You can’t go more than five minutes these days without seeing a tweet or email about GDPR. It sounds big and scary and a bit overwhelming, so we’re here to break it down and let you know exactly what GDPR means for bloggers.
There’s no need to panic, just make sure you’re organised and ready for the changes which come into force on the 25th May 2018.
What is GDPR?
GDPR (also known as General Data Protection Regulation) is a new law which changes the way we handle and store personal data online. Starting from the 25th May, all businesses – including bloggers – will need to comply with the new rules.
GDPR isn’t something to worry about. It’s actually a good thing (it’ll mean you’ll get a lot less unsolicited email newsletters you never signed up for!), it just means you need to update a few things and make sure you’re running your blog as securely as possible.
GDPR is a regulation across the whole of the EU and relates to organisations collecting/processing data from any EU individuals, so even if you’re not a UK-based blogger, you’ll still need to comply. If you don’t, there are potential fines involved and, although it’s unlikely a small blogger would be hit with huge fines, it’s always better to be safe than sorry.
How will GDPR affect bloggers?
If you’re collecting or processing any sort of personal data, GDPR will affect you. This can mean things like storing email address in a mailing list or having commenters sign up to your website.
Collecting this sort of data is absolutely fine, as long as you can prove you have a lawful basis for doing so, and you have consent from the individuals to hold and handle their data.
This means you need to make it clear why you’re collecting personal data, what you’re going to do with it, and how people can delete this data if they wish. GDPR doesn’t mean you need to shut down your mailing list, stop emailing PRs and close your comment sections. It just means you need to be upfront about what you’re doing.
What do I need to do?
You must also make sure you have consent from each and every person you hold data on, and you need to able to prove you have this consent. For example, if you have an existing mailing list, you’ll need to contact everyone on it and get them to resubscribe using double opt-in – opt-out is no longer considered adequate consent.
Finally, make sure you’re registered as a data controller with the ICO. If you blog purely as a hobby you may be exempt from this, but if you make any money from your blog or use it as part of your business, you’ll need to register. Take this self-assessment test if you’re not sure.
Here are some steps you might need to take before 25th May as a blogger preparing for GDPR:
- Send an email out to your mailing list asking users to resubscribe using double-opt in (if you’ve already been using double-opt in, can prove this consent and have a clear unsubscribe button, no need to do it again!)
- Update your cookies, particularly if you’re collecting data for analytics, affiliate links or remarketing purposes, to let people know what you’ll be collecting and how long it will be kept for
- Secure your blog by updating passwords to ensure only you have access to any personal data, and reduce the likelihood of any data breaches
- If you use WordPress, make sure all the plugins you use are GDPR compliant
- You can no longer use freebies as a way to “trick” people into giving you their data (e.g. “sign up to the mailing list for this exclusive free download”) so remove any of these to comply with double opt-in
To make sure you’re completely clued up when it comes to GDPR, here are a few blog posts and resources to check out:
- The GDPR and bloggers – what you need to know from Jenny Marie
- Bloggers: Do These 10 Things to Comply with GDPR from TOTS100
- Guide to the GDPR from the ICO
- GDPR – What it means for influencer marketing from One Roof Social
- GDPR Basics with Zoe Findon from Blogtacular Podcast
- GDPR Consent Guide from Mailchimp
- What is GDPR and how does it affect bloggers and freelancers? from XOMisse