News

Yes, the day has arrived. The General Data Protection Regulation is being enforced from today, Friday 25th May.

If you have taken the first steps on your compliance journey, well done!

If you haven’t – DON’T PANIC! The Information Commissioner has been doing the media rounds this morning, saying that small businesses are not the main targets of this legislation, that they will not be actively seeking to identify non-compliance by small businesses, and that the key thing is that they can show intent and progress towards achieving compliance.

Your website is still one of the key areas where your business can easily demonstrate an effort to comply with the new laws. We’ve helped a number of our clients work on this with audits and website changes, and we’re still available to assist if needed.

Download our free white paper about GDPR, or contact us for help.

We’ve helped two clients deal with hacked WordPress sites this week. We won’t say who they were, but they both had fairly nasty infections which meant that when visitors accessed their sites, new browser tabs would open with spammy content. In one instance, the content in question included an audio element and a persistent pop-up that was tricky to close without completely closing the browser. These were not sites we built or hosted, so it was interesting to see what the issues were and I thought it would be good to share.

The sites had some risk factors in common:

• The use of off-the-shelf WordPress themes which had not been updated
• Out-of-date plugins
• Weak admin passwords
• No firewall installed
• No additional ‘hardening’ measures in place

WordPress is great, and now generates strong passwords by default (it didn’t used to); but failing to keep things updated (especially the WordPress core and themes) is asking for trouble – and the longer updates are left, the greater the risk. That’s why we harden every WordPress website we build, and handle maintenance for most of our clients, to keep things up-to-date and minimise risk.

In the case of these two hacked sites we managed to get them both repaired and hardened in less than an hour each, so if you know what to look for, a hacked WordPress site doesn’t have to be a big deal.

This repair service is available to everyone via our dedicated WordPress rescue service WPRescue.

Image credit: Life belt

We’ve recently completed several projects for literary agencies and we thought it would be a good opportunity to reflect on the anatomy of an effective agency website.

From experience, we think that most agents’ sites will need the following core elements:

1. An introduction to the agency and its specialisms
2. Information about the agents themselves, along with their supporting team
3. A list of their clients, with a certain amount of information about their work (from book covers through to more detailed publication information)
4. Clear and detailed information about how to submit, perhaps with a form to facilitate the process

Let’s look at those four things in a bit more detail.

1. Introducing the agency

The key thing here is to convey the personality and values of the agency, including its specialisms and passions, as well as its track record and key successes. It’s important for the team to think about what makes the agency special and really try and get that across with good, punchy copy. We will then work with the client to reflect the brand values and character of the agency through the site’s design.

2. Information about the agents

In a multi-agent setup, different agents are often focusing on building their own lists and representing different types of clients. So it’s important that each agent has their own profile, which clearly signals the kind of submissions they are looking for.

We built the MBA site so that each agent could quickly update their ‘Currently focused on’ information; this will probably change more often than their main profile. For example, Sophie Gorrell Barnes is currently focused on “Middle Grade Humour and Authentic Characters”.

Having a professionally shot set of headshots will be an excellent investment for this section. Agenting is a ‘people’ business and it will help people to know what you look like (on a practical level it may be very useful if contact through the site leads to a face-to-face meeting later). Felicity Bryan had a new set of photos taken as part of the redesign we undertook for them, and they really look smart. Of course, when the team changes it will be important to ensure that the same style is followed for new team members.

Both MBA and Felicity Bryan like to list each agents’ clients on that agents’ own page. We built these sites so that when a client is added, there is a field allowing their agent to be selected. This streamlines data entry and means that the agent pages update automatically to reflect the client database.

3. Client listings

For established agencies it’s the client list which represents the agency’s focus and work, so we think this should be as engaging and visual as possible. Although the use of client photos does make work for the agency, as clients will often need to be contacted to obtain up-to-date images, it’s far more impactful and engaging than a simple list of names.

Most sites choose to organise clients alphabetically, which is no surprise, but it’s also possible to filter them in other ways – for example, MBA allows the filtering of clients to show only Authors, Scriptwriters or Playwrights.

How much detail each agency wants to include about their clients can vary. For example, adding website and social media links takes effort to collate and maintain, but it’s very helpful for site users (and it’s great to have lots of outgoing links from a search engine perspective as well).

