Now don’t read this title and run away. It’s not so bad, I promise!
NOT. But I’m glad we can laugh about it, right?
So let’s get to making a few changes and relieve your pressure.
What is GDPR
I’m sure you know already, but just in case: GDPR stands for General Data Protection Regulation.
This is a regulation imposed by the European Union for protection and security of data of people who reside in a European Union regulated country. GDPR became regulation in June of 2016, but will be fully enforceable as of May 25, 2018.
Now it sounds complicated, and it kind of is, but you must comply, at least start taking a few steps.
I give you four fairly “easy” ones here.
Don’t be an ostrich, you might regret it.
If you do at least these four changes, you will be showing a good-faith effort in case your blog is reviewed.
Blogs that must comply, are not only those based in a EU country, but also those with an audience that comes from an EU-country. Apparently non-compliance carries steep fines.
The EU is in talks now with the US government to enforce punishment of US websites for non-compliance.
Sounds scary? Yep.
But like I said, just start. Take these few steps toward compliance.
And also remember this: the ruling is meant to keep your visitors (and you) safe.
Up until now, the internet has been a land without a police force.
Maybe this law is the beginning of a more civilized land.
And there is talk other countries, including the USA, will be following suit.
So it’s best everyone start heading toward compliancy now.
Also, remember, if you are operating a blog that earns an income working with brands, those brands will want you to comply or they will work with someone else – they don’t want to be fined because their product is partnered on a site violating the GDPR rules.
I am soo not a lawyer, data privacy expert, or anything else that would allow for me to offer you professional advice on this legal matter and I am not providing you legal advice.
I am merely a veteran blogger who also happens to be a web developer, and since I have been spending my last month helping my clients become compliant, I thought I should share to my large community of bloggers information that might be beneficial to you.
I strongly advise you to jump from this article to research further what is best for your blogging situation regarding GDPR regulations and EU policies within your country of residence, and don’t hesitate to contact a lawyer if you want professional legal advice.
Who Needs to Comply?
To start off, probably anyone with a website since we are on the “World Wide Web”.
Chances are you have visitors from EU countries.
Specifically though, you should certainly make compliance changes if you are making money from your site and/or offering any goods and services and collecting information such as email addresses, and if any of your readers/subscribers are from EU-based countries.
So What Are These Changes Needed to Comply with GDPR?
To be clear, there is so much confusion on exactly what each person should do based on their audience and their site purpose, that you really need to do some research to see if you need to do something more than what I list below.
I am telling you here four of the first things bloggers should do who collect visitor email addresses, have affiliate links, and who use Google Analytics.
You might have to make more changes specific to your situation if you are, say, running an ecommerce site, or a membership site, or a multisite, or if you collect much more personal information from visitors than name and email address for a newsletter.
But the steps I outline below are pretty much essential for everyone and I think you won’t find them too confusing. Let’s get going..
You can have a lawyer write you one. You can try to find a free one online. Many bloggers are buying one from this company which I am told is fairly reputable.(no-affiliate link here).
I have Mailchimp, which collects names and email addresses. I also use Google analytics, and a few other plugins that I know collect some sort of data.
Many bloggers and developers and companies are scrambling now to get compliant, so if you don’t see a notice now on a plugin website, either wait and check back or email them.
As of this writing, May 25, 2018, Jetpack, Askimit and Gravatar are not yet in GDPR compliance. But I depend on them heavily and Automatic, their developers, have said they are working on compliance. It is your decision whether you want to delete an as-of-now non-compliant plugin based on your situation.
Create New Page
Now you should link it to your footer. To see what it looks like in a footer, go to my homepage, scroll down and see my link in my footer here.
Maybe you know how to edit your footer?
Maybe you will have to ask your web designer to insert the link.
Do you have Genesis theme? To edit your footer text, use the Genesis simple edits plugin. Link code snippet looks like this:
If you have no access to a designer and no idea how to add a link to your footer, create a custom widget (wordpress), and add it to the end of your sidebar and insert the link code I gave you. Make sure that widget is at the bottom of all your sidebars.
