Protect Your Blog! How to Comply with GDPR for U.S. Bloggers

180 Shares

The first time I had heard of GDPR was in April of 2018. I was listening to a blogging podcast and the topic was GDPR for US Bloggers. I learned that a European data protection law would impact my blog. Failure to comply with this law can result in severe penalties and I had never heard of it!

After GDPR went into effect on May 25, 2018, I started receiving loads of emails. Every company emailed me privacy policy updates and placed cookie pop-up notices on their website.

This law even affects small businesses and blogs. If your website uses Google Analytics or you have an email list, you must comply with GDPR. In this blog post, I will explain what GDPR means for US Bloggers and the actions you should take to ensure you are compliant.

* This post may contain affiliate links. That means that I may make a commission if you make a purchase after clicking on the link.

What Is GDPR?

GDPR or General Data Protection Regulation is a consumer protection regulation passed in Europe. It ensures that consumers are fully informed about how their personal data is used and stored. This includes names, email addresses, and other personal data commonly gathered online.

If you have a website, this law applies to you in a number of ways. For example, as a blogger, I use cookies (via Google Analytics) to collect basic data from my readers. This helps me plan my content and monitor how my website is performing. It also applies to my email list because I collect email addresses and the first name of my subscribers.

While the law only applies to your blog’s EU users, failure to comply with the associated regulations could result in sanctions and fines, even if your blog or website is US based.

You May Also Enjoy:

Penalties

As with any law, there are consequences of failing to comply with GDPR. Depending on which law you violate, even US bloggers can be fined. According to Maxine Henry, a GRC expert and consultant at Reciprocity, the fines vary by infraction and can be substantial.

Penalties can range greatly with a maximum penalty of $23 million USD or 4 percent of your business’s annual income (whichever is the most). You can find more details at the Law’s official website.

GDPR for US Bloggers

If you are a blogger in the US, you are liable for informing EU readers that you are collecting their personal information. Essentially the GDPR is all about transparency. It ensures your readers understand that their private information is gathered, how it is used, where it is stored, and for how long.

It will more than likely only take you an afternoon to get your blog up to speed and compliant. The following explains how GDPR applies to US bloggers and how you can easily comply with the regulation.

Your Email List

The greatest impact GDPR has on your blog is your email list. You probably already know that your email list is critical to the success of your business. (If you don’t already know this, check out this blog post to understand why and how to get started).

Any personal information, including your reader’s name and email address, are considered personal information by the European Union. That means that this information is protected under the EU’s GDPR regulations.

GDPR ensures that you are up-front with your subscriber and explain how their information is used. For most bloggers, that means that you are responsible for ensuring your reader understands what your subscriber will receive from you via email. They will also need to know whether this information will be kept private or will be shared with third parties.

There are two things that you need to have on your blog to comply witht he email portion of the law. The first is a privacy policy and the second is GDPR approved Signup forms. I will cover the Privacy Policy in the next section of this blog post because it serves several purposes.

Signup Forms

Using the right sign-up forms are critical to GDPR compliance. You can no longer use forms that only include a space for your email address and a submit button. Post GDPR, you must gain consent in the contact form. If you need consent for more than one thing, the form must include GDPR compliant consent checkboxes for each separate permission.

All sign-up forms need to link to your privacy policy. Your privacy policy should explain how general data is collected, used, and stored. You should also state that your reader can unsubscribe at any time on every form.

Checkboxes

If you need to collect the email address for more than one use, each specific use must be listed on the form with individual checkboxes by each. Most email marketing services make this simple for you to create. My service, MailerLite, includes a settings section that you can check to create customized GDPR fields.

Also, you can’t use a single checkbox for multiple permissions of use. For example, with an email opt-in freebie form, you will need to deliver communications to your reader via a newsletter or updates. However, if you also wish to market any products or services to your subscriber, you will need a separate checkbox for permission for that use.

You can include a link to your privacy policy within the text of the email form or as a checkbox item. However, be sure to include a link to your privacy policy somewhere on your form.

If you would like examples of when you need to use checkboxes and how to use them correctly, this MailerLite blog post has more clarification and actual examples.

GDPR and Your Privacy Policy

Your privacy policy should be a page on your blog that explains in detail how a reader’s data is collected and used. In addition to your email list, you likely collect other data for analytics, which needs to be included in the privacy policy as well.

For example, Google Analytics uses cookies to collect basic statistical data. If you use Analytics, you will need to explain who collects the data (Google), how the data is used (for planning content), where it is stored (stored by Google) and for how long it is stored. Also, include Google’s contact information in the privacy policy for your reader to contact them if they have questions.

In addition, if you share your subscriber’s email addresses with third-parties, you will need to state this in your privacy policy as well. We all know how annoying it is when you sign up for an email list and suddenly you are spammed by third-party companies.

Templates

You can purchase templates for your privacy policy that remove all of the guesswork from the task. I recommend that you purchase yours through Jackie Stoughton of Jade and Oak or from Lucrezia Iapichino at Tiny Love Bug.

Both of these bloggers are attorneys and have awesome privacy policy templates for sale. Jackie Stoughton is by far the go-to blogger for all of your blogging legal resources. However, Lucrezia Iapichino is an AU blogger with experience with EU law so she is another great alternative source if you can’t afford Jade and Oak’s templates.

Cookie Pop-Up Notifications

A major part of GDPR is ensuring your readers are aware that your website collects data and that some of this data is being stored. In order to guarantee that a reader is aware of cookies and your privacy policy, it is best to provide that information automatically when your reader visits your website.

The best way to do this is via a cookie pop-up notifications plugin in WordPress. You will also have similar options in Wix and Squarespace but since I have only used WordPress, it is the only platform for which I can make recommendations.

(If you have a Squarespace blog, you can check out this blog post from Squarespace about how to install a cookie banner. For Wix, check out this article from Wix about setting up a cookie pop-up. Since these are blog posts by the actual companies, they should be accurate, but I can not personally attest to that.)

For now, I use “Cookie Notice for GDPR” by dFactory. I haven’t worked with it much, but it was quick and easy to set up. I will make visual updates to the plugin in the future. It keeps my blog legal in the meantime.

Be sure to state that you are using cookies and provide a link to your privacy policy in your cookie pop-up to cover all of your bases.

GDPR for US Bloggers

GDPR isn’t as complicated as you might think. Clarity and providing accessible information to keep your reader informed of personal data use will go a long way to protecting your blog.

I highly recommend that you draft your Privacy Policy immediately and install a cookie notification pop-up to protect your blog and yourself. Some of the penalties for failure to comply are substantial and can easily damage or bankrupt your small business.

I hope that you found this blog post helpful and use it to protect your blog and assets. If you wish to receive notifications of future posts, join my newsletter below. As a bonus, you will also receive my Blog Post Planning Checklists to help you create SEO rich blog posts.