You may have seen emails addressing GDPR hitting your inbox frequently this month. I know I get at least 3+ emails a day from other people I follow my email provider, various services I use to run my business and those of my clients all addressing GDPR.
I don’t know about you but the number of emails I have been getting caught my attention so I decided to research and find out what it really means for my business and my blog.
In this post, I will explain what I have learned and what I am personally going to do to make sure my blog is GDPR compliant.
What exactly is GDPR?
GDPR simply put is the General Data Protection Regulation law passed in 2016 to protect data and privacy for people in the European Union. It becomes enforceable on May 25th 2018…which explains why all of the emails currently hitting your inbox addressing this subject.
Okay, so you are probably wondering why should I care about GDPR?
- It applies to anyone who processes personal data – for us bloggers it means collecting emails, names and any other information about a person.
- You are accountable for the security of the information you are collecting.
- It has a global reach – yes it might be a European law, however, if you collect the data of a European citizen…you fall under its reach regardless of your location.
How GDPR can affect blogging activities
Activity #1: Collecting Email Addresses
Collecting email addresses is the collection of personal data. If you have opt-ins on your website — then you have a responsibility for that data.
Activity #2: Running a WordPress Blog
You know those blog comments? They require the commenter to submit their personal information in order to leave a comment.
And did you know that WordPress creates cookies for those commenters? According to the new GDPR law, those cookies are classified as personal data.
Finally, let’s address the plugins that you use to run your WordPress Site. Those plugins may or may not collect personal data.
Activity #3: Tracking Behavior
Facebook pixels, Google analytics, and email analytics are all things that smart marketers use to get information to help build their businesses right?
These all fall under the GDPR law as well.
Activity #4: Webhosting
Simple things like backups and tracking the IP of who visits your website are common things that your web host does. Each of these fall under the GDPR laws.
How to be GDPR Compliant on Your Blog
Step #1: Process data lawfully
Collect and process list building data by consent only. In other words, don’t go adding people to your list without their prior consent. If you built your list with opt-ins and collected emails at events where people gave you their information, you’re covered.
And…don’t worry about having to reconfirm your email list. if you got opt-in consent in the first place, and have a clear “unsubscribe” option on your emails which all email providers require you to have, then you’re good to go.
Personally, I’ve witnessed a list that was researched and then asked to opt-in and the results were not good enough to warrant the time and expense to gather the data.
And frankly, it just pisses off a lot of people to be added to an email list without their consent. I see this happen all the time especially with people I connect with on LinkedIn…they then seem to think it is okay to add me to their email list.
I also personally would refrain from buying or selling lists.
Step #2: Collect a minimal amount of information
If you are list building, you will want to adjust your data collection to only collecting email and name. However, if you want more information such as phone number and gender for example…you’ll want to tell your subscriber exactly why you need this information.
I personally follow this rule of thumb of minimal data collection as asking for too much tends to turn potential subscribers off.
Step #3: Update Your Privacy Policy
In this post, I wrote about why you need to have a privacy policy. If you don’t have one or its been awhile, now is the time to update it and this post will show you how to do it.
You’ll want to make sure you mention what data you collect, what you use it for and who it’s shared with.
Step #4: Check Your Suppliers
You know those plugins, email service providers and web-hosting companies that also might be collecting data?
It’s a good idea for you to do a quick check and see on their site what they are doing to be GDPR compliant. My guess is that you’ve probably already gotten an email from them addressing this.
And make sure your systems are set up to protect personal data that you are collecting as well.
Step #5: Be Super Clear About Consent
This applies to your list building efforts…you’ll want to make sure that you let them know what they are consenting to. If you are sending a freebie and adding them to your email list, it needs to be stated in your copy.
Step #6: Keep Your Website Up to Date & Secure
One of the biggest mistakes I see is that most website owners overlook is performing routine website maintenance. Websites that get hacked most often are ones where the WordPress version and plugins are out of date.
And you’ll want to make sure you’ve got the right security plugins set up and maintained too. This is often overlooked as well.
Step #7: Check Google Analytics
You’ll want to log into your Google Analytics account and make sure your cookies settings are non-invasive.
Here’s how you can quickly Check the User ID:
1. Log into Google Analytics
2. Click on Admin
3. and navigate to the property in which you want to implement User-ID
4. In the PROPERTY column, click Tracking Info > User-ID.
Then you will be able to see if this is turned on or off. I would make sure it is turned off to keep your account GDPR compliant.
Now that you know what GPDR is and why it is important to you as a blogger. I hope these 7 steps to making sure your blog is compliant are helpful to you. I’d love to hear your comments and opinions about GPDR.