Take 4 steps towards GDPR compliance today!

Take 4 steps towards GDPR compliance today!

I’ve seen a lot of people stressing about GDPR compliance, and rightly so. It’s a big thing! With just over a week to go until the new laws come into effect, it seems there is a big push for bloggers to get themselves sorted out.

As you will know if you follow me on Twitter, I gave myself a migraine and had to take a four-hour nap because I got myself so wound up about it. I’m not very good with this sort of thing. Had I known about GDPR looming back in April, it probably would have been enough to put me off blogging to begin with! Never fear, I’m going to save you all the hassle and put my suffering to good use and use it to help you!

A few things before we start:

I’m not going to get into GDPR and what it is because I wouldn’t have a clue what I’m talking about. I’m not a lawyer. Despite reading about it on several different occasions, I still don’t understand it enough to be able to explain it. Thankfully, other bloggers have taken care of that, so you can read their posts here and here. I do recommend taking a look at those posts to get the gist of what you need to know. However, I think most of us are more concerned with what it is we need to do, rather than understanding every detail of GDPR.

As I use WordPress for my blog, that is what this post is based on. I do not have experience with other blogging sites and, sadly, cannot offer much help. I imagine some of the basic principles are the same, and you can still use it for guidance. If not, search for “GDPR” in Pinterest – lots of blog posts come up, and there’s bound to be something in there to help you.

What you need to know is that it affects you, and you need to do something about it. It doesn’t matter if you are outside of the EU. If you have visitors to your site from the EU, you need to be compliant. You are still gathering their data, even if that’s simply in the form of cookies and information for Google Analytics.

First up, you need a list.

If you’ve read the blogs I suggested, you may have seen they both suggest making a list of the ways in which you gather data. This will make things much easier when it comes to doing the next step. So, do you have a contact form? Write it down. Can people enter their name and email address to subscribe to your newsletter? Make a note! Do you use Google Analytics? Get that on there, too.

Anything and everything which gathers information from your visitors, make a note of it. You may not need it all, but it’s more than likely you will.

While doing this, assess if everything is absolutely necessary. Part of the GDPR law is that you can’t gather information which isn’t relevant to the needs. So, say you are using a contact form, you need to ask for the minimum amount of personal information you can. This is probably name and email address. Double check the data you are gathering is essential to do the job and if not, get rid of it.

Next, meet your new best friend: Iubenda.

Here’s the thing, I went through so many privacy policy websites, but I didn’t feel like any gave me EXACTLY what I needed. It seemed like they were asking me questions which I didn’t really know the answer to. I just needed something simple! Along came Iubenda to answer all my prayers.

Iubenda Privacy Policy

As you can see from the image above, Iubenda enables you to select the plugins, services and affiliates you use and generates your policy from there. (See why your list comes in handy now?) You can see on the right-hand side some of the things I have selected, like Awin and Google Analytics. There is a free version, but you can only add 5 services. Plus, as you can see, some services are only available on the pro, paid for service. I used the one-off license service which was $27 (roughly £22) for one year because I wanted to make sure I could include everything I needed to. I was happy to pay the fee to save myself the stress of trying to figure out everything by myself. Here’s mine, if you want to take a look at what it’s like when it’s all set up.

The good thing about getting your privacy policy through Iubenda is they can update if there are any changes to the law. You embed the policy on your site, and they take care of the rest. The only other thing you need to do is add any additional services when you add them to your site. For example, I plan on setting up a mailing list in the near future so I will need to make sure I include whichever service I choose (such as MailChimp or Mailerlite.)

With Iubenda, you also get a cookie policy. So, that’s two things sorted right off the bat! On the subject of policies, make sure you have a disclosure policy, too. You need this if you ever include affiliate links or sponsored posts. This doesn’t have to be as detailed as the others, but it does need to exist in some way!

