GDPR for Bloggers

GDPR, GDPR for bloggers, for bloggers, depepi, depepi.com

Today I’m sharing what I discovered about the GDPR for bloggers. However, these are my personal interpretations. You should also do your research and arrive at your conclusions. Please, don’t take my opinions as the guideline to make your own decisions.

So, what’s the GDPR? It’s the General Data Protection Regulations that are coming into effect on May 25. They’re replacing the old Data Protection Act of 1998 in the UK and the EU. The aim is to protect the individuals’ personal data appropriately. But, what does that mean for bloggers? Do we need to freak out and start running amok burning everything? Maybe, if you have a huge Newsletter with info from EU and UK nationals. (So, no matter where you are, if you gather UK or EU info, you should take a look at this law!)

facepalm, spn, supernatural, dean winchester, how not to write fanmail, fandom, depepi, depepi.com, fantail

Even if you are a blogger with no newsletter, your blog might be using cookies. And because of that, you should take a look at the GDPR. Although most of it will be in connection with lists and newsletters, and what type and how you can gather data, having none doesn’t mean that you aren’t using any data at all. Google Analytics and Jetpack are using cookies. So, if you track data to know how good your blog is doing, you need to keep reading.

If you have a newsletter, start forgetting the auto-opt-in. If your comments have an option that says “subscribe to Newsletter,” and most of the times it’s already checked out. So, many people forget to check it, so they’re not subscribing to the newsletter. With the GDPR this is unlawful since this law requires explicit consent.

To make it work properly, you need a form that has unchecked boxes of what the user can do. For example, to opt-in. Then, they should get an email to confirm that they agree in receiving the newsletter. If you use MailChimp, this is pretty straightforward (and they already have GDPR compliant forms to help you.)

GDPR, GDPR for bloggers, for bloggers, depepi, depepi.com
Notice the sections of this form. [If you click on the image you can see the form and if you wish, you can subscribe 🙂 ]

It’s also a good idea to tell about everything about your newsletter. In my case, the general newsletter follows what the blog does. If I want to do something else, then I’ll need to create a new list and ask for explicit consent all over again. Make it clear that users can unsubscribe at any moment, or if they’re unsure of how to do so, they can contact you, and you’ll help them to unsubscribe. MailChimp is pretty straightforward in that matter.

It’s also a good idea to have a privacy policy. You can take a look at mine here. It should contain everything you do, including giveaways. Yup, giveaways also gather data. So, from May 25, consider being very clear about the conditions when you do a giveaway. You should only use the data you gather for the purpose of the giveaway. If you want people to agree on something else, you need their explicit consent for that. You can’t share the data you got from the giveaway with a brand, even if they promote you. The only thing you can do is to share the name of the winner and their data if the brand is to send something to them. Sharing data isn’t allowed unless necessary to retrieve the prize.

When you do a giveaway, usually the user is entering into it with you and not with the brand. That’s why you cannot share their data with the brand. If the brand wants their data, they have to give explicit consent to the brand and not to you.

limitless, netflix, depepi, limitless show, depepi.com, netflix & chill

Don’t move data from one list to another. Say that you have a general newsletter like me. Say that you want to do something else that’s not included in the general newsletter. Then you should create a new list. However, you can’t just move all the contacts from the general newsletter to the new one. You need explicit consent from those contacts! So, the best you can do is to create a brand new list from zero.

If you rebrand your blog, make it clear to your existing lists. Even if the GDPR doesn’t specify this, it’s a good idea to use a transparency policy on the things you do and why. Otherwise, you will have many problems in the future.

So, what if you’re a blogger that hosts no competitions and has no newsletters? Well, cookies are still out there. There are different types of cookies. The one that helps the user to have a great experience with your blog are unavoidable. Then, you have analytics cookies. At any case, these cookies can be disabled and erased on the settings of the user’s browser. It’s a good idea to explain that in your privacy policy. Even if you only tell what cookies are and how you can disable them, it’s a good thing to explain that to your users.

And then, we have to talk about comments. Believe it or not, you gather specific data through comments. Depending on what service you use for comments, you’re collecting some sort of data. So, it’s also a good idea to specify what you’re using for comments, and how users can erase those comments. If they have no means to do so on their own, please provide a way for them to do so.

The GDPR is all about privacy rights. It means that people have the right to access, modify and erase their data. And that includes comments. If someone commented on your blog, and now they want to delete that comment, they need to have a way to do so. Provide a contact form or an email where they can contact you. Remember to ask them the link where you can find their comments; otherwise, it’s going to be a nightmare to comply with the law.

Users have the right to be forgotten, so, you need to provide the means for them to quickly do so. Even if you have no newsletter or you gather no info, but if you do allow comments, consider the ways on how your audience can be forgotten entirely from your site.

fandom friday, fandom, geek anthropology, pop culture, depepi.com

I know this is difficult, but if I were you, I’d give it a thought. Take a look at the GDPR and see what you need to do to have your blog comply with these new privacy regulations (even if you’re in the US!)

Here you have a quick checklist:

  • Do you gather any data from your readers? Your blog uses cookies for good experience navigating (so yup). But also, do you use analytics? If yes, then you’re using analytics cookies. Do you have a newsletter? What data do you gather? What is the purpose of your list(s)?
  • Can your audience comment on your blog? What comment platform do you use? Does your audience automatically subscribe to a list when they comment on your blog?
  • Do you use affiliate links? Do you do giveaways on your blog? What platform do you use to make those giveaways?
  • If you have a newsletter, is it clear how your users can easily unsubscribe from it?

Remember, this is only the way I interpreted these regulations. Now, take your time and take a look at the GDPR and create a privacy policy for your blog if necessary. Even if you don’t need one, I recommend you to have a page with a simple guide of what you do, and if you gather any data or allow comments, what happens with those and how your audience can easily contact you.


Copyright: Top image on this post (C) depepi.com / Memes & Gifs (C) by their owners.

Note: These are my personal interpretations and as such should be used as opinon only and not relied upon. You should also do your research and arrive at your conclusions. Please, don’t take my opinions as the guideline to make your own decisions about how to apply the GDPR.

About pepi

A Geek Girl interested in Geek Anthropology, comic books, books, Superheroes and discovering all about pop culture.

View all posts by pepi →