Understanding GDPR and How to Become Complaint
As of May 25, 2018, a law was passed in the EU called General Data Protection Regulation or GDPR. As a new blogger, I gotta be honest, I was freaking out over this, especially since you can get fined up to €20 million euros. I thought I had just gotten the hang of blogging and then I started seeing posts about GDPR all over the place.
*Disclaimer- I want to point out that I am NOT an expert nor am I an attorney. The information I provide here is just my understanding based on research I have done. These are things I have done with my blog to become protected and GDPR compliant. If any information within this post happens to be incorrect or out of date, changes will be made or updated as new information comes available. This post may contain affiliate links which you can read about in my Disclaimer Policy here.
I probably searched for DAYS trying to understand GDPR and if it even applied to me since I live in the U.S. I absolutely just could not understand anything about it. Everything I read was so lawyer-ish. Luckily, in one of the Facebook groups I follow, a member of the group offers an amazing course explaining GDPR in layman’s terms.
So what exactly is GDPR?
Now mind you, I am not a laywer or an expert in GDPR.
Basically under this law, businesses and bloggers in the EU are now required to provide an explanation as to why they are asking for your information, such as name, email, etc and how they store this information. Also, the are required to state how your information will be used and how they will protect it.
Sounds simple enough right? Well, this is where it gets a little tricky.
If you happen to live outside of the EU, the law “technically” doesn’t apply to you. Except… if you happen to get any kind of traffic or business from people who live in the EU, then you are required by this law to be GDPR compliant.
Even though I am still a new blogger, have very little traffic, and live in the U.S., I decided to get a head of the game and make my blog GDPR. I believe it won’t be long before the U.S decides to follow suit.
Also, those lead magnets just about every blogger and website use to get you to sign up now have restrictions. You can still offer freebies and services but you can no longer use that persons information to send them weekly updates or emails about other services you may provide UNLESS they choose to do be opted in. If they sign up for the freebie and nothing else, then you are ONLY allowed to send the freebie and that’s it.
And that’s just a small part of the GDPR law. There is more to it than that but being a blogger, that is probably the biggest change most of us have to get use to.
So how can you become GDPR compliant?
Consent is key here. As I already mentioned, those lead magnets bloggers and websites use now have restrictions. You can still offer lead magnets but the person(s) signing up now have to give FULL consent that they wish to receive more from you than just the freebie. Pre-ticked boxes are no longer allowed. When a user signs up for the freebie, you must give options within the sign up box that ask the user to give consent to receive updates, new information, etc from you. If they do not check any other box other than what they are signing up for, you cannot send them anything else other than that specific service.
Since your blog or website will be collecting information, it is important to make sure your taking special security precautions. Once way to do this is to make sure your blog or website has SSL certification (your web address would be HTTPS instead of HTTP). I host with Siteground and they offer a free SSL certification through their hosting plans. Another way to help protect you blog or webite is to enable double opt-in. Not only does this help reduce bots from spamming your blog but it also helps protect you should you be questioned about a user giving consent.
Those are a couple of things that will help you to get started in making your blog or website GDPR compliant. As I mentioned above, I am not an expert. Most of the information I found was difficult to understand. I believe most of the issue was that because this is something “new” (GDPR was passed in 2016 but not enforced until now), no one really knew how much of an affect it would be.
There are a few sites out there that offer explanations and tutorials out there for free. However, I cannot stress enough how worth it it was to pay for this GDPR course. I understand that it may be crazy to pay for something when you can get it for free. However, the biggest reason I decided to pay for the course was because it was offered by Lucrezia Iapichino who was a lawyer that specialized in EU law.
What will you get from this course?
This is how I made my blog GDPR complaint for now. I plan to make more changes in the future once I get a better handling on blogging more full time. Please understand that there is more to becoming GDPR compliant. What I have listed above are the major things I have done to make the change. I hope this information does help you get started.