We tend to build sites so that books (or other works) are added independently and then associated with clients. This makes it possible to associate a book with multiple authors, and to do other clever things – for example, on the Susanna Lea Associates site, a different cover can be uploaded depending on whether the book is shown on the Paris, London or New York office page. This means that the Paris page shows the French edition, the New York page shows the US edition, and so on.

4. Submissions

There are essentially two approaches here:

• Form-based submissions have a number of advantages. The minimum information that is associated with a submission can be defined (by making some fields compulsory). This reduces the risk of incomplete or inappropriate submissions. In addition, the submission can be sent from the site via e-mail, while the information is also stored on the website as a backup, reducing the risk of losing e-mailed submissions. The other advantage is that the site can automatically generate a confirmation that the submission has been sent, and explain to the potential client what happens next. Felicity Bryan Associates use form-based submission.
• On the other hand, free-form submissions may feel less daunting to some potential clients; if this route is adopted, the website is the place to spell out, in detail, the agency’s submission criteria for either electronic or physical submissions. Susanna Lea Associates use the free-form submissions approach.

In addition to these four core elements, the site needs the flexibility to accommodate the other content needs of agencies, which could include:

• Rights lists
• News (from the agency or its clients)
• A blog
• Social media feeds
• Contact details
• Recruitment

Bookswarm use the WordPress Content Management System (CMS) to develop website, and this makes it easy to manage this content, and to allow the site to evolve as the agency’s business develops.

Take a look at our work for literary agencies using the gallery below, and if you think we can help you apply these lessons to your own website, please get in touch.

It’s been ten years since I started Bookswarm. In that time, we have designed and built a lot of websites. We have made a lot of mistakes. And we have learned a lot of lessons.

I sat down to reflect on all of our experiences, and to try and and identify some of the key lessons. So, behold, the result, which I have modestly chosen to call… Appleby’s Laws!

Law 1: It’s hard to create good content

The creation and uploading of content to a website is the one part of a project which is generally not our responsibility. That keeps project costs down for clients, and ensures that when we go live, clients have the skills they need to maintain their sites. However, lots of projects are still delayed or derailed by content. Late content. Insufficient content. Incorrectly formatted content.  Sometimes, simply bad content.

Whenever you think you need to start working on your content, it’s probably not soon enough! If you work on at least some of it BEFORE you brief your web designers, you will get a far better outcome to your project.

Law 2: Digital skills should not be taken for granted

There was a time when I naively expected that newer members of the workforce would arrive with a stronger set of digital skills, based on being digital natives and having been exposed to the wonders of the Internet their entire lives. I was wrong. Very wrong. While digital natives might be savvy with social media, and have highly developed thumb muscles, they are no more digitally skilled than previous generations. If anything, they take the technology for granted to a greater degree, and are less well equipped to roll up their sleeves when something goes wrong.

Skills like basic HTML, image editing and data management are still worth learning. An understanding of the fundamentals of how domain names work, what a digital certificate is and how to clear your browser cache is bound to come in handy at some point. And if you don’t know something, the mechanism to learn about that thing is right in front of your eyes (in other words, Just Google It!).

Law 3: Design is not a substitute for content

We can make a lovely-looking website, but if the content is sparse, badly written, badly edited or just doesn’t get updated often enough, the site is much less likely to achieve its objectives.

Having a realistic expectation of the amount of content that will be added once a project is launched will allow us to offer a much more effective design solution; if you tell us you will blog every week, and then don’t blog for six months, we will probably have designed the wrong interface for your needs, and your users will notice!

Law 4: Trying to create an online community will probably fail

Many times over the years we have been asked about adding forums to websites, or heard the dreaded phrase ‘online community’. Unless you have identified an interest group that is genuinely not being well served by existing online community platforms, the chances are the community you want to engage with will stay where they are, thank you very much.

If you do think you have identified a community that is not being well served online, make doubly sure that they really exist.

Law 5: “Build it and they will come” was never true

The notion that a website could organically establish itself and build an audience without marketing and publicity support was always tenuous, even in the early days of the Internet when the number of sites was exponentially lower and social media didn’t exist. Now, it’s naive in the extreme. Websites require support from a range of offline and online activities in order to establish themselves – PPC advertising, social media, online PR, and good old-fashioned things like putting the website address on printed materials. Websites will fail if unsupported, and your hard work (and ours) will have been wasted.

