What is GDPR and How To Make Sure Your Blog is Compliant
Are you hearing chatter about GDPR? Have no clue what it is and what you need to do to make sure you’re doing things correctly on your site? I’ve got you covered.
After years of debate, the General Data Protection Regulation is finally going into effect on May 25th, 2018 in the UK.
If you’ve been blissfully unaware about GDPR, I’m going to walk you through what is GDPR and why it can affect you and your blog!
Table of Contents:
- What is GDPR?
- The 5 GDPR basics you must know.
- What are the GDPR rules for companies?
- What does the GDPR mean for those of us outside of Europe?
- 5 easy steps toward being GDPR compliant.
What is GDPR?
The General Data Protection Regulation (GDPR) is currently taking Europe by storm.
It’s a regulation in the European Union (EU) law on data protection and privacy for all individuals within the European Union. It addresses the export of personal data outside the EU.
Protecting consumer’s private data and personal privacy is the main concern.
And it affects people all over the world, not just in Europe.
The 5 GDPR Basics YOU must know.
- It applies to anyone who processes “personal data”. These are things like names, email addresses, and other types of ‘personally identifiable’ information.
- New security responsibilities. If you process personal data, you are now responsible and accountable for its security and the way it is used.
- It has a global reach. Yes, this is an EU law, but it can apply to anyone, outside of Europe.
- Applies to all businesses. It’s about ‘what you do’ with other people’s data, not ‘who you are’ or ‘why you do it’.
- There are non-compliance fines. The fines are up to 20 million euros (which is about $24 million US dollars) or 4% of your global revenue, whichever is higher.
What are the GDPR rules for companies?
To provide working opt-out tools (so users can withdraw their consent at any time), clearly disclose data breached to end users (within 72 hours), and to allow users the ability to download and retain a complete copy of their own private data.
What does the GDPR mean for those of us outside of Europe?
Some businesses outside of the EU have decided that being in compliance isn’t worth the cost or hassle and have elected to simply block EU users from accessing their services and/or products all together.
If your blog is genuinely targeted at a non-EU audience and you don’t process the data of EU consumers, then you have a potential exemption from the GDPR.
If your blog has users volunteering personal information such as; online contact forms, blog sign ups and membership logins, just to name a few, you might really consider publishing a GDPR compliant privacy policy.
For my own blog business – Your Marketing BFF – I service businesses all around the world, including Europe, so I’ve adopted a privacy framework as a “solution” to this internet privacy crisis.
You will see that I have added a new Privacy + Cookies Policy to the footer of my website, you can see/read my policy HERE.
Disclaimer: I am not an attorney, and this is not legal advice, I am simply showing you my own privacy policy as a guide to what should be included.
5 easy steps toward being GDPR compliant.
- Make a personal data inventory. Make a list of the types of personal data that you collect on your site.
- Publish a GDPR compliant privacy policy. You’ll want to outline the types of data you collect, how you tend to use it, what data might be shared with others, and explain the rights of the individual.
- Clearly ask for consent where individuals are volunteering personal information (like a blog subscribe form). Some email providers like Mailchimp make this easy with built-in GDPR features such as a double opt-in requiring the individual to confirm their original request before their info is added to your mailing list.
- Make sure your site is secure and is using reputable web hosting. Most blogs run on a 3rd party hosting company and therefore become our ‘data processor’ in GDPR terms, since they are processing data on our behalf.
- Make sure your Google Analytics configuration is set up correctly. I’d suggest that you make sure that all of the boxes in the ‘data sharing settings’ are not checked.
Like it or not, the GDPR could affect you. Not to mention, you’re also responsible to your loyal following to keep their information secure.
Now you know what is GDPR and how to make sure your blog is compliant, I’d suggest getting ahead of the game so you can rest easy!
This is so helpful Tana! Thank you always for your knowledge and expertise! xo, Beth
You’re so welcome, glad it helps!
I needed this!!! I love how you are always helping out and giving what we need to know in an easy way to comprehend it.
It’s good to be prepared and ready for the changes! xo
Very helpful Tana! You explained that well, I am going to make sure I am following all those steps!
Perfect!!!
Thank you for breaking this down! My eyes glaze over with this stuff so now I know what to check to make sure I’m staying compliant.
Mine too! But it has to be done. The not-so-fun side of an online business… but necessary!