The GDPR: It’s a Pain, But ALL Bloggers Need to Take Action

How many emails have you received in the last few weeks about the GDPR and companies asking you to update your mailing preferences and read their new privacy policy? A lot, I imagine.

I predict that when the new General Data Protection Regulation (GDPR) comes into force on 25 May, only a tiny percentage of bloggers around the world will be ready and compliant. If you blog and/or collect data of any kind about your readers (we’re talking mainly about email addresses) then you need to be GDPR ready.

I have a feeling many bloggers will think it doesn’t apply to them as they’re not in the EU. However, if you make your blog accessible to anyone in the EU (which is just about every blogger, isn’t it – who blocks their blogs from countries outside of their own?) then GDPR applies to you.

But don’t panic. Those that are really going to be caught out are the big companies, but in the same way that bloggers need to disclose sponsorship and payment properly, we all need to take a few simple steps to adhere to these new rules.

Here’s a very quick guide to why, what and how you should be GDPR ready by Friday (remember US/Canadian/Australian bloggers – this applies to you too)!

What is this GDPR everyone’s talking about?

Here’s a quick rundown (I took this from Mailchimp who are one of the top mailing list hosting services):

The GDPR is a European Union (EU) privacy law that will affect businesses around the world when it becomes enforceable on May 25, 2018. It regulates how any organization that is subject to the Regulation treats or uses the personal data of people located in the EU. Personal data is any piece of data that, used alone or with other data, could identify a person. If you collect, change, transmit, erase, or otherwise use or store the personal data of EU citizens, you’ll need to comply with the GDPR.

You need to have a legal basis, like consent, to process an EU citizen’s personal data. This consent must be specific and verifiable.

Verifiable consent requires a written record of when and how someone agreed to let you process their personal data. Consent must also be unambiguous and involve a clear affirmative action. This means clear language and no pre-checked consent boxes.

To summarise for the purposes of bloggers: If you offer any sort of email updates for your blog, no matter where you are in the world, you need to have collected that information under the new GDPR guidelines. So you need to make sure that new information (emails) you collect is collected properly, and that the information you have already collected has been checked via the new way of gaining consent.

What do bloggers have to do to comply with GDPR?

These are the basics you need to do to comply with the GDPR:

Make sure you have a cookies pop up
Ensure your site is https secure (not just http)
Put a privacy policy on your blog
Ensure your “sign up for email updates/newsletter” form is GDPR-compliant
Contact everyone on your email database – inform them of the changes and ask them to update their preferences

(Now before anyone tries to catch me out, I haven’t yet done these things yet – this is my big To-Do job this weekend!)

The reason why all bloggers need to contact their subscribers and ask them for permission to email them again is because all bloggers should have activated their “sign up by email” options for readers. If you haven’t done this, you’re squandering a lot of blog traffic – a mailing list is the main way you should be collecting followers.

Rather than writing a long post all about how you should be doing these things, I thought I’d link to articles and blog posts that others have written. As they’ve gone to the trouble of writing it all so thoroughly they really should get the credit, not me…!