Law 6: People like free stuff

Competitions and other ways of giving out freebies are still an effective way to engage users and harvest user data (with appropriate consent, of course!). However, it will be a very superficial level of engagement, and many of the people who you attract will be serial competition enterers who have no interest in your brand or your product. If you haven’t explored this world, having a quick look around some of their online communities (where people share links to competitions and give each other the answers) is a real eye-opener. To some of these people, books are just another commodity they can win and then sell on eBay.

Law 7: The basics of e-commerce are easy, but the devil is in the detail

We can get a web-based shop up and running in no time. The basics are easy and the platforms for doing this are much simpler and more accessible than they used to be.

However, issues around shipping, payments, accounting, tax and fulfilment can throw a spanner in the works, and really do need thinking about early on in the project. We can help you with a lot of things but we can’t tell you how much to charge for shipping to Outer Mongolia.

Law 8: Social media is not for everyone

Social media is an inescapable part of the modern digital landscape – but too many clients persist in using social media platforms that don’t suit them. For example, I myself am rubbish at the Twitter #honestyisthebestpolicy.

No social media is better than the wrong social media.

Law 9: Everything is measurable, nothing is measurable

Everything about digital can be measured. Website traffic. E-mail opens and clicks. Retweets. Favourites. Shares. Views. It is possible to gain a good understanding of what is working and what is not working. Website owners have an almost unprecedented opportunity to analyse the reach and impact of what they are doing. Look at what types of content are most popular. Look at the best times of day to send e-mail updates. Become a data nerd.

However… these metrics can’t tell you everything about the impact of your website. They can’t tell you about the influence on potential readers when they’re browsing in a bookshop, or the warm fuzzy feelings your blog posts might give them. Don’t become too much of a data nerd!

Law 10: The end is the beginning

I have lost count of how many times I have said this to clients. The launch of a website may be the end of the website project, but it’s only the beginning of that website’s life. A website needs to evolve and develop; content which is failing to perform should be removed or changed, and strands that people respond well to should be reinforced. Make sure updates are a regular occurrence, work with your web agency to add new features and fine-tune existing features – and don’t let your website gather dust.

Disagree with Appleby’s Laws? Tell him in the comments… or sign up to our mailing list for more insights and updates.

For those in the publishing world it’s that time of year again – all the fun of London Book Fair awaits at Olympia (and the sore feet and sore throat that the hardened book fair visitor knows only too well!).

Bookswarm will once again be on the IPAC stand – 4B30 – we still have some availability on the Tuesday and the Wednesday if you would like to say hello. Alternatively, we will be attending Byte The Book’s Reciprocity Circle of Publishing Goodness event, so you can catch us there:

Tuesday, April 10, 2018
17:00 – 18:00, in the Buzz Theatre

Justine Solomons founded the Byte the Book club on the premise of helping members and attendees of their events make valuable connections in the publishing world. Join her and the Byte the Book team as they set up a reciprocity circle live at London Book Fair and you’ll have the opportunity to get help and help others at the fair. This will be a vital and enjoyable session for writers, publishers, agents, digital folk and all those looking to improve their network in the publishing industry. The facilitated session will be followed by more lubricated networking (drinks) in the Buzz Theatre.

Whether we see you or not, if you’re there, have a good fair!

Continuing our current obsession with all things GDPR, Simon will be sharing some know-how at a Byte The Book breakfast event in May. Here are all the details…

This is the first in a series of informal breakfasts run by Byte the Book at The Groucho Club for all those connected to or interested in the publishing industry.

You’ll have the opportunity to hear from industry experts about a specific topic and gain practical advice for your business. There will also be time to network with the speakers and the audience before and after the talk.

The subject of this first breakfast in the series is GDPR.

GDPR stands for General Data Protection Regulation and comes into force on 25th May 2018.

It will have significant impact on any businesses that hold personal data which means:

• Enhanced personal privacy – more rights for your customer or visitor.
• Organisations will have to have more defined processes in place for dealing with data.
• You must be more transparent as to why and how you use personal data.
• All staff need to be up to speed on the new regulations.
• Financial penalties can be imposed for breaches.

