GDPR Privacy Policy

The GDPR Privacy Policy Guide for Bloggers and Advertisers

Last updated on: 2018


Disclaimer: This post is not legal advice, but rather a breakdown of the GDPR Privacy Policy based on other digital articles. I am not a legal professional and cannot be held liable for any advice taken from this article. For full information and guidance, please visit the GDPR website and seek professional legal advice.

Knock knock. Who’s there? Your GDPR privacy policy! As a swarm of privacy emails flooded into our inboxes last week, many of us are still wondering what exactly the GDPR is and how it affects bloggers, advertisers and consumers.

We’re breaking down everything you need to know about the GDPR privacy policy updates. Keep reading to find out what the GDPR means, when it goes into effect and best practices for your business or blog to make sure you’re in compliance.

GDPR Privacy Policy

What is GDPR?

The General Data Protection Regulation, better known as GDPR, is a new data privacy law that allows consumers to have more control over how and when companies use their personal data. According to the GDPR website, its goal is “to protect and empower all EU citizens data privacy and reshape the way organizations across the region approach data privacy.”

Check out this infographic for a visual summary and breakdown.

Does the GDPR Privacy Policy apply to organizations outside the EU?

Yes. Although the GDPR is a law passed by the European Union, any company with customers in the EU is required to comply.

What is “personal data”?

The GDPR website defines personal data as “any information that relates to an identified or identifiable living individual.” Examples of personal data include:

  • A name and surname
  • A home address
  • An email address
  • An identification card number
  • Location data (for example the location data function on a mobile phone)
  • An IP address
  • A cookie ID
  • The advertising identifier of your phone
  • Data held by a hospital or doctor, which could be a symbol that uniquely identifies a person

When does the GDPR go into effect?

The EU created the GDPR on April 27, 2016, but it officially went into effect on May 25, 2018.

What happens if I don’t comply?

If a company is found to have breached GDPR, the fines are of epic proportion. Any company with customers in the EU that does not comply could be fined up to 20 million (almost $25 million US) or 4 percent of their global revenue whichever is HIGHER.

It’s important to note that if you’re not fully compliant with the GDPR the first stage in the process is a warning.

GDPR Privacy Policy Infographic

What does the GDPR mean for advertisers?

If you collect ONE email address from ONE EU citizen, then the GDPR applies to you. If your company has yet to take action regarding GDPR, there are a few simple steps to ensure that you will fall in line with the regulation.

Here is a great GDPR Essentials Checklist from GDPR Report.

  • Document your lawful basis for processing personal data.
  • Determine if you’re a data controller or data processor.
  • Have a process for responding to subject rights requests.
  • Appoint a data protection officer.
  • Make sure privacy by design is built in to your systems, and that you’ve documented your work.

What does the GDPR mean for bloggers?

That’s right, the GDPR applies to bloggers and influencers, too! Just like advertisers, the GDPR affects any blogger who collects any data from EU citizens.

Things that bloggers need to stop doing:

  • Auto opt-ins
  • Opt-ins that get email addresses for freebies and downloads, then add them to an email list
  • Sharing data with anyone else who wasn’t named at the point where data was provided (for example, a brand asking for email addresses of giveaway entrants)
  • Collecting data where not necessary (for example, contact forms or comments)
  • Sharing brand PR contacts without permission

Things that bloggers should start doing:

  • Displaying a privacy notice any time they collect data
  • Have a data processing and security policy
  • Be able to evidence permissions
  • Have robust security anywhere that data is processed

To read more about what bloggers should be doing (and not doing), check out Nomi Palony’s GDPR for Bloggers article.

What steps should I take to make my blog GDPR compliant?

Bloggers will be happy to hear that WordPress is working behind the scenes on updates to help make sites GDPR compliant, which will go a long way.

The Pipdig Blogger Guide lists out all the main actions that you can take to make your blog compliant with the GDPR, including:

  • Create a Privacy Policy (consider using a service such as Iubenda).
  • Contact 3rd party services for information about their compliance (e.g. Disqus, Jetpack, rewardStyle and others).
  • If you gather email addresses as part of a newsletter or subscription service, you must provide the ability for people to opt-out or unsubscribe.
  • Ensure that your site is installed on https rather than http.
  • Ensure WordPress is updated to the latest version.
  • Ensure that all themes and plugins are updated to the latest version. Enable automatic updates if possible.
  • If you use Google Analytics, we recommend using this plugin.
  • Check if any plugins on your site are no longer maintained by the author.

What are the main GDPR takeaways?

If you only have time to do one thing, the most important action to take is to create a privacy policy. This takes only five minutes and will help your readers understand how you control and manage data on your site.

Once again, I’d like to mention that this article is for informational purposes only. The GDPR is an important issue for advertisers and bloggers and we all need to make sure that we’re informed of these updates. As long as you’ve taken steps to make your blog or company compliant, then you don’t need to worry about any legal action.

To learn more about the GDPR, visit the GDPR website or the following sites:

Tags: , ,
Ciera is a content creator, social media strategist and world traveler currently exploring Southern California. With more than six years of experience developing content, Ciera combined her love for writing, traveling, photography and creativity into her lifestyle and travel blog, Life with Ciera. In her free time, she loves going to the beach, cooking new vegetarian recipes and playing with puppies. To see more of Ciera, visit her blog at