Last week I set up the foundation of GDPR, what it is and how it affects everyone. If you just joining us, am talking of the General Data Protection Regulation that went into effect on the 25th of May 2018. If you still lost or wondering what this has to do with you as an internet junkie then I suggest you read last week’s article. Otherwise, read on how to become GDPR compliant.
It’s been almost three weeks since the elapse of the deadline but here I am. I want to say good things take time but that’s just a lie. Am just a lazy in real life AfriBibliophile who doesn’t believe in half-baked anything. Been learning and sieving the internet from information about GDPR for a while and the progress is informative so far.
That’s good news for you if you constantly put out information on the internet, as a sole proprietor, blogger, public relations manager or a freelancer. And yes, the GDPR is a blogger problem regardless of your location or target audience. Am in Kenya and my readership is pretty much African, American and European.
Also, this article has nothing to do with me making up for the book review I totally forgot to put out Friday. Won’t even apologize and we go back to normal with the scheduled fortnightly freelancing category articles next Tuesday. Meanwhile, I’ll be watching Ape###t by Beyonce and Hov and putting the Louvre on my travel wishlist.
What a GDPR compliant website includes
Back to business, or law, GDPR is here, and it’s here to stay and paying millions in fines is not appealing at all. The big question then follows; how do I become GDPR compliant? Remember, if you are stuck on what concerns you and what doesn’t read last week’s article. Therefore let’s now get down to how to become GDPR compliant.
The whole point of the General Data Protection Regulation is to return the power of how personal data is used to the consumer. Articles 12, 13, and 14 outlines the requirements of this particular point. As a processor of data henceforth referred to as a blogger, it is your duty to make this happen.
- Transparent, concise, and easily accessible. I put mine in the about page
- Written in a plain language, I recommend you fine tune it till your Yoast SEO Fleisch test reads ‘easy’ to read
- The information provided should be free of charge.
Here’s what you need to include in yours:
I) How you collect and store personal data
GDPR provides users with the ‘Right To Be Forgotten’ option. As such you need to ensure you tell them what data you are collecting and for how long. Mostly, blocks of data are usually stored for a specific time and afterwards automatically deleted. But your readers or subscribers need to know when they should be out of your system. You are subject to GDPR if you process personal such as:
- Personally identifiable data-name, address, id or social security numbers and dates of birth
- Political opinions
- Sexual orientation
- Ethnic data
- Health, genetic or biometric data
- Web-based data-IP addresses, cookies (read on for more on this), RFID tags and user location
More often than not, the data you collect on your website is shared with third parties. For instance, installing the Google Analytics plugin means that you share information about all your visitors and sessions. This enables you to track and monitor your growth, traffic sites and best-performing articles. Similarly, AdSense recommends ads based on your visitors’ browser history.
III) How safe their Personal Data is
Nowadays, when you here data privacy breach your mind directly travels to Cambridge Analytica and Facebook. In this digital era, it is becoming more difficult to guarantee the safety of your visitors’ data. This is the primary reason the GDPR was proposed. The public needs to have more control over their personal data. They need to know that their information will be treated carefully and with the utmost sensitivity.
IV) A GDPR Compliant Disclaimer
This particular point is obvious to accomplished bloggers or anyone who has worked with big brands. However, new bloggers completely bypass this step. A disclaimer outlines that a particular post contains affiliate links. You should indicate that you receive a commission if your website visitors purchase anything via your link.
The disclaimers should be on every post that contains affiliate links. Nevertheless, you should create a detailed disclaimer that absolves you of what your website visitors do once they follow your link. The disclaimer should include a list of their parties you share information with and for what purposes.
Provide a Cookie notice
GDPR Compliant Email Consent
Accomplished bloggers swear by email subscribers and it’s easy to see why. Subscribers are people who believe in you, people who would buy ice cream during winter if you proposed it. it’s a chance at a family, it’s like sliding into the DM and being assured of a read. That’s why pop-ups are the number one way to attract subscribers. Recently, websites cajole you into subscribing using false offers. Well no more.
Article 7 of the General Data Protection Regulation describes how you should treat email consent
- Use positive opt-ins for consent, not pre-ticked boxes- Recital 32
- Separate consent requests from other terms and conditions- Article 7(4)
- Simplify the unsubscribe option and outline the procedure- Article 7(3)
- Record when who and how this consent was provided- Article 7(1)
- Check your consent practices and existing consents –Recital 171
In simple terms, let anyone who subscribes know what they are subscribing to by checking the box themselves. Secondly, readers should provide their consent freely. Yes, even I do not read the terms and conditions, who has time anyway? In the provision of this, the GDPR asks you to separate email consent from the terms and conditions consent.
Thirdly, always provide the option to unsubscribe. The simplest way to do this is to add a link that guides anyone who wishes to withdraw their consent from your website. Like I said, all website visitors have the right to be forgotten under GDPR. In addition to that, clearly record when your visitors became subscribers, the data they provided and how they did it. This is for reference purposes and may save you millions in fines and lawsuits.
Finally, the GDPR email consent clauses do not only refer to subscribers after the May 25th deadline. As such, evaluate your current mailing list and offer them an opt-in if you did not the first time.
Install a Cookie Notice Plugin
This is the easiest way I know to ensure you are GDPR compliant. Granted am just an economist and even if I vetted all the ways to make a cookie notice I wouldn’t know which ones are better than others. Only your readers can gauge their experience and evaluate its performance. If you are on the latest version of wordpress.com you already have a cookie notice. Otherwise just visit your plugins page in your wordpress.org dashboard and type cookie notice in your search bar. I always select a plugin based on its ratings, number of downloads and if its verified.
Be Honest Every GDPR step of the way
Ultimately, GDPR just wants processors of data to be more honest about their dealings. Data privacy is a major concern in this highly digitized era and data breaches are even more rampant. In fact, 16.7 million individuals were victims of identity theft in 2017 alone according to Javelin Strategy and Research. That same year $16.8 billion was stolen from the same crime.
Consumers everywhere are more aware of the danger of spewing their data all over the internet. More and more people are becoming more skeptical of how data is obtained and used including governments. Erasing the doubt by following the 99 articles of the GDPR is a sure way to garner trust and ultimately better views and sales from your visitors. I believe everyone should work at being GDPR compliant, if not for the fact that you might be slapped with millions in fines then maybe for all the law jargon you will learn?
Disclaimer: I am not a lawyer especially EU law, so my word is not law. Gather credible information and mark your own plan. Also, I am not GDPR compliant auditor. Am not even fully compliant yet, but this is me doing my best anyway. Try it.
If you have questions or disagree with a particular section of this GDPR compliant article kindly contact me. PS: I now have a slide into my DMs directly option. Feel free to test it. Or just use the comment section. I have to approve all of them anyway before they appear.
‘A good plan violently executed now is better than a perfect plan executed next week’, George S. Patton. GDPR is a win for data privacy and unless you plan to remain local throughout your internet journey then you need to be GDPR compliant. And even then, your country might just adopt similar policies, the US already has, partially. So why delay the inevitable? Start your journey now it’s the professionally smart thing to do.