A Blogger’s Guide to Comply with GDPR: How to Save your Ass?

I bet you have got tired of getting Privacy Policy update emails from different companies, both big and small, that even includes the giants Google and Facebook, over the last few weeks. So, when so many companies are updating their privacy policies and notifying their customers, it means some big update has struck the internet.

Yeah, it is, and the update is GDPR.

The full form of GDPR is General Data Protection Regulation. It is a regulation in European law that protects all European individuals under Data Protection and Privacy. It aims to give more control of privacy to the citizens of European Countries over their personal data. That’s all.

GDPR is quite a simple term to be honest if you break it down word by word. But, even in its simplicity, it has laid down some basic rules that had shaken the internet. Not only European countries, but it affected the whole internet globally.

So, why is GDPR trending these days? Let’s try to find out.

YOU MAY ALSO LIKE: [COUPON] Get 3 Months Google Play Music Subscription FREE

Basics of GDPR:

Like I said above, GDPR is all about protecting User Information, and privacy of the personal data. If you as an organization is collecting any personal data (see ‘what is personal data’ section below) of any European Individual, then you need to comply with GDPR.

Q: What is meant by ‘Personal Data’?

Ans: Any identifiable information about an individual. It can include Name, Address, Email ID, Mobile Number, Photo, Social Networking, or even IP Address.

Q: Who are all affected by GDPR?

Ans: Any company located within the European territory and any company located outside European territory having customers from the European territory and collects Personal Data of European individuals.

Q: What happens if I don’t comply with the GDPR Laws and get caught?

Ans: €20 Million or 4% of your annual income, whichever is higher.

YOU MAY ALSO LIKE: ResellerClub Web Hosting Review [Exclusive 40% Off Coupon Included]

GDPR for Bloggers:

I guess by now you have got an overview of what is GDPR and whom it affects. So, you have probably figured it out that as a Blogger, it affects you too! Yes, you are required to comply with GDPR.

Well, you might say I don’t have any European Traffic, will I still need to comply?

Ans: The answer is still yes, because, you haven’t got any European Traffic does not mean you won’t get any in future. Someday or the other a European individual might land on your blog randomly. So, you need to keep yourself GDPR compliant so that you don’t face any issues anytime later.

Q: What are the necessary declarations for complying with GDPR?

Ans: An organization complying with GDPR should declare the following:

  • Introduce the organization, the owner(s), and the registered address to the Customer
  • Mention the Personal Data collected and State the reason why
  • Mention Whether the collected Personal Data is shared with any third party or not. If yes, then mention the names of those parties.
  • Mention the duration until which the Personal Data is Stored with the Organization
  • Mention the Customer’s rights over the Personal Data, and how they can opt out and revoke the organization from keeping the Personal Data. (Like, unsubscribing to newsletters)
  • Mention How the Personal Data is processed, whether any other parties are involved. (Like MailChimp storing Email ids)
  • Mention How the Organization protects the collected Personal Data and the measures taken to prevent a Data Breach.
  • Mention the third parties that provide Personal Data.
  • Mention whether you keep cookies and how you use them to personalize the experience.
  • Ensure that the website is secure with HTTPS if not, the reason why the organization doesn’t need an SSL.

YOU MAY ALSO LIKE: 70+ WPMUDEV Premium Plugins + Themes FREE Download

Create GDPR Compliant Privacy Policy:

As a Blogger, the first thing you need to do is update your Privacy Policy with the points I mentioned above.

Luckily for you, a number of websites can help you write a privacy policy by providing you a pre-written format. You just have to edit specific parts from it and you are done.

I am mentioning a few links below, visit them and choose the one you find better.

Well, you might notice something, that some specific elements of the privacy policy are not free and might need you to subscribe to their premium services to get the complete privacy policy. But, if you are really serious about your online business then I will recommend you to pay up and get a GDPR compliant privacy policy.

In case you are hitting a dead end, then don’t lose hope. WordPress has recently added a Privacy Policy Help Page inside your Blog Settings, that will help you understand the different elements of Privacy Policy and even help you create one. It is available in your WordPress Dashboard > Settings > Privacy. Go check it out.

I don’t recommend using Plugins for everything, especially for just adding one Privacy Policy, but if you choose to go that way, then here are a few Privacy Policy Plugins that you can try. However, do note that it is unnecessary since all you need is just a GDPR compliant Privacy Policy Page, and adding a new Plugin will just increase the resources of your website.

