Is Your Blog GDPR Compliant?

GDPR, which stands for General Data Protection Regulation, is a law covering data protection and privacy for all individuals within the European Union (EU), the European Economic Area (EEA) and also the export of personal data outside the EU and EEA areas.

Although the GDPR regulation was implemented on May 25th, 2018, I’ve seen many blogs that are NOT GDPR compliant.

My guess is that bloggers outside the EU simply assume that they don’t need to be GDPR compliant.

Those bloggers would be wrong.

GDPR compliance is required of any blog that has visitors from European Union countries.

[adinserter block=”3″]It doesn’t matter whether or not your blog collects user data or if you sell products on your blog; if your site uses cookies (which it does), you are liable for GDPR.

Here are just some of the ways in which you may be collecting user data that you might not have considered.

  • Visitors are allowed to subscribe to your WordPress blog.
  • Site visitors are allowed to post comments on your WordPress blog.
  • You collect names and email addresses through Aweber or other autoresponder service.
  • Your blog has a forum or bulletin board.
  • Google Analytics has been installed to track traffic and audience behavior.
  • Any type of social media embed, i.e. Facebook, LinkedIn, Twitter, etc.

At the very least, you should be building an email list and tracking visitors to your blog with Google Analytics!

What happens if your site in not GDPR compliant?

Violators of the GDPR may be fined up to €20 million or up to 4% of their annual revenue, whichever is greater.

OK, while it’s unlikely that you’ll be fined €20 million (about $22.66 million US) tomorrow, wouldn’t it put your mind at ease to simply comply and avoid risking a fine?

Moreover, if you comply with GDPR and that compliance to protect visitor data is obvious from the moment a visitor arrives on your website, you’ve established an element of trust right from the outset!

How to make your blog GDPR compliant

To be GDPR compliant, your blog must clearly disclose any data collection and the reasons for that data collection. It must also state how long the data will be retained and if it is shared with third parties outside the EEA.

That might sound difficult to figure out and do, but it’s actually very simple.

First, you’ll need a Privacy Policy page. If you haven’t already created one, WordPress can help you set one up. Just go to Settings > Privacy in your WordPress Administration panel, and at the bottom of the page, you’ll see the following paragraph:

Need help putting together your new Privacy Policy page? Check out our guide for recommendations on what content to include, along with policies suggested by your plugins and theme.

‘Check out our guide’ will be linked to suggested text for your privacy policy.

Next, you’ll want to install and a ‘cookie consent’ plugin. That plugin makes it easy for your visitors to see and accept your blog’s tracking cookies and other terms of use. I installed the GDPR Cookie Consent plugin from my WordPress Administration panel.

To customize the look and links, I went through all the tabs and links in the plugin, changing the message that would show up in the cookie bar, chose the colors I wanted and then linked to my Privacy Policy under “Customize Buttons” and the “Read More Link”.

GDPR Cookie Law Plugin Settings

After doing that, all I did was check the site to make sure the plugin was working properly – which it was!

GDPR cookie bar example

NOTE: Simply installing the plugin won’t necessarily make your blog GDPR compliant but it’s a good step in the right direction. For more information about GDPR compliance, check out the following resources:

Did you find this post informative and useful? If so, please share it with others! If you have a comment, question or suggestion, please leave a comment below!


Source link