Those big four letters have been plastered everywhere – but do you know how they affect you as a blogger?
What is GDPR?
GDPR, or the General Data Protection Regulation, has been introduced by the European Commission to better protect the data of citizens within the European Union (EU). It has been designed to empower EU citizens, who can find out how each website they access uses their data.
More than that – if they are unhappy about a website retaining their data, or using it in a certain way, they can ask them to delete all records of them if they wish.
GDPR comes into effect on 25th May 2018. It’s important to make sure your blog or website is up to scratch, so that you comply with the new regulation.
No matter where you are based, if your readers, followers, or customers are based in the EU, you need to make sure you are compliant.
Are You A Data Holder?
The first step to making sure you’re compliant is to see what data you currently hold.
Blogs often hold data in the form of:
- Names, IP addresses, email addresses from commenters
- Cookies to enable Google Analytics and other third-party tools to work
- Email addresses and other data for newsletters
All of these fall under “personal data”, which is what GDPR specifically protects.
Note: For the Ethical Influencers who only use social media, you won’t need to worry about GDPR. The platforms you use hold the data on your behalf, so it’s for the platforms to ensure they are GDPR compliant.
5 Steps To GDPR Compliance
For ethical bloggers, it’s important to show you are just as transparent as the brands, people, and way of life that you advocate. You can achieve transparence with your own readers, and comply with GDPR, by doing the following:
- Create a Privacy Policy for your blog. This is the first step in outlining what you use your readers’ data for, how you hold it, and the way they can request to find out what data you hold on them (or ask for you to delete it). In Pipdig’s guide to GDPR, they recommend creating a Privacy Policy using Iubenda, which offers a free basic package.
- List any third-party services you use. By integrating your blog with third-party services such as Google Analytics, Disqus, or Affiliate Programmes, you’re permitting your users’ data to be transferred to them. While you’re not required to know their privacy policy, or take responsibility for how they use that data, you do need to outline what you use.
- Give newsletter subscribers the option to opt-out. If you send a newsletter, you need to allow subscribers to opt-out of the list, usually through an unsubscribe button in each email sent. If you use MailChimp, this has already been done for you. Better still is to ask your current subscribers to re-subscribe, to ensure they want to continue receiving information from you. You can then delete your old list with any contacts who no longer want to hear from you.
- Get an SSL certificate for your blog. You can tell if your site has an SSL certificate as your URL will start https rather than http. Your hosting company can provide this certificate for you, with many doing so for free (we use and recommend Green Hosting). This is also important as visitors using Google Chrome browsers will have trouble accessing your site unless you have an SSL certificate.
- Keep your blog up-to-date. Make sure all your plugins or integrated apps are up-to-date, as they too will have worked on complying with new regulations.
What Happens If I’m Not GDPR Compliant?
There’s only a short time left to prepare before GDPR comes into action, but don’t worry!
This regulation is targeted at large data holders, such as the social media platforms we know and love. It’s important you comply with the regulation, but smaller businesses and sole traders such as bloggers needn’t worry too much.
Make sure you follow the steps in this guide, and independently check you’re up to scratch with the regulation as soon as you can. And if you do find you haven’t fully complied, the first step taken will be a warning: so you’ll have the opportunity to rectify any areas you’ve missed.
Disclaimer: This guide has been created to help bloggers to understand GDPR and check they are compliant. The recommendations provided have not been checked by lawyers, and we take no responsibility for the advice provided. It is your responsibility to make sure you are fully compliant with GDPR regulations.