GDPR (General Data Protection Regulation) notifications have been popping up all over the web, emails being sent out requiring users accept new privacy policies, and businesses scrambling to figure out how this will impact them and their websites. What impact will this have on you and your blog? It depends on a few factors.
Do you accept Euro? Or handle & store data from European users?
If you run a store alongside your blog and accept Euro as a payment type, you could be subject to the new GDPR. But this scope could extend to include bloggers that have European subscribers or have translations in European languages. While it’s mostly been put together to target major corporations who neglect to protect the large amount of sensitive and private user data they store, keeping your own data secure and allowing users to have it removed on request is good practice and something you should be across regardless.
If you haven’t moved across to HTTPS yet, now is a good time to. The added layer of security will help ensure there aren’t any data breaches between the user and your website, and a reliable hosting company with frequent updates should keep your data secure while you store it.
To prepare for the new GDPR security requirements, our HTTPS Migration class makes the transition simple – pick it up as an individual class, or for FREE in our complete blog SEO course.
For external services you might use, such as Google Analytics, or an email CRM, where they store the data themselves, they’ll carry the burden of data protection and may require you update your privacy settings, but shouldn’t be cause for risk. To avoid the regulations being applied to customers outside of Europe, some companies – such as Facebook – have changed the jurisdictions that certain countries are managed within, such as Australia’s main jurisdiction being moved from Ireland to the US.
What’s the worst that could happen?
Well, a breach of the GDPR can cost up to 4% of a company’s turnover, or €20 million, whichever is greater, so it’s not exactly something you want to fall victim to. To stay on top of this, keep your website secure (that means HTTPS!), and make sure your privacy policy is well linked to throughout the website if you store user data, and it’s up-to-date with what you do with the information you store. Before a user subscribes to an email list, let them know what they’re signing up for and ensure that they consent. Australian bloggers should already be across this, as we’ve had something similar to the GDPR in place for a while now.
The personal data that is covered by the GDPR is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, payment details, posts on social networking websites, medical information, or a computer’s IP address.
Again, as most bloggers won’t be self-hosting databases of email addresses and bank details, the responsibility should mostly lie on the companies you use to store your data. As long as you keep your site secure and updated, and inform users of what you plan to do with the information they give you, you’ll be in the clear.
Need the final GDPR touch? Migrate to HTTPS now!