GDPR Actions you need to do as a Blogger
So you’ve heard about GDPR, you’ve buried your head in the sand until the final days and now you are running around like a headless chicken. It’s time to take action and make sure you are compliant. But what actions do you need to do these are the basics for a standard blogger – each blog will be slightly different depending on what you do on your site but you can break it down to these actions.
Actions to take to be GDPR Compliant
- Know what data you collect
- Know how you process the data
- GET RID OF ANY DATA THAT YOU COLLECT THAT YOU DON’T REALLY NEED TO
- Add a cookie consent message for your WordPress Self Hosted Blog
- Make sure your a compliant with your Freebies
- Ask people in your newsletter list that you don’t have proof that they consented to be on your list whether they still want to be (EU and Swiss subscribers essential)
What Data do you Collect
You collect data on your site through
- Log Files on your server if you are self-hosted
- Cookies for things like Google Analytics
- Input forms for comments and newsletters
The data that you collect may be specific to your site or general some common ones are
- IP Address
- Tracking of pages visited
- Time spent on site
- Where you arrived on the site
- *Demographics and interests if Google Analytics is enabled
- Email Address
If you sell products digital and physical then you may have more data than you realise.
Step 1 is to write it all down.
Read More About Data Collection and your Role as a Data Controller
Know How you Process the Data
Part of GDPR is about only collecting the data that is necessary to perform the functions that you need it for. So do you need to have someone’s name, email address required everytime they comment on your site? I don’t on my main site – instead of being required you can make it an optional so people can enter it or not.
For others, if you have demographics and interests enabled then what do you use it for – personalizing the website, informing editorial content and making sure you work with brands that your readership will be interested in.
You also need to know who is processing the data is it you or is it a Third Party?
Read More About Data Processing and your Role and Those of Third Parties as Data Processors
Get Rid of Data that you Don’t Need
If you don’t need to collect people’s name and email address when they comment but want to give people the option then remove it as a requirement in your wordpress settings. Although email addresses are never SHOWN to the public end of the wordpress site – if you have a gravatar attached to your email address then your image will appear. You can also switch that off as well.
If you do this I suggest you make comments approved before going live.
The biggest thing I keep hearing about is Consent – this stems from the Freebie sign-ups, because the consent for these is not clear that you are subscribing to a newsletter they are not compliant.
You can use some of the third party options of keeping your FREEBIES as is and adding a check box which allows people to opt-in to your newsletter.
You can switch the sign up to be not about your freebie but instead about signing up to your newsletter and offer the freebie as a gift for subscribing – similar to how companies offer discount vouchers for being members of their loyalty cards.
BUT it has to be clear that they are signing up and what they are signing up for.
Way back in 2011/12 the EU Cookie Law was agreed upon whereby people had to know in the EU if you are using cookies on your site and accept that they want to use them.
Blogger sites automatically display a cookie consent box however the majority of blogs on WordPress Self hosted that I visit don’t!
You need a cookie plugin then which will display the message and allow people to accept or provide more information on how to disable the cookies.
If you have been offering Freebies or products to people and automatically signing them up to your newsletter list and they are in the EU then it’s time to ask them if they really want to be on your list.
They haven’t given their implicit consent to your newsletter so you need to give them that option and then remove them if they don’t give their consent.
This is also a great way to clean lists and make sure that you are compliant.
Want more details then watch the Facebook Live I did chatting with Kelli and Crystal from Learn to Blog Hangouts all about GDPR.