GDPR: What you need to know about it, whether it applies to you as a blogger, what you can do to comply and addressing all those stupid rumours…
I was doing an InstaLive a few weeks ago and one of my blogging friends, Hannah, mentioned GDPR on it. This was the first time I’d ever heard of it. When I asked her what it was, she told me it was a fee we had to pay and similar bloggers were telling me the same thing. Being the cheapskate I am, I freaked out. Money?! My hard earned money?! Being spent on something that I don’t even understand?! I made it my mission that week to understand what GDPR was and what would change for me as a blogger. And now I’m going to share that with you.
What is GDPR?
GDPR stands for General Data Protection Regulations and it’s a new law that comes into force on the 31st of May 2018. And, basically, it does what it says on the tin. It’s the government’s way of making sure the data that we give out and receive is protected. For your average Joe, GDPR won’t affect him day-to-day. And, actually, it’s not really going to affect bloggers all that much either. GDPR affects the way that we store the data we have from other people. Mainly, their e-mail addresses. Therefore, if you don’t store e-mail addresses of other people for the purposes of a newsletter or perhaps a giveaway, you really don’t have to worry about GDPR.
I have a newsletter. What do I have to do to comply to new regulations?
The basics of GDPR are this: you now can no longer use information for anything other than it’s intended purpose. So, if Sally signs up to your newsletter about cats, you can now no longer use her email address that you have for Sally to sign her up to your newsletter about Brexit without her explicit consent. Similarly, if Sally is leaving a comment on your blog post and you have an opt-out option to sign up to your newsletter on your comment form, you’ll have to change it to an opt-in one, as opt-ing out is no longer going to be legal. The key word when discussing GDPR is transparency. As long as you are transparent and explicit about what the information you are asking for is going to be used for and do not use it for anything else then you’re complying to GDPR. It also might be worth getting yourself a GDPR declaration, which states that you do not use information for anything other than its intended use and also about how you are going to keep that information protected: ie. that you will definitely not share the information with any third parties, what you would do incase of a security breach etc.
What about if people sign up to my blog using WordPress.com?
This is an interesting one that’s getting a lot of bloggers bent out of shape. I have never used WordPress.com; I was on Blogger and then changed to self-hosted with the WordPress Plug-In at the beginning of this year so I am not so sure how it works. I asked a couple of friends who used WordPress.com before going self-hosted and they do have access to these email addresses, even though they are stored by Jetpack. This means that while you have access to these email addresses, you have to declare that you will not use them for anything else. Jetpack will take care of some of this for you. However, if you are worried about these new guidelines, perhaps write out a GDPR declaration anyway following all the above guidelines and then, if you’re ever questioned for not-complying, you can always produce that. If you have a list of other people’s information that you can see with your own eyes, you need to be responsible in disclosing it won’t be used for anything else.
So, I don’t have to pay any money?
Nope – it’s just a change in the law. You can continue blogging for free. However, if you don’t comply to GDPR regulations, then you could be fined similarly to the way that if we don’t comply with ASA guidelines regarding disclaimers etc. then we could be subject to a fine as well. As long as you are showing a desire to comply, you should be fine.
So, what does this mean for PR-blogger relations? Will they change?
The way that PRs may do their outreach might change. If you are a part of some of the Facebook Opportunity Groups, you might be aware of some of the Google Forms that PRs use in order to find suitable bloggers for their campaigns. These are likely to change as often PRs are not clear about what they’re going to use the information for. They will need to be explicit. When the laws kick in, you may get a few emails from PRs you’ve worked with asking if you’d still like to receive communications from them in the forms of press releases and such like. This is because they store your information and want to be explicit with you about how they are going to use it. GDPR also gives you a right to be forgotten. Which, in simple terms, means a PR cannot hang onto your information if you tell them you no longer want to be contacted by them. They must delete it from their databases. Similarly, you must also give your newsletter readers this right and you must not hold onto information after someone unsubscribes. (Which, if you’re like me and get signed up to 20 junk newsletters a day, that’s a fantastic thing.)
Do I need to panic?
No, no and no. It’s a change in the law but it’s not the end of the world. You just need to be explicit about the way you’re using and storing information. That’s all. And, if you use blogger, don’t have a newsletter and don’t host giveaways that might store personal information then you don’t have to worry about it at all. If you’re still confused, a great resource to listen to is the Blogtacular Podcast Episode on GDPR as it’s a fantastic, well-explained account of what’s going to change and how you can prepare: as a blogger or a small business. If you have any really specific questions that you feel like I haven’t covered here, you can always message me on Twitter for advice or you can comment down below and I’ll answer every question (but on Twitter you’re more likely to get a quicker reply!).