You may (or may not) know that I have a Bachelor Degree in Law and a Masters Degree in Sociology of Law. So when news of the new EU General Data Protection Regulation (GDPR) hit, I decided to roll up my sleeves and get studying. The GDPR is said to be the most important change in data privacy regulation in 20 years and there are many steps needed to take in order to ensure compliance. So what about the GDPR for bloggers? Does it affect us at all? What do we have to do? Luckily, I have figured out as much as I can in order to share it for you in this blog post!
It will affect all businesses saving information about their customers online, and it is important to have a proper understanding of it before it is enforced. The official enforcement date of the GDPR is May 25th, 2018. Businesses who are not in compliance with it after that date can face quite heavy fines and penalties, which is why I’ve decided to write this post.
One of the reasons why it is important to ensure that you are aware of and in compliance with the GDPR are the new, and higher, fines you risk having to pay if you are not in compliance with the Regulation.
GDPR for bloggers – Will it affect us?
Most likely. Whether you live in the EU/EEA or have subscribers who do (even if it’s just one), the GDPR will affect you as a blogger as long as you collect data about your readers. Most bloggers have an email list, and storing this information about your readers is what makes the GDPR affect you. It will be expected that you are familiarised with the new regulations and that you are in compliance with the GDPR by the enforcement date (May 25th, 2018 in case you forgot already).
In short, the GDPR applies to anyone who handles personal information in some way. As a blogger, this will most likely be emails you collect from your readers and subscribers, and IP addresses.
How do I ensure compliance with the GDPR as a blogger?
First, let me quickly take you through the purpose of the GDPR. It is simply to protect consumer data (aka personal information such as a name, email address or address) from being misused by anyone collecting it.
Figuring out how to comply with the GDPR as a blogger can seem a little overwhelming, but there are certain steps you can take to easily ensure compliance.
The things you should stop doing completely by the 25th May 2018:
- Not telling your subscribers what they can expect from being on your email list
- Sharing data with more people than intended and informed about, for example if you are hosting a giveaway and then sharing the email addresses with the brand sponsoring it
- Auto opt-in forms
- Not having a ‘confirmation of subscription’ email being sent out to your subscribers
- Adding people to your email list without asking (you shouldn’t be doing this to begin with, to be honest)
- And finally, you should not be sharing brand contacts without permission
Luckily, most applications and software you are using where you are potentially collecting data (such as MeetEdgar or ConvertKit) are way ahead of you on this, and are already sending out emails with information on how they are ensuring compliance with the GDPR. For example, ConvertKit have now added settings that allow you to provide EU residents with extra information, which definitely makes it easier to comply with the new GDPR for bloggers.
Keep reading: head this way for my full guide to using ConvertKit as a blogger (and why you need it).
What I advise bloggers to start doing as soon as possible:
Compile a list of apps, software and plugins where you are currently collecting information about your readers or followers. For bloggers, this will commonly be your email list and your comments software, but do a complete run-through of everything you use either way – just to be on the safe side. You are responsible for where you store data, so ensure that every single of these are in compliance with the GDPR.
Make sure you have a cookie warning if you are using cookies on your blog. You know, the little pop-up that a reader has to either dismiss, agree with, or click ‘OK’. Cookies include the Facebook Ads pixel and Google analytics tracking, so chances are; you are using cookies.
Go through ALL of your email list forms and landing pages, ensuring that you are in compliance with the GDPR. This includes;
- Explicitly saying what information you will be storing and what purposes it will be used for
- Ensure that you are getting their active consent in receiving this information, either by having a checkbox, a clear notice that their email addresses will be added to your list, or a double opt-in.
Check with your email marketing software what measures they are taking! I am using ConvertKit, who have added the settings you see below, in order to help you comply with the GDBR as a blogger.
Have any questions about the GDPR for bloggers? Leave them below and I’ll answer as best as I can!
As learning about the GDPR for bloggers is rather important for all our online friends, please share it wherever you think it may be relevant! There are sharing links below, and you can also pin it.