the future.

It’s not only what we do but also what we don’t do, for which we are accountable - Moliere

Right now, what can you do?

As a blogger, and/or as the owner of a business that collects emails - do practice accountability and integrity. Do what you think is needed and be transparent about what you do with your readers/clients/customers data.

As my reader, I encourage you to read my updated Privacy Policy here. Or you don't have to.

Like who would ever read a privacy list, right? Too many legal jargons. But it is apparently important you do acknowledge what I do with your emails once I have it. I’ve followed the local and the GDPR guidelines the best I can. It’s good for now. Once I’ve become a millionaire, I’ll get a lawyer to vet it.  :P (ps. I have none yet on Soul Aktive, and I'm not sure how to include that in and in any case, it'll be phased out soon, and I’ll give more info on that later.)

Till then, I’ll keep on writing and fighting fires when it comes up.

However, if you no longer wish to my awesome emails, which will give you tips on how to live an awesome (yoga) life; inspiration from Baptiste Yoga, online videos and tutorials, updates on classes, courses and workshops and many more ) you do know you can unsubscribe at any time by clicking the unsubscribe link in your email. (not in this post, but in the email you would have received before getting to this post)

Right! Hope this was useful to you! I nearly pulled my hair out trying to make sense of the GDPR.

I thank YOU from the bottom, of my heart for being willing to give me your email address so that I can do what I love to do - which is teach and write. And thank you very much for reading!

Love you x

GDPR Heaven.jpg