We’ll be joined by Alex Hardy (Lawyer at Harbottle and Lewis) who will talk through the legal ramifications for your business and Simon Appleby (Director of Bookswarm) who will explain what steps you or your technical team need to make in order to be compliant.

A light breakfast is included in the ticket price.

Tickets are £25 for Groucho and Byte the Book members and £35 for everyone else. All tickets can be booked via Eventbrite. Prices do not include booking fees or VAT.

Book now

[insert obligatory handshake picture here]

At Bookswarm we’re big believers in partnership and karma – so we thought it was time we had somewhere on our website that listed the wonderful friends and partners we have worked with over the years. They all do things that we don’t do, and they do them very well indeed!

View our partners

You may have started to see a marked increase in blog posts, articles and general chatter about GDPR in recent months. Although the details have been known about for ages, it comes in to force in a May, and in best ‘Millennium Bug’ tradition, many businesses are only now starting to worry about it.

What is the GDPR anyway?

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).

The GDPR will supersede the current UK laws on data protection, which are enforced by the Information Commissioner’s Office (ICO). It introduces tougher fines for non-compliance and breaches, and gives people more say over what companies can do with their data. It also makes data protection rules more or less identical throughout the EU.

But we’re leaving the European Union, I hear you cry! Blue passports, independence from Brussels, rule Britannia! Well, sorry, but that doesn’t matter, because EU laws and regulations will be incorporated in to UK law, and, equally important to our non-European clients, even if data controllers and processors are based outside the EU, the GDPR will still apply to them so long as they’re dealing with data belonging to EU residents. There is little doubt these regulations are with us for the long-term, EU member or not.

When does the GDPR come in to force?

It will apply in all EU member states (which still includes the UK, for now), from 25th May 2018.

Fascinating fact: Technically, the GDPR came in to force on 24th May 2016, but it’s only from 25th May 2018 that the adjustment period ends and the law applies.

Who does the GDPR apply to?

‘Controllers’ and ‘processors’ of data need to abide by the GDPR. A data controller states how and why personal data is processed, while a processor is the party doing the actual processing of the data. So the controller could be any organisation, from a profit-seeking company to a charity or government. A processor could be an IT firm doing the actual data processing.

Are you a data controller or processor?

If your website, built for you by Bookswarm or anyone else, does any of the following things, then you almost certainly are:

• E-commerce website which takes orders and stores customer data
• Website with user registration functionality
• Website which has forms through which users can submit information – this could be a contact or enquiry form, a content upload mechanism, etc.
• Website with a mailing list signup mechanism

Obviously there are loads of other, non-website-related circumstances under which you could be a data controller or processor (customer databases, CRM, client lists, mailing lists, and so on) but we are going to focus on the website aspects here.

So what does GDPR require us to do?

It’s the data controller’s responsibility to ensure their processor abides by data protection law and processors must themselves abide by rules to maintain records of their processing activities. If processors are involved in a data breach, they are far more liable under GDPR than they were under the Data Protection Act.

Once the legislation comes into effect, controllers must ensure personal data is processed lawfully, transparently, and for a specific purpose. Once that purpose is fulfilled and the data is no longer required, it should be deleted.

One of the following justifications must apply in order to lawfully process data:

1. If the subject has consented to their data being processed
2. To comply with a contract or legal obligation
3. To protect an interest that is “essential for the life of” the subject
4. If processing the data is in the public interest
5. If doing so is in the controller’s legitimate interest – such as preventing fraud

In the website scenarios we mentioned above, the first two on that list (in bold) are the key ones for most of our clients:

1. “If the subject has consented to their data being processed” relates to opting-in to a mailing list or online system, including registering an account
2. “To comply with a contract or legal obligation” is the most relevant to e-commerce – if a customer has placed an order, they have entered in to a contract with you which you can’t complete without processing their data

In many cases, both of those justifications may operate together. A customer creating an account on an e-commerce website is consenting to their data being processed (setting up an account so they can place orders more quickly next time) and entering in to a contract or legal obligation (placing an order they want you to fulfil).

What does consent look like?

Consent must be an active, affirmative action by the data subject – passive acceptance (asking people to opt out, or opting them in by default) will not be permissible. Fortunately, Bookswarm have been discouraging our clients from this practice since we started trading!