Of course, you may not want to splash the cash on Iubenda, and you can easily Google and find other privacy policy generators. Of all the ones I came across, this was the one with the least hassle. I’d definitely consider it if you’re having trouble with the other options. But, keep reading, as one of the upcoming plugins can generate a privacy policy for you, so that’s another option!

Plugins are lifesavers.

Cookie Plugins

Cookies:

As part of the new laws, you need to inform visitors you will be collecting cookies and this is not allowed to go ahead until they have approved this.

I was fortunate that pipdig provided a cookies banner plugin to accompany my theme. So, visitors to my site can confirm their use of cookies by clicking to say they approve of cookies being used. I don’t know if this plugin is only compatible with pipdig themes, or if anyone can use it. The good news is you can just search the plugins for ” cookies” and there are quite a few which come up. As I haven’t needed to use these myself, I couldn’t recommend one. However, I always look at the ratings when choosing a plugin. Stick to the ones with 4-5 stars!

Privacy Policy Consent

Consent:

Visitors MUST be able to give their consent to you collecting their information. So, you need tick boxes. I used The GDPR Framework plugin to help enable tick boxes on my comments and contact forms. This plugin also had a great installation wizard and – as I promised – it will generate a privacy policy for you if you need one. This is the privacy policy I was using before I discovered Iubenda. The main reason I switched was that I wanted something more comprehensive. That’s just my nature, but you might find the GDPR framework one is more than adequate.

Installing this plugin also enables your visitors to have more control over their data. This is another key part of the new GDPR laws. Visitors need to be able to find out what data is being stored, and have the ability to withdraw it. This plugin takes care of that by giving you a privacy tools page which looks like this.

You need to get consent from new and old visitors alike. Someone could have been involved with your blogging journey right from the go, they could have subscribed to your newsletter two years ago, it doesn’t matter. You need to ensure they are happy for you to have their data and to continue using it!

Https exists for a reason.

If you’re not already aware, “https” rather than “http” means you have an SSL certificate and your site is secure. This is another important feature for GDPR. As you can imagine, security is highly important when you are gathering personal data.

As I am self-hosted with SiteGround, they gave me the ability to enable this option. If you are also using SiteGround, here’s a handy guide for how to take care of it.

However, if you use another hosting service, you may be able to get it free through them, too. Alternatively, you may have to purchase it. I’d recommend contacting them to find out what your options are.

Speaking of contacting others…

YOU are responsible for ensuring the services you use are also GDPR compliant. For the most part, this shouldn’t be a big worry, as I imagine most larger organisations are already on the case, but you do need to be aware of this. To give an example, if you use MailChimp or Mailerlite for your newsletter, you need to confirm they are GDPR compliant. The same goes for any other third party you are involved with.

I hope this has helped you to take some steps towards becoming GDPR compliant. If you’re still unsure, the two blogs given at the beginning go into much more detail. They are a thorough guide for what you need to know, and what you can do. Doing these things does not ensure you are entirely compliant with GDPR. As my blog may not have all the same, or as many features as yours, I would again recommend doing your own research. However, I wanted to share some of the resources I discovered to get me on the right track!

Good luck becoming GDPR compliant!

4 steps to take towards GDPR compliance

Is your blog GDPR compliant
Take 4 steps towards GDPR compliance today

14 Comments

  1. 17th May 2018 / 2:35 pm

    Oh, GDPR! I found myself over doubling up on things just to be safe!

    Where in pipdig did you find the cookie pop-up option? I used a separate plug-in : /

    I think as it gets closer, and as we begin to go through this, developers will step up their plug-in and compliance game to help bloggers.

    • ruthinrevolt
      Author
      17th May 2018 / 2:44 pm

      Yeah, it was a separate plugin too – sorry, I didn’t make it very clear!

      I completely agree. I think it’s only so stressful now because nobody really seems to know what they’re doing but more and more things will be introduced to help, I’m sure!

