What Is GDPR and How Does It Affect Bloggers?

By Leslie Samuel | List Building

Apr 16

What is GDPR? And are you wondering if it affects you as a blogger?

Well, they most likely do. And in this article, I will explain what GDPR is and how it pertains to us bloggers.

Disclaimer: I’m not a legal professional nor do I play one on the internet. Consult an attorney to make decisions for your blog/business related to GDPR.

Side note: Yes – this is a long article. If you'd prefer to be lazy, you can jump to my summary for lazy people at the end in the form of an infographic.

Don't worry, when I say lazy, I say it with love, lol.

The Privacy Problem

GDPR – General Data Protection Regulation

It's the buzzword these days – privacy. Everyone wants it, but nobody seems to have it.

Sites like Facebook seem to throw privacy out the door with the baby and the bathwater.

So many news agencies are up in an uproar over Cambridge Analytica. Russia seemingly undermined the U.S. elections.

What's a country to do? Well, the continent of Europe has decided to do something big, and it's called GDPR.

What is GDPR?

GDPR stands for General Data Protection Regulation. According to the GDPR website, the goal is “to protect and empower all EU citizens data privacy and reshape the way organizations across the region approach data privacy.”

In simple terms, Europe wants their citizens to have more control over how and when companies use their personal data.

A VERY Brief History

Every European state could create its own local laws based on the directive, which became difficult to enforce.

Back in 1995, Europe established the Data Protection Directive. This had some general guidelines for data protection.

But every European state could create its own local laws based on the directive. As you can imagine, this resulted in a messy situation with laws that were difficult to enforce.

Some states had very strict privacy laws. Others were more lenient.

The EU parliament wasn't feeling this and wanted something more uniform.

So on April 14th, 2016 they approved the GDPR, and the world turned upside down (hat tip to the Hamilton soundtrack).

There is one HUGE difference between the GDPR and the data protection directive of old.

The GDPR governs ALL member states.

So Does it Affect You as a Blogger?

If you collect ONE email address from ONE EU citizen, the GDPR applies to you.

The GDPR affects any blogger who collects any data from EU citizens.

It doesn't matter if your blog or business is in Europe or Timbuktu.

Let's say you're building an email list (which you should be doing). If you collect ONE email address from ONE EU citizen, the GDPR applies to you.

In other words, if you're a blogger, it's safe to say that it applies to you.

I mean – I'm an EU citizen (bet you didn't know that). If I'm on your email list and you don't uphold the GDPR, I can probably report you ;).

So what exactly does this mean for you? I'm Glad you asked.

Get Consent and Make it CLEAR!

Consent

Be explicit when getting consent.

This is one of the most significant tenets of the GDPR. They are very explicit in their statements on how you should get consent.

Let me make it clear for you. Let's say you're collecting email addresses to build your email list. Make sure to follow these guidelines:

  • Be clear about who you are. They should know who they are transacting with.
  • People must opt-in to receive your messages (HALLELUJAH). If you've been adding people to your list, STOP IT NOW.
  • Consent must be “freely given, specific, informed and unambiguous.” Use clear and plain language letting them know what they signed up for.
  • If you are using their personal data in any way, let them know how.
  • Silence is NOT consent. In other words, they have to actively show that they want to join your list. Do not use any pre-checked boxes or anything like that.
  • Only collect what's necessary (they call this Data Minimisation). Don't collect any data that's not needed for the intended purposes.
  • “It must be as easy to withdraw consent as it is to give it.” In other words, don't have those hidden unsubscribe links that nobody can find.

The Burden of Proof Lies with YOU

Keep a record of proof of consent.

Keep a record of proof of consent.

It is now your responsibility to be able to prove that you have consent. You have to keep a good record of this.

Fortunately, good service providers are aware of these changes. They should be taking steps to be compliant. To be on the safe side, check with your email service providers to see what they are doing.

I use Drip. They are aware of the situation and working on making sure that they are compliant by the deadline.

So is GetResponse, the service I recommend for beginners. Even Thrive Themes, the company behind Thrive Leads, is making changes.

But it doesn't end there. You are the one that needs to make sure that everything is being done to meet the regulation.

What About Existing Subscribers?

So Leslie, what about my existing email subscribers? Surely I don't have to do anything about them since they subscribed before the GDPR took effect. Right?

WRONG!

Based on the GDPR, you have to bring those subscriptions up to the current standards.

If the EU citizens on your list have not given the kind of consent required based on the GDPR, you have two options:

  • Get the kind of consent I spoke about earlier. It must be “freely given, specific, informed and unambiguous.”
  • Remove them from your list.

How do you know if you have EU citizens on your list? Most email service providers will allow you to search by Time Zone.

In Drip, you can search for anyone with a Time Zone in Europe.

Drip_Filter

Through Drip's filter, I can have an overview of the number of European subscribers in my list.

Just to give you an idea, I have 16,880 people on my email list. 1,507 of those people are in European time zones.

But this doesn't account for EU citizens living outside of Europe.

So What if I Do Nothing?

Do nothing

What if I do nothing?

I know – it's tempting to think this. I mean, what's the big deal? Nobody's coming after me, right Leslie?

Well, they are taking this seriously. Not following the regulations can lead to some pretty significant fines.

How big? Up to €20 Million, which is almost $25 Million US, or 4% of global annual turnover – whichever is HIGHER. I read that and chuckled.

The exact thought that came to mind was – DANNNGGGGGG, these EU people are SERIOUS.

And yes – they are. Will they come after you? Technically, they can. But I would imagine that coming after small bloggers would be quite an undertaking.

So What do YOU Think About this Leslie?

Yes, this is a HUGE change for the industry. Yes, the requirements are stricter. But you know what?

I LOVE IT!

Does it make it harder to grow your email list? Yes. But I believe it gives you a much higher quality subscriber.

high quality subscriber base

Personally, I believe this will gives us a higher quality subscriber base.

Instead of using shady tactics to boost our subscription rates, we have to do it by providing value.

  • We have to be more transparent about what we're collecting. Transparency breeds trust, and I love it.

So I won't complain about the GDPR. Instead, I will embrace it as an opportunity to up my game. I look at it as a challenge to become better at what I do.

And I always love those kinds of challenges.

But it's not all about me.

What are your thoughts? Let me know in the comments section below.

Resources Mentioned

Infographic

what GDPR

Infographic: What is GDPR and How Does it Affect Bloggers?

  • Susan says:

    Very clearly explained — thank you. One question: For existing newsletter subscribers, should we ask them to resubscribe using the same GDPR compliant form for all new subscribers or just ask them to send a reply to a newsletter explaining the issue or what? This is what l’m not sure about.

  • Jen Grice says:

    Does this mean that bloggers who are “selling” email addresses to third parties need to stop?

    • Meg says:

      I’m no expert but I would say yes, unless the blogger has gotten the customers permission for their personal information to be sold/used in that manner. AND that the permission to do so must be very clear on who it’s being sold to, how they opt out of that etc.

  • You’ve mentioned nothing about how GDPR affects analytics data – which I’m trying to wrap my head around right now. Any thoughts?

  • Devon Lee says:

    Folks are stressing out about leaving comments. What should be done for comments on blogs to be compliant?

  • Matt Pliszka says:

    Do I need to request my previous blog subscribers to subscribe one more time?

  • >
    Share276
    Tweet
    Pin38
    Share
    314 Shares