GDPR Actions you need to do as a Blogger

S

o you’ve heard about GDPR, you’ve buried your head in the sand until the final days and now you are running around like a headless chicken. It’s time to take action and make sure you are compliant. But what actions do you need to do these are the basics for a standard blogger – each blog will be slightly different depending on what you do on your site but you can break it down to these actions.

 

Actions to take to be GDPR Compliant

  1. Know what data you collect
  2. Know how you process the data
  3. GET RID OF ANY DATA THAT YOU COLLECT THAT YOU DON’T REALLY NEED TO
  4. Make sure you have an easily understood data protection and privacy policy
  5. Add a cookie consent message for your WordPress Self Hosted Blog
  6. Make sure your a compliant with your Freebies
  7. Ask people in your newsletter list that you don’t have proof that they consented to be on your list whether they still want to be (EU and Swiss subscribers essential)

What Data do you Collect

You collect data on your site through

  • Log Files on your server if you are self-hosted
  • Cookies for things like Google Analytics
  • Input forms for comments and newsletters

The data that you collect may be specific to your site or general some common ones are

  • IP Address
  • Tracking of pages visited
  • Time spent on site
  • Where you arrived on the site
  • *Demographics and interests if Google Analytics is enabled
  • Name
  • Email Address

If you sell products digital and physical then you may have more data than you realise.

Step 1 is to write it all down.

Read More About Data Collection and your Role as a Data Controller

Know How you Process the Data

Part of GDPR is about only collecting the data that is necessary to perform the functions that you need it for. So do you need to have someone’s name, email address required everytime they comment on your site? I don’t on my main site – instead of being required you can make it an optional so people can enter it or not.

For others, if you have demographics and interests enabled then what do you use it for – personalizing the website, informing editorial content and making sure you work with brands that your readership will be interested in.

You also need to know who is processing the data is it you or is it a Third Party?

Read More About Data Processing and your Role and Those of Third Parties as Data Processors

Get Rid of Data that you Don’t Need

If you don’t need to collect people’s name and email address when they comment but want to give people the option then remove it as a requirement in your wordpress settings. Although email addresses are never SHOWN to the public end of the wordpress site – if you have a gravatar attached to your email address then your image will appear. You can also switch that off as well.

If you do this I suggest you make comments approved before going live.

Write a Privacy Policy

If you don’t have a privacy policy then you should write one out.

The privacy policy needs to be clear and easy for your reader to understand. There are examples e.g. https://www.contractology.com/free-privacy-statement.html or you can use this as a working document and adapt and adjust for your site and what data you collect and process.

CONSENT

The biggest thing I keep hearing about is Consent – this stems from the Freebie sign-ups, because the consent for these is not clear that you are subscribing to a newsletter they are not compliant.

You can use some of the third party options of keeping your FREEBIES as is and adding a check box which allows people to opt-in to your newsletter.

OR

You can switch the sign up to be not about your freebie but instead about signing up to your newsletter and offer the freebie as a gift for subscribing – similar to how companies offer discount vouchers for being members of their loyalty cards.

BUT it has to be clear that they are signing up and what they are signing up for.

Cookie Consent

Way back in 2011/12 the EU Cookie Law was agreed upon whereby people had to know in the EU if you are using cookies on your site and accept that they want to use them.

Blogger sites automatically display a cookie consent box however the majority of blogs on WordPress Self hosted that I visit don’t!

You need a cookie plugin then which will display the message and allow people to accept or provide more information on how to disable the cookies.

Newsletter Subscribers

If you have been offering Freebies or products to people and automatically signing them up to your newsletter list and they are in the EU then it’s time to ask them if they really want to be on your list.

They haven’t given their implicit consent to your newsletter so you need to give them that option and then remove them if they don’t give their consent.

This is also a great way to clean lists and make sure that you are compliant.

Want more details then watch the Facebook Live I did chatting with Kelli and Crystal from Learn to Blog Hangouts all about GDPR.

Share these tips with other bloggers
The Blog Surgery

Cerys is the founder of Rainy Day Mum a top UK parenting blog. Prior to having children, she taught digital media and web development. Supporting other bloggers to develop, grow and expand their blogs through actionable tasks that aren't as terrifying as they seem to be!

Click Here to Leave a Comment Below

Margo - May 7, 2018

I saw your video in the Learn to Blog Hangout, and wanted to say thank you for the helpful information on the GDPR requirements. As a small blog owner all of the regulations are a bit nerve wracking. . I have a question about permissions. Do I need to have separate permissions from those wanting to get an email when I post a new post (like blog feed) and then additional permission for if I send them a newsletter just to be more personal once in awhile?

Reply
Katie/Celebrating With The Bug - May 17, 2018

Thank you! This post is very helpful!

Reply
Leave a Reply: