Unless you’ve been living under a rock, you have been hearing the buzz about GDPR. As a blogger, this is not a topic that you want to ignore. Major changes will be in effect related to how you treat personal data collected from your blog. This post will break down what every blogger needs to know about GDPR and it will help you determine if your blog is compliant.
First things first…. please read this important disclaimer.
Disclaimer: I am not a lawyer or a legal consultant. This post is not legal advice. I am not qualified to give you legal advice. This post is solely based on my research, therefore I can not be held liable for any advice taken from this article.
Note: This page contains affiliate links, which means that if you buy something using one of the links below, I may earn a commission.
GDPR for Bloggers: Is Your Blog Compliant?
What is GDPR?
GDPR stands for General Data Protection Regulations. It is a regulation that requires businesses to protect the personal data and privacy of European Union (EU) citizens for transactions that occur within EU member states. The GDPR also regulates the exportation of personal data outside the EU.
The GDPR was first adopted in April 2016 by the European Parliament. It replaced an outdated data protection directive from 1995. The updated version of the GDPR takes effect May 25, 2018. The updated rules give citizens more control of their private data.
For a detailed review of the GDPR view the official copy of the GDPR and a site that has converted the pdf into a website version of the GDPR pdf.
Here is a detailed infographic that explains why the GDPR was put into place.
All Blogs Must be GDPR Compliant by May 25, 2018. Click To Tweet
How Does GDPR Affect Bloggers?
After browsing through all of the legal jargon on the GDPR you might be wondering …
“How does the GDPR Affect MY Blog?”
The GDPR affects all internet marketers including bloggers that collect data from EU citizens. This means that if your blog will accept visitors from EU visitors, then your blog must be GDPR compliant.
Here are a few areas of your blog where you might collect personal data from EU visitors:
- Post Comments (Name, Email, IP)
- Email List Subscriptions
- Google Analytics (or any analytics service)
- AdSense Ads (or any ad service)
- Contact Form
- Site Registrations
Most bloggers have most, if not all of these features active on their blog. So it’s pretty safe to say that the GDPR affects all bloggers. Even those that do not live in Europe.
What Happens if Your Blog is Not Compliant?
If you are found to not to be GDRP compliant you could face very stiff fines. These fines are reported to be as much as 20 million euro or 4% annual global revenue, whichever is greater.
Individuals will also have the right to seek damages from you as a result of any GDPR violations. It’s simply not worth losing your entire business for noncompliance.
GDPR is important, however, it is nothing for you to stress about. If you miss an area you will not be hit with an immediate fine.
Source: European Commission
How Do You Know If Your Blog is GDPR Compliant?
When I started hearing about the GDPR a few months ago, this is the main question that I wanted to be answered. It was clear that I needed to be compliant, but I couldn’t figure out exactly what I needed to do the be 100% compliant.
Register with ICO (if necessary): Most bloggers are not required to register with the Information Commissioner’s Office (ICO). ICO registration is not required if you only process personal data for “core business purposes of staff administration, marketing, PR, and administration”. If you are unsure about how you process personal data you can take this assessment.
Update WordPress: The newest version of WordPress has added features to assist you with GDPR compliance. Be sure that you have upgraded to the latest version of WordPress.
Update WordPress Plugins: Ensure that all of your WordPress Plugins are updated. This will ensure that you have the GDPR compliant versions of all plugins. If you are using plugins that are not being supported, it may be a good idea to discontinue the use of those plugins as they have not been updated to support new GDPR rules and regulations.
Secure Your Site: Make sure your site uses https instead of http. Your hosting company can assist you with this. If you are using my recommended host Siteground, they offer free SSL Certificates to allow you to use https.
Review Your Email Service: Ensure that your email service provider is GDPR compliant. Most providers have taken care of all email related GDPR requirements. Log into your account and become familiar with these features. Note: You do not need to have your current subscriber resubscribe.
Review Subscription Forms: Ensure that your subscriptions forms clearly state what the subscriber will be receiving. For example, if you are using a subscription form to offer a freebie however as a result of subscribing the subscriber will also be added to your regular mailing list, you must disclose this on your form.
Use the WordPress Plugin: Use a GDPR Plugin to ensure that you are 100% compliant. This plugin is not required to be GDPR compliant. It simply provides you with an easy to follow checklist to ensure that you have met all GDPR qualifications. It also provides you with a one-click method of responding to GDRP related requests from your visitors.
How Long Will it Take Me to Get Compliant?
If you are a WordPress user there is a WordPress GDPR plugin that can help you get compliant in 3 Minutes. It wraps all of the complicated tasks listed about into a neat package that will visually show you once you are compliant. This plugin joined with services from Iubenda, will have you compliant well before the May 25th, 2018 deadline. And if the deadline has passed, you’ll be compliant shortly after you read this post and take immediate action.
Let’s Get Compliant
The deadline is quickly approaching. It’s time to put procrastination and fear aside and take the necessary steps to ensure that your blog is GDPR compliant. It’s not as hard as it sounds. Grab the plugin, follow the steps and give yourself peace of mind.
Thanks for Reading!
Leave a comment and share anything you’ve learned about GDPR for bloggers. Blogging is a community, so share your knowledge with others.
Like, Share, Tweet, & Pin this Post…