Disclaimer: The contents of this web page do not constitute legal advice. This page is for informational purposes only, and I strongly encourage you to seek independent legal counsel to understand how your organization needs to comply with the GDPR.
You’ve probably heard a lot lately about the EU’s General Data Protection Regulation, or GDPR. As a blogger and online business owner, I am going through the process of making my sites compliant with GDPR. I am going to share the resources and tools I am using to make my own sites GDPR compliant and hopefully, this gives you a starting point for the process for yourself. A lot of the guidance out there is for giant ecommerce sites … but what about GDPR for bloggers? Here’s what bloggers and small business need to know about GDPR compliance.
Please note that I am not a lawyer and this is not legal advice. I am sharing what I have found in my research about GDPR and the tools and resources I am using to make my sites GDPR compliant.
Last December, Mashable explained GDPR in detail. It’s a law passed in the EU to help protect the personal data of it’s residents online. This infographic from Marketing Profs explains how GDPR works. You might be wondering why everyone is worried about GDPR is if it is an EU law? Social Media Examiner recently explained how GDPR impacts US companies.
You can find out more about GDPR and read the law for yourself on the EU GDPR website.
As a business owner or blogger, you should be concerned about GDPR compliance if:
If you care about transparency with your readers, then following GDPR will will make a lot of sense to you. Consider how you would want the hundreds (maybe thousands of companies) who have cookied you, gathered your email address, and are following you around the internet … to treat your data.
There’s complying with GDPR because it’s a law. And then there’s complying with GDPR because we care about our readers and their data.
The EU countries are (as of May 16, 2018):
Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK
There are more requirements that don’t typically apply to bloggers but you should be aware of them. Social Media Examiner explains them in detail here. Get a free GDPR for bloggers checklist in the Smart Creative Social Community Facebook Group. You’ll have to join the Group first by requesting access here … then grab the checklist here.
The first step is to audit your website to identify everywhere you might be collecting personal and sensitive data. Microsoft has prepared a free quiz to help you identify your company’s compliance with GDPR.
Places your website might be collecting personal and sensitive data protected by GDPR:
Want this in a PDF? Grab the free GDPR for bloggers checklist in the Smart Creative Social Community Facebook Group. You’ll have to join the Group first by requesting access here … then grab the checklist here.
After the audit of your site, you’ll need to set up disclosures and opt-ins for users to be aware and opt in to sharing their personal information with your site. Before doing this, take special notice of these areas of concern …
Whether you call it a lead magnet, content upgrade, or opt-in, it’s all offering an incentive to sign up for your email list. This incentive is problematic because typically we offered the incentive without explicitly disclosing that by entering their email address and other personal data, someone would also be subscribed to our email newsletter. Yes, we as marketers, bloggers, and business owners know and understand this is why people even offer freebies but the general public might not understand this. And that’s where GDPR comes in.
There are essentially two options when it comes to getting consent to add people to your email list with a freebie:
Okay, I made up these names but it makes sense to me! *wink wink*
The way people sign up to get the freebies is almost always via a form on our websites. These methods cover those forms.
With this method, you would add a series of checkboxes to your forms for the opt-ins. You’ll need at least two checkboxes:
This applies if you offer is worded in a way that receiving the opt-in is the primary purpose of the form and adding them to the email list is a condition of receiving the freebie. This raises the issue of can they receive the freebie WITHOUT opting in?
The flip method helps up avoid this question entirely. I don’t know about you but I don’t want to be giving away my freebies willy nilly for nothing. I mean I do give them away, sometimes, but the reason we all make these lead magnets, opt-ins, and content upgrades is to build our lists. Creating and offering this bonus content makes a better experience for our readers but it takes a huge amount of time and effort … we as marketers do want to get some return on this investment of time, knowledge, and skill.
The flip method is what I will be using on all of my sites.
Essentially, the wording on your sign up forms needs to make signing up on the email list the priority and the lead magnet is a bonus they get as a consequence of signing up.
It’s definitely nuanced but the idea is that the form’s focus is only on signing up to the email list. GDPR compliance requires that you tell people how you will be using this data. You can explain on this form with a line like: “by signing up on this email list, you will be sent emails newsletters and bonuses, including the free checklist I shared about here”.
Here’s a page I have already done this on: flip method example
Someone asked about GDPR for opt-ins, lead magnets etc in a Facebook Group so I am sharing the Q&A here:
Q: It sounds like content upgrades are no longer allowed. Is that true?
A: From what I understand, they are allowed but you just have to get consent:
A. to add them to your list
B. to send them the content upgrade via email
It seems redundant but the spirit of it is that if people ask for a freebie, they need to understand they are also being added to a list. You can explain this verbally without checkboxes but the checkbox is more for you to be able to prove that “hey, they read this and checked a box agreeing”.
I mean, how many times do people say they never signed up for your list but you can show that they totally signed up on a form on your site on a specific date? People don’t pay attention so the checkbox for you is to show that yes, they gave consent.
Verbal explanation can be something like “sign up to get on my email list! You’ll get a free bonus when you sign up”. From all I hear, that is compliant wording, no checkbox needed.
Q: Do you have to offer the option of receiving the content upgrade without actually joining the list?
A: The other wording says the signup box is to join the list … and they get a bonus for joining the list. It’s a nuance but from what I understand, UK bloggers are already doing this and they are covered. But I am not a lawyer. I am interpreting it more strictly on my sites with 2 checkboxes.
Q: Is the bonus separate from the content upgrade?
A: The content upgrade is the bonus. So like for my chore chart post it would be ” fill out this form to join my list and get a printable chore chart as a bonus!”. You don’t HAVE to give people a free bonus for doing nothing. Like if you buy a washing machine and they give a bonus of free detergent, you don’t get to go in the store and just demand free bonus detergent.
They sign up on the list. You send them the freebie optin as a bonus. The signup is NOT to get the freebie … does that make sense?
Thrive Themes has a great write up on the smart way to make your forms GDPR compliant here.
Check out these resources that I used to make my own site GDPR compliant:
Like I said previously, I am not a lawyer. But I do want to share the exact steps I am taking to make my sites GDPR compliant as I understand the law and guidance available. I hope that this helps you with a starting off point but please, seek legal advice from a lawyer for compliance for your specific business.
I run my courses on the Kajabi site. On that site I collect payment information and personal information. The personal and payment information are covered in the terms of service I have had prepared by a lawyer but I needed to set up additional consent for the email addresses collected to make the process GDPR compliant.
My blogs are all run on WordPress. These are the types of data I collect or track and areas of my sites which are affected:
What are you doing to make your site GDPR compliant?
I’d love to hear more in the comments. Please share!
Pin this for later:
A craft industry professional for over 14 years, Jennifer Priest has been featured in major publications and online by the likes of Apartment Therapy and MSNBC. Jennifer's digital marketing consulting firm, Smart Creative Social, has a prestigious client list in the craft and hobby industry, connecting influencers with brands, developing digital marketing strategy, and guiding clients in creating a solid social media strategy for their brand.
7 Unexpected Ways to Use Pinterest
Setting up an Overhead Camera for Videos – TASTY Style Videos for YouTube and Facebook
New Pinterest Profile for 2018
New Following Feed on Pinterest … and a new 2018 Pinterest Strategy
Instagram Scheduling Tools Update 2018 – What You Need to Know
Tailwind Tribes are now PUBLIC!
Hashtags on Pinterest – Hacks you need to try!
Networking on Instagram … what you need to know before you network
Your account will be closed and all data will be permanently deleted and cannot be recovered. Are you sure?