  2. 18th May 2018 / 11:01 am

    Thanks for sharing and breaking it down! It’s been so stressful seeing all of the things in the news about it, and I’ve been so unsure what I can actually do to make sure I am compliant. Definitely going to sit down and sort that out later today!

    • ruthinrevolt
      Author
      18th May 2018 / 11:15 am

      No problem at all! Good luck 🙂

  3. 18th May 2018 / 11:04 am

    Great article! Thank you 🙂

    • ruthinrevolt
      Author
      18th May 2018 / 11:15 am

      You’re very welcome! 🙂

  4. 18th May 2018 / 3:57 pm

    Thank-you for simplifying things, great post! I hadn’t read too much about this yet so time to make a couple adjustments;)

    • ruthinrevolt
      Author
      18th May 2018 / 4:24 pm

      You’re welcome! Good luck getting set up 🙂

  5. 19th May 2018 / 12:42 pm

    I think I need some help on this. My site isn’t self hosted/hosted nor do I own a domain name. We don’t use contact forms, only the comment function that WordPress adds in. I also am not aware of any plug ins (except jetpack?? I think that’s part of wordpress’ parcel) so – I’m not aware personally of any way in which I collect anyone’s data. We don’t have a newsletter or anything either.

    Sooooo what would I need to do?! Eep! I’m not very well educated on this side of things 😭😭😭

    • ruthinrevolt
      Author
      19th May 2018 / 12:57 pm

      Based on that, I don’t know if you’d need to do much! Especially as you’re not collecting data. It could be worth contacting WordPress or having a look on Google to see if anyone else is in the same situation and what they’re doing.

      The only thing you’d need to do is ensure WordPress is GDPR compliant (which I’m pretty confident they are!)

  6. 23rd May 2018 / 8:07 pm

    Very helpful post, thank you! I wrote a post about the GDPR too, but at the time I hadn’t found any helpful plugins. I have a privacy policy already. I just need to work on the tick boxes. Cookies are also a bit sensitive, from what I understand, users need to know if you use analytics and cookies for ads or whatever else so they can reject those. Aside from blogging I also work for an IT company and everyone is going crazy with the GDPR this week (that’s also where I learned the bit about the cookies). I mean, we’ve only known about it for 2 years, of course we’re all gonna freak out about it 2 days before its enforcement. Sorry, rant over 🙂 Like I said, super helpful blog post.

    • ruthinrevolt
      Author
      23rd May 2018 / 8:27 pm

      Ah, I didn’t actually know that about cookies so that’s a handy tip! Thanks for sharing! 🙂 Oh, I think that’s what a lot of people have done – just waited until now, as if it was going to disappear or something!

  7. 19th June 2018 / 11:26 am

    Hi Ruth,

    That’s an amazing post! I’m so flattered for a backlink to my own post on the GDPR coming from such a detailed and insightful post!

    You’ve said it loud and clear that you’re not a lawyer but trust me, you know more than some lawyers out there who are still trying to grasp the GDPR lol

    The GDPR is quite complex but you were able to outline the first steps towards compliance in such a thorough and easy-to-understand way!

    I particularly like your advice on making a list of all the ways you gather data. It’s what I call information audit and it can be extremely helpful in view of full compliance but most people mistakenly overlook/skip it.

    I really like your blog in general and will surely return to read more from you!

    Thanks for linking to my post, appreciated! 🙂

    • ruthinrevolt
      Author
      19th June 2018 / 1:48 pm

      Thank you so much for such a lovely comment!

      Your post was amazing. Of all the information I trawled through when I was trying to figure it out, yours was, by far, the most detailed yet straight-forward of the bunch! It helped me a great deal in understanding what I needed to do and ways I could go about achieving it. I think I was teetering on the edge of tearing my hair out and there it was to save the day! Thank you for putting your time and energy into creating it – I can assure you, it was very much appreciated on my end (and I imagine by others who came across it!).

      Keep up the good work, and thank you again. 🙂

Leave a Reply

Your email address will not be published. Required fields are marked *