“Silence, pre-ticked boxes or inactivity should not … constitute consent” (Recital 32)

Active, affirmative action could be:

• Explicit. Ticking a box which says “I agree to the processing of my personal data by X for the purposes of Y and Z”
• An affirmative act. Not explicit but done in the clear expectation of how the information would be used, e.g. user enters their e-mail address into an e-mail field marked “optional”, with a short disclaimer underneath reading “Enter your e-mail address to receive information about products and services we think will interest you”

Controllers must keep a record of how and when an individual gave consent, and that individual may withdraw their consent whenever they want. This is really important – it means if you can’t provide a record of exactly where and when a user gave their consent, then you could be held in breach. Fortunately, the form builder plugin we use (GravityForms) and e-mail marketing providers like MailChimp both capture detailed information about when forms are filled in and users sign up.

What counts as personal data under the GDPR?

The EU has substantially expanded the definition of personal data under the GDPR. To reflect the types of data organisations now collect about people, online identifiers such as IP addresses now qualify as personal data. Other data, like economic, cultural or mental health information, are also considered personally identifiable information (PII).

When can people access the data stored by a data controller?

People can ask for access at “reasonable intervals”, and controllers must generally respond within one month. The GDPR requires that controllers and processors must be transparent about how they collect data, what they do with it, and how they process it, and must be clear (using plain language) in explaining these things to people.

People have the right to access any information a company holds on them, and the right to know why that data is being processed, how long it’s stored for, and who gets to see it. Where possible, data controllers should provide secure, direct access for people to review what information a controller stores about them.

They can also ask for that data, if incorrect or incomplete, to be rectified whenever they want.

Individuals also have the right to demand that their data is deleted if it’s no longer necessary to the purpose for which it was collected. This is known as the ‘right to be forgotten’. Under this rule, they can also demand that their data is erased if they’ve withdrawn their consent for their data to be collected, or object to the way it is being processed.

What happens if there’s a data breach?

It’s the controller’s responsibility to inform its data protection authority of any data breach that risks people’s rights and freedoms within 72 hours of becoming aware of it. The UK authority is the Information Commissioner’s Office. Those who fail to meet the 72-hour deadline could face a penalty of up to 2% of their annual worldwide revenue, or €10 million, whichever is higher. They also have to inform affected customers within the 72-hour deadline.

What happens if there’s a failure to observe the rules?

If you don’t follow the basic principles for processing data, such as consent, ignore individuals’ rights over their data, or transfer data to another country, the fines are even worse. Your data protection authority could issue a penalty of up to €20 million or 4% of your global annual turnover, whichever is greater.

What about cookies and other tracking data?

As you probably already know, websites use cookies to track returning visitors and collect usage information. It seems likely that visiting a website with a browser set to accept cookies will be taken as affirmative consent to place those cookies on the user’s device. In other words, there is an assumption that if you didn’t want cookies being placed on your device, you would make the appropriate changes to stop them from being set. That’s good news – and it also means that those annoying cookie consent pop-ups will no longer be needed.

OK, you’ve scared the pants off me. How should we make sure we’re compliant?

Here’s a checklist of things you need to do to make sure your website is GDPR-ready:

• Ensure your website has a Privacy Policy, written in plain English
• Ensure that the Privacy Policy explicitly identified all the ways in which the data controller may use the data gathered (on that basis it’s better to ask for permission for the broadest possible range of uses)
• Include a simple ‘opt-out’ form on any site which gathers user data, allowing the user to freely withdraw their consent. In broad terms this would be a very simple form – name, e-mail address – allowing a user to contact you and request opt-out or removal. What you do with that information depends on what you are doing with the data – it could be as simple as manually unsubscribing them from a mailing list, or it could be more complicated (removing them from in-house databases, deleting all of their e-mails). Here’s our removal request form
• Ensure your existing mailing lists are compliant. That means being able to say exactly how and when each user signed up, and that they have consented to be on the list. If your existing list contains any users who you added manually (because they were existing customers, or any other form of implied consent), or you can’t say how and when people gave permission, you should no longer use that list!
• Review all forms and other data collection points on your website to ensure they are compliant. It should be clear what purpose users are providing their data for. Existing forms may need to be re-worded or tweaked to make permissions more explicit

Here at Bookswarm we are having to ‘bin’ our old mailing list. That’s because, as well as people who opted in via a form on this website, we also added the e-mail addresses of existing customers ourselves. That used to be allowed, but it’s not permitted under GDPR. As a result, we are starting a new list and contacting all the people on the old list (BEFORE 25th May, of course!) encouraging them to join it. If your list has any implied opt-ins on it, or any data you can’t vouch for, you should do the same.

