How to Make Your Blog GDPR Compliant

General Data Protection Regulation (GDPR) is rolling out in a couple of days, so we're going to jump right into this business. 


This post contains affiliate links. This means that if you make a purchase using my links, I make a commission at no extra cost to you. Thank you always for your support.

What is GDPR?

GDPR is short for General Data Protection Regulation. It is being enforced beginning May 25, 2018. If your site/business does not comply to this regulation, it could cost you.

This regulation is meant to protect the personal data and privacy of European Union (EU) citizens. Whether or not you physically live in the European Union does not matter.

You must comply with GDPR if any of the information regulated passes through your site/business.

What Information Does GDPR Protect and Regulate?

  • Identifying information such as name, address, and identification numbers

  • Health data

  • Web data including IP addresses, cookie data and RFID tags

  • Biometric and Racial Data

  • Sexual Orientation

  • Political Opinions

GDPR extends to third parties that you work with. If the third parties you work with are not in compliance, then you are not in compliance.

How to Make Your Blog GDPR Compliant?

Here are some things to check and update to make sure your blog is GDPR compliant:

  • Consumer is informed of your policy in clear, plain language.

  • Consumer can approve and withdraw consent at any time.

  • Consumer can make/correct changes to data that is inaccurate or incorrect.

  • Consumer can ask personal data to be deleted at any time.

  • Consumer has a right to know information that has been collected.

  • Consumer has a right to know how information is processed.

  • Consumer can transfer personal data from one system to another.

Updating Your Blog and Privacy Policy

In order to provide clear, informed consent, it is advised to create a pop-up on your homepage stating how you collect and process information with a direct link to your complete Privacy Policy.

When it comes to your Privacy Policy, you must be very clear about how you go about collecting data for your site, how third parties use the information collected (like ad agencies and affiliate programs), and how consumers can opt-out (unsubscribing or not using your site).

If you want to use my Privacy Policy, you are free to do so. I've uploaded a Word document that you can download here and just copy-paste. Just be sure to edit it to include your information instead of mine. 

Updating Your Mailing List

According to GDPR, you must have explicit consent to have people's data on your list. The easiest way to do this with your current subscribers is to send out a campaign with an announcement about GDPR and request that they reply to your emailed campaign with a Yes or a No (or simply unsubscribe). 

Anyone that says no, you must unsubscribe them immediately, if they have not unsubscribed already.

I know that this might suck - we don't want anyone leaving our list, but in reality, those that want to stay on your list will stay. They are your true audience.

For any new subscribers, be sure to prepare a double opt-in along with the extra check box options that email marketing programs like Mailerlite and ConvertKit have been rolling out these last few weeks. Check with your provider about how they've made it easier for you to be GDPR compliant. 

I hope you found this post helpful in guiding you towards becoming GDPR compliant the easy way. We enjoy simple things around here, of course.

Please Pin this Post about How to Make Your Blog GDPR Compliant. Every share helps so much!