The GDPR (General Data Protection Regulation) is round the corner and it is one strict piece of legislation. Non-compliance will invite a fine of up to Â£20 million or 4 percent of the turnover (whichever is greater), and for any small to medium enterprise that is a lot of money to lose. In such a scenario, it becomes almost impossible to ignore the GDPR, almost even irrational.
The directive took three long years to come about and going by this history, it seems that it is here to stay. There may be improvement or changes along the way but the core principles are clearly laid out and have made organisations take notice. For some, it has meant a complete shift in strategy from the earlier days.
That makes GDPR a game changer.
The organisations that have been impacted do not necessarily have to be in the EU. The websites around the world will come into the purview of the GDPR.
Businesses to blogs, there is something everyone with a website needs to do now.
GDPR: Issues specific to blogs.
Blog owners tend to be casual about the GDPR implications. Many think that the best course of action is to simply wait and watch how the law evens out.
The other argument for the inaction is â€˜as long as the blog doesnâ€™t make money, its fineâ€™
Then there are private and personal blogs that think that they may be exempted as they do not collect data.
Let us address these issues.
Why every blog owner needs to know about the GDPR. And also make their blog compliant.
1. The GDPR is really about â€˜Rethinking our own responsibilityâ€™.
The time was ripe for a regulation like the GDPR. People were largely uneasy and worried about the data policies. There was mistrust towards the organisations that citizens were dependent upon.
With the introduction of the GDPR, the government has taken a step towards the betterment of society. However, organisations need to realize, that the GDPR came as a corrective step, whereas, such a provision should have been an intrinsic part of the policy at the first place. Well, better late than never.
Should we now, not rethink about our own responsibility to make the GDPR a success?
For the outcomes that we have faced and those we might face in the future, do we need to be reminded of our responsibilities through regulations?
Can we instead take a proactive approach for our content; welcome the GDPR and work with it to create the balance that it seeks, willingly.
2. Yes, GDPR applies to your blog too!
While many bloggers do so for the fun of it and are not actively seeking data collection, there may be good reasons for one to heed to the concerns of the GDPR.
As mentioned above, the GDPR is our responsibility that collectively we must ensure as a society. It is the need of the hour and the example of how things can be done the right way.
As a new beginning, it must be ensured that each website on the internet complies with the GDPR, if not for anything else but for the sake of the restoration of trust in the internetÂ
3. Your blog collects data even if you don’t think so
On the technical level, blogs do consist of specific processes that work in the background and engage in data collection.
At the most basic level, if you have a comments section, you are storing data. Visitors leaving their email addresses are another basic area of data collection.
You might think that you are not collecting data, but all WordPress sites do collect data in their default settings.
Also, contrary to popular opinion, compliance applies to you irrespective of whether you are making money from your blog or not. This has less to do with legality and more to do with self- regulation and responsibility
4. Understanding the GDPR law â€“ summary
The main features of GDPR aim at enforcing more transparency over data collection and use and give its control back in the hands of the people. Blogs need to adhere to the guidelines as well and review their content with respect to consent, data ownership, data portability and the right to be forgotten.
5. The data you collect, and how to be GDPR compliant
A normal blog, by default, has the following areas where it collects data
- Comment section â€“ cookies are used to remember names, email addresses and IP addresses
- Contact form â€“ personal details like name and email addresses are stored
- Email newsletters â€“ personally identifiable preferences are stored
- User Registration â€“ personal details like name and email addresses are stored
- Google Analytics – IP addresses, location, age etc. are stored
- Advertising programs like AdSense â€“ user profile is collected
Your blog compliance checklist:
- Use GDPR compliant plugins for ecommerce, security etc.
- Get Clear consent – while obtaining data on a contact form make sure you inform about the data storage and use
- If you are sending out emails from your website, you need to include how you got their data and what is the purpose of the email.
- When sending out emails, you also need to provide an unsubscribe option so that a person can opt out easily.
- If you are using Google Analytics, you can modify your settings to retain data for 14 months only.
The checklist for making a blog compliant is a brief guide to the new scheme of things but is not exhaustive. You may need to consult a lawyer or a GDPR expert for the complete list.
The will to comply has to come from within, whether it is GDPR or any other regulation. Imposition of a regulation is essential because it makes things legally easier, but in order to be successful, the regulation has to resonate with the community.
The GDPR should be welcomed for every website, including blogs that might seem inconsequential. Let the approach towards GDPR not only be to avoid legal consequences, but to encourage the balance of profitability and positivity that it strives for.