Okay, so that is done! Whew!
That is the most labor-intensive task to become compliant with the GPDR.
Add a Cookie Consent Popup on your Website
I use WordPress so I use this free plugin for my WordPress site.
Where did it Go?
Remember, you will see the opt in pop up only once on your own visits to your own site.
So realize that as you try to see what it looks like on your site – you will see the first visit, but then you won’t see it again for another month (if you set the plugin to save it’s own cookie for a month). If you want to see it again and again, go into your browser and delete your cookies. However, beware that will log you out of sites.
Update your Google Analytics account to be GDPR compliant
There are three steps at least you should take:
- Anonymize your Google Analytics
- Change your Data Retention Timing
- Sign your GA Data Processing Agreement
You might have to make many more changes to your analytics for many reasons, so take this list and customize it as you need.
FIRST: Anonymize your Google Analytics
You need to change your settings slightly so you are no longer tracking a visitors IP address – that way if they don’t accept your cookie condition, their visit will still be reflected in your analytics.
If you use a plugin for Google Analytics – such as Google Analytics for WP, this is easy, just follow the plugin directions to Anonymize. (You might have to email the plugin developer or visit their site)
However, if you just grabbed your own snippet code and inserted into your theme’s header box (Genesis theme settings has that option).
Then you need to add a line to that snippet.
Here is my Google Analytics code snipped with my account number blocked in black (obviously your number will be there), and the new line of code you must add is in purple.
If your GA code snippet looks different from mine, you might be using a different GA tracking method.
That’s okay, just add the pink purple line above your line in your code snipped that holds the “UA-xxx ” number. Sometimes it says something like Gtag Config..
If you made the code change, and saved it on your site.
Go to your Tracking snippet in your Google Analytics, and click on “test tracking”.
That way you can be sure your snippet still works!
If you really feel uncomfortable about editing your Google Analytics code, you can contact a web developer.
Here is a list of WordPress support services – the list is from 2016 but I know a lot of these companies on there are still going strong.
If you don’t have WordPress and need a developer who can work beyond that, there are some with a broader scope on this page.
THEN: Change your Data Retention Timing
- Login to your Google Analytics account.
- Go to your administrator panel (scroll down to bottom of verticle navigation)
- Click on Data Retention
- Under user and event data retention, set to Do not automatically expire.
- Click save
There are conflicting recommendations out there on what this setting should be. The more prevalant argument I have heard is you must set it to not expire because your historic data is important to you as you track your blog traffic and if it were to go away, even in 26 months, that would create a gaping hole in your data history. However others think only 26 months is needed and don’t change. Still others say this number is not important. I opted to be safe and keep my data from expiring, but you can decide what you want to do.
NEXT: Sign your GA Data Processing Agreement
- Sign into Google Analytics.
- Go to your administrator panel (scroll down to bottom of vertical navigation)
- Click on Account Settings (top of first column)
- Scroll down this page and a data processing agreement will be toward the bottom.
- Click review the agreement (or amendment if you already read it).
- Read the popup, scroll down, click “agree” or “update” if you had read it previously.
- You are not done!
- NOW, click on that blue link that says “manage DPA Details”.
- You will go to a grey confusing page called GA 360 Suite Home – ignore what you don’t understand, and simply click the plus icons to “add your legal entity” (type in your blog name) and below that, type in your blog owner’s name, email, address (probably you!).
- Then click save or done, close the page.
- Click save again on the GA data processing agreement page.
- Your agreement should reflect today’s date.
All in all, I suggest you take honest steps toward compliance, put in a good faith effort to show your customers you are taking their privacy seriously. I am not sure when or how there will be enforcement of this effort, but I do know it will be a learning curve for us all and new changes will come to light as the months go by. If I hear of any more helpful information, I will update this post.
For now, good luck!