Is Your Blog GDPR Compliant? 3 Easy Steps To Do It Right

GDPR has created a lot of noise on the internet.  If you are a blogger or a website owner, you must be wondering if the same rules apply to you or not.

Is Your Blog GDPR Compliant?  There are some factors you need to consider before coming to a conclusion.

• Are you collecting personal data of your readers? (this includes name, username, IP address, email address, and payment details)
• Do you have a newsletter signup on your website?
• Do you use any third party service on your website? (such as Google Adsense or Analytics)

gdpr-ready

If your answer to any of the above-mentioned points is yes, your blog needs to be compliant with GDPR. However, there is nothing to worry about!

While you can find tons of information about how businesses and platforms can get compliant with GDPR, there is very little information on the process of bloggers getting GDPR compliant.

Let's get into more detail!

What is GDPR?  What Do You Need To Do In Order To Your Blog Or Website Be GDPR Compliant?

In case you don't know about GDPR, it stands for General Data Protection Regulation.

On May 25, 2018, the European Union imposed the regulation to protect and secure the data of people residing in EU regulated countries.

However, GDPR affects everyone throughout the world who either runs a website or does email marketing that involves EU residents.

European Commission GDPR

Click above to read more from the official website of the European Union

According to the legislation, if your website collects or stores data of any EU citizen, you must comply with GDPR.

• Tell the user about you, why you collected their personal data, and how long will you store
• Get the user's consent before collecting their data
• User must have a right to access or delete their data
• Inform user about any data breach

What is Personal Data?

You must be familiar with personal data and what comes into it.

According to the legislation, any information that can directly or indirectly identify a natural human is called personal data.

Personal data includes name, age, gender, marital status, phone number, credit card details, IP address, and appearance. 

Don't Collect Unnecessary Data

Do you need contact numbers of your data subjects to send blog updates? Probably not!

GDPR requires you to collect only necessary data. As a blogger, you will only need to collect their name, email address, and IP address (again if necessary).

GDPR data collection

The more data you store, the more responsible you have to be.

Also, you must have evidence of why you collected their data and why you processed it. Even if you need the data for a specific period, you are responsible for deleting their data.

In case a user comes to you and asks you to delete their information, you are obliged to delete their personal data under GDPR.

Why is GDPR Important for Bloggers?

Bloggers have visitors from all over the world, including Europe.

Blocking the EU from your website is not a long-term solution, especially when you want the entire world to read your blogs.

The way bloggers used to collect email addresses for building email lists has changed after GDPR.

GDPR adds new requirements for websites, especially for bloggers, to protect user's data.

The EU has imposed a hefty fine in case of non-compliance; the maximum penalty is 20 million euros.

EU data collection

Every time you collect data of any EU resident, always remember that the data subject has rights under GDPR, including

• Right to be informed
• Right for access
• Right for deletion of data
• Right to object

Though there are very few chances of bloggers getting fined, you should still be GDPR compliant to make your website a safe place for everyone. Also, it's not difficult to get compliant.

Here are the three things that are essential for every blogger to do for getting GDPR compliant.

Create a Privacy Policy

Privacy policy on a website has always been required, but now it is essential under new regulations to have one on your website.

A privacy policy is a legal statement that tells your readers how you collect, store, and manage their data.

By law, you need to inform your readers about

• What data do you collect
• What are their rights in that regard
• Your notification process for any changes in policy
• The effective date of your privacy policy
• Any third party access to their data (be it Google or social media platforms)

Privacy policy GDPR

Every blog should have a unique privacy policy stating all of the points mentioned above. Instead of copying others' privacy policy, you should create a new one or get help with a lawyer.

Even if you get a GDPR compliant privacy policy, you still need to make changes in it. Add things specific to your situation.

If you have a mailing list and ask readers for their information, make sure to mention in your privacy policy that you collect their data.

The readers must have a right to choose whether they want you to collect their data or not. 

Add a Cookie Consent Form

Every website uses cookies, your blog must be using them too.

Cookies are small data files that collect information about your visitors, such as the time they visited your blog and remember the information.

If someone visits again, cookies store that information as well.

Websites are always required to alert visitors that they use cookies even before GDPR. It is now mandatory to inform your visitors that you are using cookies and are GDPR compliant. 

Cookie Consent GDPR

If you still don't have a cookie banner on your blog, you need to have one immediately.

GDPR is trying to make it clear for the visitors that once they agreed to cookies, they have given their consent.

You need to clearly mention that you are using cookies for XYZ reasons, and by clicking, "I Agree," they provide you with permission to collect their data.

A lot of blogging platforms have made it so easy to insert a cookie banner. WordPress offers a free cookie plugin as well. It should pop-up as soon as the user visits your website.

Fix Your Email Marketing Automation

Many bloggers have newsletters and mailing lists on their websites, which has changed the dynamics of how information is collected.

The reason behind the mailing list is that there should be proof that readers have signed up themselves, knowing what and why they are signing up.

If your mailing list already confirms and verifies their sign up to your newsletter, you don't need to change the sign-up form.

However, many bloggers suggest sending an additional authentication email to confirm their consent further is a good idea.

In case you update your privacy policy, inform your email list about the changes in your policy, and give them an option to unsubscribe as well. 

email marketing GDPR

You are also required to get their consent again if you change your niche afterward.  Simply, never presume their consent and inform them about any changes.

If you are using any third-party plugins, mention how they collect and store their data.

Many bloggers use Mailchimp to send emails and Google Analytics to get information about their audience.

Google Analytics usually enables GA to differentiate one visitor from another.  But when you set them correctly, GA cookies can be seen as 'non-privacy intrusive.'

That means you don't need to get prior consent to use them on your website. 

Conclusion

Like it or not, you need to get GDPR compliant even if you are not in the EU. If you get a deeper understanding of the data you hold, you would know the importance of the law.

In case GDPR doesn't apply to you, what's the harm in getting compliant with it? It will not only save you from future hassle but also increase your visitors' trust in you.

When you can put your heart and soul into your blog, why don't you become loyal to your followers by respecting their privacy?

By getting GDPR compliant, your blog will be stronger (legally) than ever.

>