Have you complied with the GDPR policy?
April 25: The day Google wrote to notify me of the GDPR policy.
What is the GDPR policy and why would Google need to write to notify us?
Guest author Denise Riches is here to tell you what you needed to do by May 25, almost one month ago.
If you did not take the required actions to be in compliance with the GDPR policy and avoid GDPR fines by that deadline, please stay until the end of the post.
My technical helper Phillip will explain what you can still do to avoid GDPR fines and be in compliance with this new law even though the deadline has passed.
GDPR Policy
Surely by now, you’ve come across the term, “GDPR”. It’s quite possible that you’ve gotten this close to the GDPR deadline without knowing what it is or how it affects you as a blogger.
What the GDPR Policy Means
GDPR stands for General Data Protection Regulations, and it is a standard regulation for the use and transfer of data, specifically online data and it comes with a compliance deadline of May 25th, 2018.
GDPR will be updating old data regulations, known as the 1998 Data Protection Act. The reason this needs to be updated is due to the advancement of technology in our very digital era.
The origin of this regulation is in the EU (European Union) but it also directly affects any customers or contacts that you may have in the EU.
In plain English:
GDPR Optin
Anyone who handles incoming digital data needs to be GDPR compliant, and this includes bloggers. If you have an opt-in for a newsletter, a web form or any intake of an email address anywhere on your blog or website, GDPR affects you.
Auto opt-ins will be a thing of the past, as you will need explicit consent from any person in order to put them on a mailing list. To be extra safe, changing it to a double opt-in will further protect you in the case you are questioned later.
This means that a pre-filled check box to receive future newsletters or emails is a big no-no. It goes against the GDPR policy.
Re-branding your site
While it’s not mandatory, it’s a good idea to let the contacts on your mailing list know in advance of any site rebranding you may be working on, they have the clear option to opt-out.
Mailing Lists
Let’s say you have a basic mailing list, but then add a new mailing list for something else, maybe something more specifically relating to your brand, business, or blog. The GDPR policy prohibits you from moving contacts from your basic mailing list to the new mailing list, without prior explicit consent.
If you’d like to let your basic mailing list know about the new list, you can let them know in an email or newsletter about the new list, and give them the opt-in link.
Gentle Reminders
Include a reminder of why your mailing list is receiving a newsletter or email (for example, “You are receiving this newsletter because you signed up to receive regular updates from xyzblog.com.”) If your email marketing doesn’t offer this, and most do, you can probably expect changes to be made by your email marketing provider in order to meet the GDPR policy rules.
Check and recheck your T&Cs
Don’t have any Terms and Conditions? You should! This link can explain what they are and how they are used.
https://termsfeed.com/blog/sample-terms-and-conditions-template/
If you are running a WordPress site or blog, there are T&Cs plugins you can install. What about a privacy policy? You can have both on your site (that little bit extra won’t hurt!) but ultimately, the decision is up to you. Be sure to thoroughly research this and find out what you need to include. This site can help, https://www.iubenda.com/.
It all boils down to letting your visitors and subscribers know what data of theirs you are using and for what purposes. Using Google Analytics? Yup, you’re collecting data and your visitors need to be made aware of that.
GDPR Compliance Checklist:
What’s the bottom line?
In essence:
- Be clear about the information you’re gathering from visitors
- Clearly offer opt-ins and opt-outs
- Have a privacy policy and/or T&Cs on your site
- Don’t move contacts from one mailing list to another.
GDPR is not completely understood yet, as many things are still being worked out. However it’s a wise idea to do your own research, or perhaps sign up for GDPR training. There are plenty of resources on the Internet, it just takes a simple Google search. If you have a business in the UK or any non-EU country, you can begin with GDPR representation provided by EU representative service.
It’s more likely that big companies and corporations are going to be the most closely watched, rather than us little guys, but don’t leave it to chance.
I hope you’ve found this information about the GDPR policy helpful!
Author Bio:
Denise Riches is a virtual assistant who resides in Ontario, Canada with her husband and their two sons. She is also a blogger at Smores and Sundresses (www.smoresandsundresses.ca). Denise enjoys spending time in the great outdoors with family and friends, and blogs about her adventures. When she’s not camping, she’s cooking, baking, writing or quite possibly skimming through Pinterest (her guilty pleasure).
Upon learning about GDPR and how it affects her virtual assistant business, she wanted to ensure that fellow bloggers were aware of the change in data protection laws. While not an expert in the subject, Denise encourages readers to research the topic further to prevent any complications.
https://www.instagram.com/ddr_74
https://www.pinterest.com/ddr74/
Host Blogger’s Comments:
What Can You Still Do to Avoid Paying GDPR Fines?
According to my technical assistant Phillip Dewes,
“As for the GDPR policy page: I have no idea as yet as I am not a legal person but don’t worry too much if it shows on your site that you take privacy very seriously. Lots of people have been panicking about this thinking they’re going to get a 20 million (euro) in GDPR fines, but it’s just scaremongering and nothing to worry about. As long as sites are showing they are taking privacy issues seriously, then there is nothing to worry about.
Phillip can still help you comply with this new regulation. Here is his contact information and his requested compensation:
“The cost is £50 (about $67/$68).] There are no GDPR sanctions since there is no late fee as the law has been around for a while now. It just comes into force yesterday but there is not a police force targeting websites that are not compliant. More people wanting to work with website owners to make sites compliant, the GDPR fines are for people who in my humble opinion refuse to change their sites to be more compliant. Have a look at this website for more info on GDPR and what it all means…. https://ico.org.uk/.”
Readers, please share so other website creators learn about the GDPR policy, read Denise’s GDPR Compliance Checklist, and are assured by Phillip’s comforting words about avoiding GDPR sanctions.
Related
If you’d like to avoid paying GDPR fines, you might be interested in how to avoid paying fines for unintentional plagiarism.
