GDPR and blogging is a topic definitely worth visiting this year because GDPR is coming into force.
It could have an impact in the way that you blog or conduct your blogging activities. Its a topic that’s coming up more regularly at work and it’s something that I, myself need to address at one point or another. I suspect that there are some other bloggers out there that should probably address GDPR as well, so I hope you find the info below useful at least as a starting point.
OK – so before I go any further about GDPR and blogging can I remind you that I am by no means a lawyer, and if you are concerned about GDPR and the running of your website, you should seek advice from a legal professional.
I’m simply outlining how I’m choosing to tackle GDPR with some of the technology that I use for Carrot Tops.
What is GDPR
The General Data Protection Regulation (GDPR) is a piece of EU legislation that comes into force at the end of May 2018 and is aimed at bringing the UK’s Data Protection Act into the 21st Century, addressing data consent and transparency on the web.
GDPR is a vast piece of legislation entailing how users’ give their consent when interacting with your website/app in terms of supplying data (sensitive information, location, cookies…etc) and how that data is protected. This piece of legislation covers a lot of ground – and puts the responsibility of managing and processing data onto the website owner or manager.
Essential it covers consent and transparency when it comes to handling your users’ data whether you control data or process data.
I know what you’re thinking… We’re in the midst of Brexit… GDPR won’t apply. Well, it will, the Queen announced that this legislation will replace UK Data Protection law after Brexit.
Does GDPR and blogging relate to me?
If you’re thinking about GDPR and blogging then chances are – Yes. GDPR applies if users’ can…
- Leave comments
- Contact you via form
- Subscribe to a newsletter
- Subscribe to latest posts
- Purchase from an online shop
- Filling out a poll or a survey
- Interacting with any form for any purpose
I’m guessing as a blogger, the top two are pretty important…
How GDPR applies to my blog and yours too
When it comes to website, I’m asking the following questions…
- Where are the servers of my website hosted?
- Do I have a reputable hosting provider?
- Is all of the software I use (WordPress) up to date?
- Are there any holes in security or risks? (You can probably liaise with your hosting provider for this information if you’re at a loss)
When it comes to my users’ data I’m asking these questions…
- Have you got explicit permission from a user to obtain their information? For example, have they ticked a box stating something along the lines of “I consent to my submitted data being collected and stored”.
- Am I sharing information with third parties, do they know and have they given permission? The above could then change to the following – “I consent to my submitted data being collected, stored and (can/cannot) be shared”.
- What are the risks involved in storing that data (hacking, unauthorised email access…etc)?
- How long am I storing that data for, and why do I need it for that long?
- What measures are in place should the storage of that data become compromised?
GDPR and MailChimp
If you’re using MailChimp’s own sign up form then MailChimp will store permission data in case you need it in the future. That said, for belts and braces sake you may choose to turn on the double opt-in feature.
If you’re using any other integrations to supply your MailChimp lists, you need to review the terms and conditions of those integrations. You may need to add a required field that asks for permission to process and store the information you’re asking for.
Here’s MailChimp’s take on GDPR and what they’re doing ahead of the change.
GDPR and Gravity Forms
Some bloggers (self included) may be using Gravity Forms to collect contact form entries or newsletter sign ups. By default, Gravity Forms will store these entries in the back end of your website as well as email you those entries – this means that your users’ data is technically being stored in two places, which doubles the risk.
If you choose to store those entries in the back end of your website, you should ask yourself how long you intend to keep those entries for and why. Should your website get hacked, and the data is then compromised, you need to have a reason as to why you were storing that data. If you’ve no reason for that data then it should be deleted.
Along with providing permission to collect data, GDPR requires that users are able to request access to their data and have it removed if requested.
Here’s Gravity Forms take on GDPR.
GDPR and WordPress
If you’re hosting a WordPress installation yourself, catering for GDPR is down to you. I’ve started using this WP GDPR plugin to help me tick as many boxes as possible. It’s actually really easy to configure and it address your comments section at the click of a button. If you’re using WordPress.com – it’s best to bookmark this link and follow the updates as they’re posted.
GDPR and Blogger / Blogspot
There’s not alot online about how GDPR will impact bloggers who use blogger.com – but I did find this official GDPR statement from Google (the people who own blogger) on what they’re going to do about GDPR. It’s worth a read.
GDPR and Google Analytics
As of January 2018 personal data is classed as any piece of data that you could use to identify or re-identify an individual. The cookies that Google Analytics use for tracking are anonymous, and you’re not allowed to store personal date inside of Google Analytics anyway.
This means at the time of writing this article, no one knows how GDPR will impact how you track your users via Google Analytics.
It’s unlikely that bloggers will ever have to address what I’m about to say, but just so that you know usernames, passwords, post/zip codes, phone numbers and email addresses or anything identifiable should not be present in any of your URL’s as these will be picked up by Google Analytics.
Remember, anything identifiable should not be appearing in your stats.
What if I’m non-GDPR compliant
Non-compliance with the GDPR can result in enormous financial penalties. Sanctions for non-compliance can be as high as 20 Million Euros or 4% of global annual turnover, whichever is higher.
OK, that’s the frightening bit when it comes to GDPR and blogging over. It’s my own personal opinion that GDPR inspectors will be going for the big fish when it comes to GDPR compliance.
That concludes tonight’s lesson on GDPR and blogging that I think it will be relevant as we go through 2018. I’ll keep this article as up to date as I can as the year goes on.
If there’s any questions about GDPR and blogging or anything you would like to add – please comment below… And don’t forget to hit that consent button 😉