I’ve seen a lot of people stressing about GDPR compliance, and rightly so. It’s a big thing! With just over a week to go until the new laws come into effect, it seems there is a big push for bloggers to get themselves sorted out.
As you will know if you follow me on Twitter, I gave myself a migraine and had to take a four-hour nap because I got myself so wound up about it. I’m not very good with this sort of thing. Had I known about GDPR looming back in April, it probably would have been enough to put me off blogging to begin with! Never fear, I’m going to save you all the hassle and put my suffering to good use and use it to help you!
A few things before we start:
I’m not going to get into GDPR and what it is because I wouldn’t have a clue what I’m talking about. I’m not a lawyer. Despite reading about it on several different occasions, I still don’t understand it enough to be able to explain it. Thankfully, other bloggers have taken care of that, so you can read their posts here and here. I do recommend taking a look at those posts to get the gist of what you need to know. However, I think most of us are more concerned with what it is we need to do, rather than understanding every detail of GDPR.
As I use WordPress for my blog, that is what this post is based on. I do not have experience with other blogging sites and, sadly, cannot offer much help. I imagine some of the basic principles are the same, and you can still use it for guidance. If not, search for “GDPR” in Pinterest – lots of blog posts come up, and there’s bound to be something in there to help you.
What you need to know is that it affects you, and you need to do something about it. It doesn’t matter if you are outside of the EU. If you have visitors to your site from the EU, you need to be compliant. You are still gathering their data, even if that’s simply in the form of cookies and information for Google Analytics.
First up, you need a list.
If you’ve read the blogs I suggested, you may have seen they both suggest making a list of the ways in which you gather data. This will make things much easier when it comes to doing the next step. So, do you have a contact form? Write it down. Can people enter their name and email address to subscribe to your newsletter? Make a note! Do you use Google Analytics? Get that on there, too.
Anything and everything which gathers information from your visitors, make a note of it. You may not need it all, but it’s more than likely you will.
While doing this, assess if everything is absolutely necessary. Part of the GDPR law is that you can’t gather information which isn’t relevant to the needs. So, say you are using a contact form, you need to ask for the minimum amount of personal information you can. This is probably name and email address. Double check the data you are gathering is essential to do the job and if not, get rid of it.
Next, meet your new best friend: Iubenda.
As you can see from the image above, Iubenda enables you to select the plugins, services and affiliates you use and generates your policy from there. (See why your list comes in handy now?) You can see on the right-hand side some of the things I have selected, like Awin and Google Analytics. There is a free version, but you can only add 5 services. Plus, as you can see, some services are only available on the pro, paid for service. I used the one-off license service which was $27 (roughly £22) for one year because I wanted to make sure I could include everything I needed to. I was happy to pay the fee to save myself the stress of trying to figure out everything by myself. Here’s mine, if you want to take a look at what it’s like when it’s all set up.
Plugins are lifesavers.
As part of the new laws, you need to inform visitors you will be collecting cookies and this is not allowed to go ahead until they have approved this.
Installing this plugin also enables your visitors to have more control over their data. This is another key part of the new GDPR laws. Visitors need to be able to find out what data is being stored, and have the ability to withdraw it. This plugin takes care of that by giving you a privacy tools page which looks like this.
You need to get consent from new and old visitors alike. Someone could have been involved with your blogging journey right from the go, they could have subscribed to your newsletter two years ago, it doesn’t matter. You need to ensure they are happy for you to have their data and to continue using it!
Https exists for a reason.
If you’re not already aware, “https” rather than “http” means you have an SSL certificate and your site is secure. This is another important feature for GDPR. As you can imagine, security is highly important when you are gathering personal data.
As I am self-hosted with SiteGround, they gave me the ability to enable this option. If you are also using SiteGround, here’s a handy guide for how to take care of it.
However, if you use another hosting service, you may be able to get it free through them, too. Alternatively, you may have to purchase it. I’d recommend contacting them to find out what your options are.
Speaking of contacting others…
YOU are responsible for ensuring the services you use are also GDPR compliant. For the most part, this shouldn’t be a big worry, as I imagine most larger organisations are already on the case, but you do need to be aware of this. To give an example, if you use MailChimp or Mailerlite for your newsletter, you need to confirm they are GDPR compliant. The same goes for any other third party you are involved with.
I hope this has helped you to take some steps towards becoming GDPR compliant. If you’re still unsure, the two blogs given at the beginning go into much more detail. They are a thorough guide for what you need to know, and what you can do. Doing these things does not ensure you are entirely compliant with GDPR. As my blog may not have all the same, or as many features as yours, I would again recommend doing your own research. However, I wanted to share some of the resources I discovered to get me on the right track!
Good luck becoming GDPR compliant!