Only 15 percent of people feel they have control over the information they provide online according to the European Commission. The hope for this new form of protection is to raise this number for EU citizens.
The GDPR was created in December 2015 and was established to protect the privacy rights of people in the European Union. It enforces the idea that citizens must receive proper data protection online.
Essentially, it is putting in place a uniformed regulation plan throughout all of the EU. This law means users will now have control over their own data that gets shared across the web.
There must be a legal reason why a site is collecting data, and that data must be stored securely. Also, users must be granted the ability to erase their data whenever they desire.
Although the legislation was established in 2015, it did not take effect until May 25th, 2018. The law is meant for EU citizens, but applies to the United States and other countries, because EU citizens visit international sites, such as online shopping sites.
Essentially, doing business will be smoother if all countries apply this to their sites as well. There is a long list of regulations for companies to adhere to, but all must:
- Explain who you are and why you’re processing their data
- Receive consent from a person to use their data, and be sure to check their age in case it may require parental consent
- Provide people with the access or delete their data
- Inform users of data breaches
Personal data qualifies as any information that can be used to identify an individual. If companies don’t follow these rules to protect customers personal data, they can face a fine of up to 20 million euro, or 4 percent of their annual revenue.
GDPR for Bloggers
Just because you’re not a traditional business or company website doesn’t mean you shouldn’t prepare your site for the new data privacy laws too. GDPR for bloggers, for example, is important too.
For bloggers, this data is most likely collected through mailing lists, comments, contact forms, analytics tools, and plugins. It’s important to note that information you may have gathered about media companies or other outlets is not considered “personal data”.
You are allowed to utilize and store this information for business purposes such as sending out press releases or other general inquiries.
The phrase “legitimate interest” is a key distinction to understand.
This is how the GDPR determines if someone is gathering data for an admissible reason.
If your company, or blog, in this case, has a job or activity that relies on this data, then it is considered acceptable to collect. The key is that you adhere to the previously stated guidelines.
Be aware, “legitimate interest” does not include direct marketing. Don’t send out a message to your email list trying to sell something with the data you’ve collected.
- What data is being collected
- Who’s collecting the data
- Why you are collecting the data
- Where the data will be stored
- What rights the user has
If you’re not sure what to put in your policy, there are templates that can be used to make the process easier, or in-depth guidelines to follow with step by step how-tos.
Make sure to store the data collected in a secure location.
Whether it’s on your laptop, on a separate USB drive, or on a piece of paper in a drawer in your desk. Computers must be password protected and drawers should be locked.
If you use a third party system for this such as a cloud database, check and to ensure that it is highly secured.
To be safe, you can delete all current data and have followers sign up to new mailing lists or contact forms to ensure all new rules in place are being followed properly.
If you had them check an “opt-in” button when first signing up, you’re most likely okay with the current data you have. However, some sites are starting over anyways just to be cautious.
There’s a process for companies that don’t comply with the GDPR, and the first step is a warning.
In terms of GDPR for bloggers, don’t be afraid that if you miss one thing that you’ll immediately be fined.
Although it’s best to do it right the first time, it’s hard to understand every regulation at first. Especially when you don’t have a team of corporate lawyers scanning and ensuring everything is perfect.
As bloggers, most are individuals, or a small team. Therefore, the personal data you collect is most likely more limited than a big website, and you should have less to worry about.
What’s Next with GDPR for Bloggers?
It’s okay to not fully understand the GDPR rules yet, do your research and ask for help when needed.
We’re all learning together and must find the best way to be compliant while still creating a genuine relationship with followers and readers.
Whether you’re a large blog with a wide readership, or just starting out, it’s important to cover the bases now to ensure your safety later on.
About The Author
Sara is an experienced tech expert who writes with her colleagues on Enlightened Digital, to share her passion with others around the web. After 15 years in the industry, her goal is to bring information on all technology to the masses. Her philosophy is to create each article so that anyone can understand the content, whether they are a consumer or a technology expert.