What should be in our privacy policy?

We’re not lawyers, and can’t write this for you, sadly. Privacy policies have for may years been a box that many website owners have reluctantly ticked without really engaging with the detail. However under GDPR, the stakes are raised, and you should ensure you have a compliant privacy policy that you understand and follow in practice.

This handy privacy policy generator could be very useful – we used it to make our Privacy Policy – and there are other plenty of other tools and templates available too.

I need help!

Don’t worry, Bookswarm is here for you. We are offering a special GDPR website audit to all our customers. This includes checking off the key points identified above, and implementing changes if necessary:

• Add or update Privacy Policy page, and add it to the footer or menu – you will need to supply the policy, but we can tell you what technical information you will require to make sure it’s accurate
• Add a simple ‘Data removal request’ form, on its own page, and link to it from an appropriate location on the site e.g. from the footer, as well as from the privacy policy itself
• Check all web forms and ensure they have active and affirmative opt-ins where necessary
• Advise you on whether your existing mailing list is compliant based on what you tell us about it, and if necessary connect your website to a new, GDPR-compliant mailing list (we recommend MailChimp but other options are available)

All that for the bargain price of £75 (ex VAT). Special rates can be worked out for clients with complex needs or multiple websites. Drop us a line using our quick contact form, or send us an e-mail.

It’s important for us to say that based on the way we build our websites, and the admin access that all clients have, these jobs are all things you can do yourself if you want to. However, we recognise that some clients may not have the time to tackle this, or feel confident about what’s involved, which is why we’re offering this service.

Good luck getting to grips with the joys of GDPR, and may the data gods smile on your endeavours.

Bookswarm is sponsoring February’s Byte the Book event, entitled Buzz Words: How Can You Build A Community Around Your Content, which takes place on Monday, February 19, 2018, from 18:30 – 21:00 at The House of St Barnabas in London’s Soho.

What are the most effective techniques to build an audience for your work? What online and offline marketing techniques and tools work best? How can you be heard using limited budgets? Who does community building well and what can we learn from other industries?

Lysanne Currie (Journalist and Digital Strategist and Ex Group Editor and Head of Content Publishing at The Institute of Directors) will chair and her panel will include: Piers Torday (children’s book author), Laura Lindsay (Director of Global Communications at Lonely Planet) and Leena Normington (Senior Media Producer at Vintage Books and the brains, voice and face of YouTube channel JustKissMyFrog)

As well as the talk, you’ll also have the opportunity to network with authors, agents, publishers and suppliers to the publishing industry before and after the discussion.

Bookswarm client Piers Torday is included on the exciting panel, and of course our own Simon Appleby will be there to hear what they have to say and enjoy a spot of networking.

Booking information

Our own Simon has been interviewed for writing advice site Abidemi.tv by Abidemi Sanusi, the founder of the site, which aims to provide support to writers.

Read the interview

The Royal Society of Literature is launching a programme, “Literature Matters”, to campaign for recognition of the power and value of great writing. Writers and readers are being asked to help with contributions, proposals and support.

A key part of the Society’s new programme will be the Literature Matters Online Hub, designed and built by Bookswarm as an extension of the RSL’s main website.

RSL director Tim Robertson told The Bookseller: “For me and Marina [Warner], we are the new gang at the RSL, we are building on its tradition and heritage but feeling that in the panoply of all the different literature organisations – some like The Reading Agency about literacy and reading, some like Arvon about creative writing, others like the Society of Authors about writers’ rights – our bit is about being a voice for literature, great writing, words that aspire to be more than plain communication.

“That’s what we’re trying to do, show that in this big, complicated, messy world, literature has a really vital, crucial role – our job is to make that case and get that debate heard out there in the nation.”

Visit the Literature Matters Online Hub