If you are active on Facebook, you’ve no doubt been made aware of the breach…
Disclaimer: This post is not legal advice, but rather a breakdown of the GDPR based on other digital articles. I am not a legal professional and cannot be held liable for any advice taken from this article. For full information and guidance, please visit the GDPR website and seek professional legal advice.
What is GDPR?
The General Data Protection Regulation, better known as GDPR, is a new data privacy law that allows consumers to have more control over how and when companies use their personal data. According to the GDPR website, its goal is “to protect and empower all EU citizens data privacy and reshape the way organizations across the region approach data privacy.”
Check out this infographic for a visual summary and breakdown.
Does the GDPR apply to organizations outside the EU?
Yes. Although the GDPR is a law passed by the European Union, any company with customers in the EU is required to comply.
What is “personal data”?
The GDPR website defines personal data as “any information that relates to an identified or identifiable living individual.” Examples of personal data include:
- A name and surname
- A home address
- An email address
- An identification card number
- Location data (for example the location data function on a mobile phone)
- An IP address
- A cookie ID
- The advertising identifier of your phone
- Data held by a hospital or doctor, which could be a symbol that uniquely identifies a person
When does the GDPR go into effect?
The EU created the GDPR on April 27, 2016, but it officially went into effect on May 25, 2018.
What happens if I don’t comply?
If a company is found to have breached GDPR, the fines are of epic proportion. Any company with customers in the EU that does not comply could be fined up to €20 million (almost $25 million US) or 4 percent of their global revenue — whichever is HIGHER.
It’s important to note that if you’re not fully compliant with the GDPR the first stage in the process is a warning.
What does the GDPR mean for advertisers?
If you collect ONE email address from ONE EU citizen, then the GDPR applies to you. If your company has yet to take action regarding GDPR, there are a few simple steps to ensure that you will fall in line with the regulation.
Here is a great GDPR Essentials Checklist from GDPR Report.
- Document your lawful basis for processing personal data.
- Determine if you’re a data controller or data processor.
- Have a process for responding to subject rights requests.
- Appoint a data protection officer.
- Make sure privacy by design is built in to your systems, and that you’ve documented your work.
What does the GDPR mean for bloggers?
That’s right, the GDPR applies to bloggers and influencers, too! Just like advertisers, the GDPR affects any blogger who collects any data from EU citizens.
Things that bloggers need to stop doing:
- Auto opt-ins
- Opt-ins that get email addresses for freebies and downloads, then add them to an email list
- Sharing data with anyone else who wasn’t named at the point where data was provided (for example, a brand asking for email addresses of giveaway entrants)
- Collecting data where not necessary (for example, contact forms or comments)
- Sharing brand PR contacts without permission
Things that bloggers should start doing:
- Displaying a privacy notice any time they collect data
- Have a data processing and security policy
- Be able to evidence permissions
- Have robust security anywhere that data is processed
To read more about what bloggers should be doing (and not doing), check out Nomi Palony’s GDPR for Bloggers article.
What steps should I take to make my blog GDPR compliant?
Bloggers will be happy to hear that WordPress is working behind the scenes on updates to help make sites GDPR compliant, which will go a long way.
The Pipdig Blogger Guide lists out all the main actions that you can take to make your blog compliant with the GDPR, including:
- Contact 3rd party services for information about their compliance (e.g. Disqus, Jetpack, rewardStyle and others).
- If you gather email addresses as part of a newsletter or subscription service, you must provide the ability for people to opt-out or unsubscribe.
- Ensure that your site is installed on https rather than http.
- Ensure WordPress is updated to the latest version.
- Ensure that all themes and plugins are updated to the latest version. Enable automatic updates if possible.
- If you use Google Analytics, we recommend using this plugin.
- Check if any plugins on your site are no longer maintained by the author.
What are the main GDPR takeaways?
Once again, I’d like to mention that this article is for informational purposes only. The GDPR is an important issue for advertisers and bloggers and we all need to make sure that we’re informed of these updates. As long as you’ve taken steps to make your blog or company compliant, then you don’t need to worry about any legal action.
To learn more about the GDPR, visit the GDPR website or the following sites:
- What Does the GDPR Mean for the Digital Advertising Industry?
- The Blogger’s Guide to GDPR
- What is GDPR and How Does it Affect Bloggers
- GDPR for Bloggers – Does it Apply to You and How to Comply