Anyways, here you go:

YOU MAY ALSO LIKE: Guide: How to Create a Verified PayPal Account for India?

Review Data Processing Amendment on Google Analytics:

As a blogger, you must be using Google Analytics to track your user activity on your blog. In that case, you need to review and accept the Data Processing Amendment in your Google Analytics settings. This Data Processing Terms are meant for businesses and organizations having customers from European territory. As usual, you need to accept them even if you are not from European territory.

To review the Data Processing Amendment, Login to your Google Analytics and Click on Admin on the Left Menu.

The Admin interface will load. Choose your Account and click Account Settings. If you have multiple accounts, then do it one by one.

The setting will load in the right. Scroll down a bit. You will find the Data Processing Amendment area.

Blogger's Guide to GDPR: How to Save your Ass?

 

Click Review Amendment Button.

A popup will load with the Data Processing Terms. Read it (I know you won’t :p) and Accept.

Blogger's Guide to GDPR: How to Save your Ass?

One final step: Don’t forget to Save your Settings. Click Save.

Blogger's Guide to GDPR: How to Save your Ass?

Well, if you have multiple accounts, make sure to do this for every account that needs to comply with GDPR.

YOU MAY ALSO LIKE: Ivacy VPN Review: 2$/Mo Premium VPN Deal with No Browsing Logs

Comply with EU User Content Policy on Google AdSense:

If you are showing Google Ads to visitors from European region, then you need to comply with EU User Content Policy on Google AdSense and choose whether Google should display personalized ads or non-personalized ads to those visitors.

In case you are storing Personal Information such as cookies etc to load personalized ads for them, you need to declare the same in your Privacy Policy.

At first, Login to Google AdSense and Click on Allow and Block Ads on the Left Menu. Then click All my Sites.

A list of columns or tabs will load on top. EU User Content Tab will be on the extreme right. Click on it.

Now you need to select the type of ads you want to show your EU Visitors. Choose from personalized and non-personalized ads. Remember to declare the same in your Privacy Policy for both the cases.

Blogger's Guide to GDPR: How to Save your Ass?

If you ask me which option to choose, I will say to choose Personalized Ads, as it will help you generate more revenue, as the ads will be more relevant. But choosing non-personalized ads won’t affect your blog anyway, and is less complicated. Now it is up to you. Remember to read everything before accepting anything.

Click Save Changes when you are done. Sometimes, you might find that the Save Changes button is disabled, it means the setting you are trying to apply is already pre-applied, and you don’t need to do anything.

You are done here.

YOU MAY ALSO LIKE: PageSpeed Optimization Checklist: How to Load your Site under 3 secs?

Create GDPR Compliant Email Optin Forms:

Now that your Website is GDPR Compliant, you need to make sure every new subscriber you get is already GDPR Compliant.

You must be using Email Optin Forms (like Bloom) to collect Personal Information. You need to update them to make them GDPR Compliant. For that, you need to do two things.

Firstly, Use Double Opt-ins, that is, after someone subscribes, send them another email and ask to confirm. In that email, Take their Consent of Agreeing with the Privacy Policy of your Website. Add up a line like By Subscribing to our Newsletter, you Agree to our GDPR Compliant Privacy Policy

So, in this way, any new subscriber who is signing up for your newsletters are giving their consent for the same.

Secondly, Link your Privacy Policy page to your Optin Form, so that visitors can read your Privacy Policy before subscribing.

Note: If you don’t collect emails and don’t have any email opt-in forms, then you need not do anything. Skip this.

YOU MAY ALSO LIKE: Best WordPress Web Hosting 2018: Compared & Reviewed

Send a Newsletter to all your Existing Subscribers [IMPORTANT]:

One final but important step remains, this is to notify all your existing subscribers about the recent privacy policy changes you made and take their consent. (This last part of TAKING THEIR CONSENT IS IMPORTANT)

Just like other companies are informing you about the changes they implemented in their Privacy Policies, you need to do the same for your blog.

So, send a Newsletter to all your subscribers using whatever Email Software you use. MailChimp is quite a good option to send Free Newsletters to up to 2000 subscribers. Check this article on How to send a Newsletter with MailChimp.

Now, coming into the taking consent part.

It sucks to say, but, you need to take consent of each of your existing EU Subscribers to accept your privacy policy.

It is a bit complicated but there is a workaround.

In the Newsletter, you can link to a Google Form and ask your subscribers to Accept or Decline it. If they Decline, then you should redirect them to Unsubscribe from Newsletters Page. If you collect any other personal information like Phone Number, Address, then you have to respect the user’s choice and remove them from your database too, once they unsubscribes.

Another alternative is to add an Accept and Decline button on your Privacy Policy page, just below the text. Now, in the newsletter, ask your subscribers to log in to your website and accept (or decline) your privacy policy. In case they decline, redirect them to Unsubscribe from Newsletters Page.

Don’t worry about getting people who Decline your Privacy Policy. Firstly because it is all about being transparent. And secondly, those who are caring to open your email will definitely accept your policy. If they don’t, they won’t even care to open your email. Coming to that part below.

Now you might get users who don’t choose any option. This can happen due to a number of reasons.

Firstly, your subscriber might not have opened your mail at all. Do you open every email you receive? No, right. Same thing with your subscriber. Also, it might be that your email landed their spam folder and remained unnoticed.

Secondly, your subscriber may choose not to respond to your email.

Generally speaking, unless you have a community of loyal followers, most of your existing users won’t be responding by default. But, you need to take their consent by law. So, what to do in this case?

A number of things can be done, solely at your own discretion.

YOU MAY ALSO LIKE: AdSense Publisher Meet: Exclusive SEO Strategies Explained by Google

Case 1: You have too many subscribers, and/or you send one or more than one email a week

Choose a Date, say one month from now, and remind your subscribers via every newsletter email that they need to accept your privacy policy within a month of getting this email to keep getting newsletters, else will be unsubscribed.

In one month, you will be sending 4 emails or more, so they should definitely reach your subscribers. If anyone still doesn’t respond, it means either the subscriber is not interested in getting your newsletters (hence not taking action), or have already moved your email to the spam folder. In either of the cases, it is safe to unsubscribe them.

If your subscriber cares about your emails, then he or she will definitely take action.

Case 2: You don’t have too many subscribers, and/or you send emails occasionally

Keep sending emails, but in each email, remind them to accept your new privacy policy. And include a distinct Unsubscribe button in your email that is clearly noticeable.

Note that, ideally you should not serve emails to people who haven’t given their consent. But since your list is very small, and you don’t send emails that much, you may choose to continue at your own discretion. But always note that you are actually not fully complying with the rules of GDPR.

Now, the sense of having a big or small subscriber list, I leave it up to you.

Note: If you don’t collect emails and don’t have any email opt-in forms, then you need not do anything. Skip this.

YOU MAY ALSO LIKE: How to Control Internet and Social Network Addiction?

Last Words:

Well, the most important part of GDPR is to maintain a transparent privacy policy declaring everything in a neat manner. So, if you ask me frankly, I will say write it up yourself.

Just because you got a pre-written privacy policy template from third parties doesn’t mean you should just copy and paste it into your blog. Nope. You need to read each and every aspect of the Policy and see which one of them applies to your website and modify them accordingly. Copy-pasting will do more harm than good.

Anyways I won’t make this post any longer. Thank You for reading this Blogger’s Guide to GDPR. If you have further queries you can always drop a comment below and I will try my best to assist you.

And don’t forget to share this article with your fellow bloggers so that they can all become GDPR compliant.

That’s all for now. I will be back soon with another important update. Till then, stay tuned!

Nirmal Sarkar is a BTech Engineering Student from the city of Joy, Kolkata. He is a part time blogger, and likes to write web articles on Android Stuffs and latest Freebies.

2 Comments
  1. HI Nirmal,

    Great article. I must say you’ve done a great job processing all these information into a single post. Here is what I think you missed:

    1) You need to keep a record of date and other details when a person subscribe to you. Like date, page of signup etc.

    2) You need to have a checkbox (not written you agree to privacy policy) for freebies/content upgrades where users need to click (it cannot be pre-checked) to get your newsletters or other promo emails when they download the freebie or simply
    write it in the subscription form that they will get newsletter and additional things along with the freebie.

    3) For even keeping the comment boxes filled with personal info like email or name, you need consent in the form of a check box.

    Here are some more thorough resources, I think you might want to check out and add details here:

    http://www.wpbeginner.com/beginners-guide/the-ultimate-guide-to-wordpress-and-gdpr-compliance-everything-you-need-to-know/
    http://www.wpbeginner.com/plugins/how-to-create-gdpr-compliant-forms-in-wordpress/
    https://thrivethemes.com/gdpr-for-email-marketing/

    Leave a reply

    WordPress Security