Is Your Blog GDPR Ready?

It’s been impossible to escape GDPR. (In case you’re unsure of what it is, it’s a new data protection act which for most of us basically means our inboxes are bursting with ‘can we still E-Mail you?’ messages).

What is GDPR?

Okay well that’s GDPR in short, but what about the finite details?

GDPR is set to come in to legislation on the 25th of May this year, so yes that means it is coming in today. Replacing the 20-year strong Data Protection Act that stood before it, the law is set to reach a wide scope of organisations and is said to take a modernised, 21st century approach to data security.

What do I need to know about GDPR?

GDPR applies to personal data, or more so the general protection of it. This applies to any information that can directly (or indirectly) relate to an individual and in any format. The regulation covers a much wider scope of information types than its predecessor and is set to place much stronger controls over this kind of data. The data included is classified into two categories, new features have been bolded.

Personal Data Special Categories of Personal Data
  • Name
  • Address
  • Email address
  • Photo
  • IP address
  • Location data
  • Online behaviour (cookies)
  • Profiling and analytics data
    • Race
    • Religion
    • Political opinions
    • Trade union membership
    • Sexual orientation
    • Health information
  • Biometric data
  • Genetic data

The GDPR will apply to all organisations, including those within the EU. It will be implemented before Britain leave the EU and will remain in place thereafter. The legislation will apply to all businesses, that includes: commercial business, charity or public authority organisations that collect, store and process any of the personal data aforementioned.

The basic principles that the GDPR will cover are:

  • Data protection principles
  • Accountability and governance
  • Data protection by design and default
  • Lawful processing
  • Valid consent
  • Privacy rights of individuals
  • Transparency and privacy notices
  • Data transfers outside of the EU
  • Data security and breach reporting

But this all sounds a bit boring, right? So lets get down to the nitty gritty of what you as a blogger need to do to keep yourself within compliance.

How do you make your blog GDPR compliant?

Feat not because there’s really not that much to worry about as a blogger. The act is more targeted towards bigger business’ and people like me working within PR who retain a lot of personal details such as E-Mail addresses and phone numbers.

There are some things you should do to keep on the safe side though, here’s what I would suggest:

Check your E-Mail subscribers

If you have E-Mail subscribers to your blog then you may want to send out a quick E-Mail checking if they still want to be subscribed. The emphasis is placed on bigger business’ to do this more than bloggers (hence the countless E-Mails you’re bound to have received), but it’s worth being on the safe side.

Update your privacy policy

This one’s for all bloggers, but it’s pretty simple.

It’s worth having an updated privacy policy on your blog. It doesn’t need to be big and bold, as long as it’s there somewhere then you’ve nothing to worry about.

Never written a privacy policy before? Don’t worry, not a lot of people would have. There’ll be plenty of templates on Google.

Review your newsletter

If you send out a newsletter, whether it be weekly, biweekly or monthly – you’ll need to send out one of those E-Mails. It doesn’t need to be long nor complex, you’ll just need to ensure that those who you send out a regular newsletter to are happy for you to continue doing so. You may also want to redirect recipients to your new and updated privacy policy.

Update your host

If you’re on WordPress in particular, make sure you are operating on the latest version. I’m pretty sure the same goes for other hosts such as Blogger or GoDaddy, but if you are unsure – best to contact them directly.

You’ll also need to ensure that your domain is operating under https:// not http://, but most pre-established hosts would have taken care of this already. If your site still starts with http:// then chase this up with your server and ask them to amend.

What if my blog isn’t compliant with GDPR?

Though you should heed GDPR; if you’re finding it hard or don’t have the time then you probably don’t need to worry anyway.

The fines for lack of compliance with GDPR are around 4% of your yearly turnover, so if you’re a non-profitable blog then, (do the maths), you’ll be fined a big fat nothing. If your blog is your business then it is worth investing some time in to being compliant with GDPR. You wouldn’t want to risk compromising your hard earned income.

Disclaimer: I am in no means an expert on GDPR and there very well may be things that I have missed off this guide. I work within the digital industry so I know bits and bobs but don’t take my word as law. This guide is simply for smaller bloggers who are unsure whether they need to update their blog as GDPR comes in, if you are still unsure then please contact a professional who can point you in the right direction.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s