title image

GDPR For Bloggers

GDPR (General Data Protection Regulation) is the European Union’s privacy law that came into effect on May 25, 2018. It doesn’t just apply to EU websites and organizations, so here’s an overview of what you need to know.

(If you’re interested in what we’re doing to comply (although it’s more involved than what you need to do as a blogger, so don’t worry!) check out our GDPR and CalOPPA Compliance page).
Currently reading: GDPR For Bloggers Share on X

About this blog post

Disclaimer: The content of this blog post is informational. It does not constitute legal advice and should not be relied upon as such. Please check with your legal counsel when in any doubt about understanding your rights and obligations in order to comply with the law and regulations.

This is a living blog post, which means we try to update it with any changes or additions as we come across them or as we become aware of new legislation amendments or clarification. However, please don’t rely on this blog post alone for news and information about GDPR. We’ve included links to relevant authorities along with a “Further Reading” section for further details.

This blog post looks at the following:

  • What is GDPR? Do I need to be GDPR compliant?
  • How do I become GDPR compliant?
  • Further reading

Note: Within this post we make several references to the ICO (Information Commissioner’s Office), which is a UK organization responsible for issuing information about GDPR. Each EU member state has their own ICO equivalent, which we recommend you refer to if you’re based in another EU country. For the purposes of this post we’ve used the ICO as our main referral and source of information because it is provided in English and a significant proportion of our customers are based in the UK. If you’re based outside the EU/UK, we’d suggest referring to the ICO if your own country isn’t providing official government-led information on GDPR compliance.

What is GDPR, and do I need to comply?

If you’re not sure what GDPR is or if you need to comply (hint: you most likely do!), take a look at these three accordions before moving on to the rest of the post:

How do I become GDPR compliant?

If you’re in the UK, in addition to complying with GDPR you may also need to register with the ICO (although it’s unlikely if you just have a standard blog). It’s a yearly cost of £35, and you can take this quiz to find out if you need to register. If you’re based in another EU member state, check with your ICO equivalent to see if there’s a similar equivalent you need to register for.

Note: There are a ton of aspects to GDPR compliancy, so we’re only covering the ones that we think are most relevant to bloggers. If you have employees, keep paper records, process or store sensitive data, need to appoint a Data Protection Officer, or otherwise have a ‘bigger’ business, you’ll want to investigate further to see what else you need to do. If you use freelancers or virtual assistants, they will also need to be GDPR compliant to work with you.

Note: You can’t avoid GDPR requirements by blocking all EU IP addresses or serving them a different version of your website, because this doesn’t account for people using proxy IPs and so on.

There’s a common misconception that you can just install a plugin for WordPress and you’ll be compliant. Unfortunately there’s a lot more to it than that, but there are some free GDPR plugins in the WordPress Plugin Directory that are worth browsing. They may be able to help you with some of the points listed below, but there are no guarantees that third party plugins meet GDPR compliancy requirements, so always exercise caution, and research further where possible. Please read the below before installing any plugins, so you know what you need.

After you’ve checked if you need to register and downloaded the checklist, you’ll need to review and action the following points in the accordions below (depending on how many are relevant to your blog). Please read all the information below before starting work on GDPR compliancy to avoid unnecessary work and stress!

Help! I feel overwhelmed!

Don’t panic, or overthink it! Just break it down one step at a time.

List 1: What you need to do for GDPR (use the “How do I become GDPR compliant?” accordions above to get started, removing any parts that aren’t relevant to your blog).

List 2: A list of all third party services (including plugins) you use that collect personal data. Then go through and Google/contact them all to see if they are GDPR compliant.

List 3: Create a document with the research you’ve done and steps you’ve taken to comply. This will help you identify any holes, and also show proof of the effort you’ve made to co-operate if needed.

List 4: Any questions you have, any companies you’re unsure of, and any grey areas you need to research further.

Do the best you can, and don’t worry – you’ve got this!

Further reading

Pin for later:

GDPR For Bloggers

Jenni Brown
Co-founder of Lyrical Host, Jenni has been in the web hosting industry for years and specializes in social media, copywriting, search engine optimization, and email marketing. She loves cats, baking, photography, and gaming.

Leave a Comment: