You’ve probably been receiving a lot of emails lately with businesses updating their privacy policies. This is due to the implementation of a new regulation called the GDPR and yes, GDPR compliance is something you should be concerned about.
To keep things simple, this article is going to cover only what you need to know as a blogger to comply by the new set of rules outlined in the GDPR.
What is GDPR?
GDPR stands for General Data Protection Regulation and it’s being implemented on May 25th, 2018.
Since the old data protection laws were put in place in the 1990’s before technology took over, the GDPR is being enforced now to reflect today’s technology. These new rules will help protect EU citizens and help them keep their privacy by controlling how businesses store, use, and share their data.
If you’re living in a country outside of the EU, you might be wondering why you need to comply with GDPR rules in the first place? It’s because as a blogger, you’ll be reaching out to an audience around the globe which will probably include people inside the EU.
Failure to comply with this new regulation can result in a fine of up to 20 million euros or 4% of your annual turnover, depending on which is higher. You can tell the EU takes privacy very seriously.
How Does the GDPR Affect Bloggers?
1. You need to change the way you collect information
You can do this in two ways: a checkbox on the form itself, or a separate double opt-in email that allows a user to confirm their subscription to your email list.
It doesn’t just affect subscription boxes. There are other ways you might be collecting data:
- user registrations
- comment boxes
- contact forms
- Google Analytics or other analytics tools
If you’re using WordPress, you need to ensure that all plugins that collect data are GDPR compliant.
2. You need to reconfirm your current subscribers under certain conditions
Depending on how you collected your subscriber data in the first place, you might have to reconfirm your current subscribers by having them opt in again.
This is the case if you’ve collected emails without using double opt-in or without having your readers click a checkbox that show they give consent for signing up to your email list.
It might sound frightening to potentially lose subscribers from doing this, but it’s also a great thing because all that you’ll be left with are subscribers who are really interested in your blog and are willing to put the effort to resubscribe.
- What personal information you collect
- How you collect it
- Why you collect it
- How do you use it
- How long you will hold the data
- How you keep the information secure
- Who has access to it
4. You need to keep the data in a safe place
You can choose where you store this data but just make sure it’s in a place of high security and has the appropriate hack-prevention systems in place. If this information gets leaked in any way, you will he held responsible.
5. You need to be prepared to provide or erase information at any given time
If a person in the EU requests that you send them all the information you have about them, you are obligated to do so. Upon request, you have one month to send them that information and you have to do it free of charge.
The same thing applies if an EU person asks that you completely erase all of their information as well.
It’s important that you keep your data in an easily accessible format so that you do either of the above at any given time.
This pretty much covers everything you need to do as a blogger to ensure that you’re GDPR compliant. To learn even more about the new regulations, you can visit the GDPR website.