GDPR: What Should You Do As A Blogger? #MPBooks

From 25th May 2018 a new EU regulation comes into law called the General Data Protection Regulation (GDPR). Many of us have already heard of this new regulation, it was officially passed in 2016 but only becomes law from 25th May 2018. The new regulation is a good thing for anyone living in the EU as it gives you more control and transparency over how your personal data is kept and used by businesses and different companies who provide goods and services, but did you know that as a blogger you also need to comply with new GDPR rules, even if you’re not an EU citizen?

An Update: Are You Going Around in Circles? It Could Be Your Cookie Widget-Plus an update to GDPR 

Every blog/website should now contain a Privacy Policy page, a separate page on your blog stating what information is collected and how it is used. Regardless of what kind of website/blog you have, this new privacy page should be there and clearly accessible to anyone who visits the site. Although different websites and blogs will have different privacy issues, it’s likely we’ll all need to create this new privacy policy on our blogs and I’m going to share with you as best I can, what I believe should be included.

Now, before I start a couple of warnings, though please don’t freak out…

NOTE: The following advice is meant for all blogs but specifically mentions blogs. While the information will apply to other blogging platforms I don’t know what specific plugins may be installed on different platforms so please consult those platforms for more information.

Disclaimer: I am NOT a lawyer/solicitor or have any background in law. The following is my personal interpretation of the GDPR rules, however the following should not be taken as accurate fact. Please consult a lawyer/solicitor for legal advice on this matter. I am cannot be held responsible for any advice taken from this article.

Sorry to scare everyone but while I’ve done my best to interpret the rules there’s always a chance that this information might not be 100% accurate.

So let’s begin…

GDPR and personal data…

As I’ve stated, GDPR stands for the General Data Protection Regulation and is a new legislation passed into law on 25th May 2018. It protects the personal data of every EU citizen. This personal data is stuff that can identify you either directly or indirectly. Personal information that can identify you include your name, address, location as well as other things like medical information and age. All information which can identify you as a person is now better protected and EU citizens now have a right to not only find out what information a company has on them, but to have that information permanently deleted (this is called the ‘right to be forgotten’).

Although the regulation affects EU citizens and their rights to privacy over their personal information, this new law affects the whole world no matter where your business (or in this case blog) is based. The reason everyone should be aware of this new law and comply by it is because it protects EU citizens, it is to protect ALL citizens who reside in the EU and any websites they visit. If you have a blog and do not have any EU citizens visiting and using it then you won’t need to worry about GDPR. But almost all of us have blogs which have visitors from different countries of the EU (which includes the UK at this time) and so we’re all better off complying with this law.

GDPR also makes businesses responsible to report any data breaches within 72 hours. Something which most people will welcome given the way some companies have treated other’s data in the last few years. (On a personal note one of my Yahoo mail accounts was identified as having been vulnerable to the Yahoo hacking so I welcome this new law). If you have a large business or process a lot of personal data you will also need to hire a data protection officer, and in some cases it may be necessary to register a business with the ICO or relevant authority, however this depends on how big your business is (here’s a self-assessment questionnaire to help you find out if you need to do this), but the average smaller blogger won’t need to worry about any of this.

Fines for non-compliance

The fines are pretty extreme if you fail to comply with the new GDPR rules however you’re unlikely to get an actual fine without proper warnings first. The average blogger isn’t likely to see such warnings or fines but in my reading of this from various sources it suggests that the bigger your business the more visible you are and therefore you have to be more careful. The total fine anyone can get is €20 million but don’t worry, as I said this is probably only going to happen to those that repeatedly flout the law.

Does my blog need a privacy page?

Every website or blog which collects data from visitors in the EU should have a privacy policy in place. WordPress blogs which allow people to comment are by default collecting information on the people who comment.

If you have a blog, I’ve heard you can enable a new privacy page to automatically appear on your blog via the settings menu. I am unsure exactly what is included on the page but it seems that .org sites have more information in their help pages. If you have a blog you’ll need to write up your own privacy page and add it manually to the pages that already exist on your blog. have stated that they are working on something to add to the EU cookie banner which already exists as a widget we can use on our blogs. This new privacy/cookie banner may in future cover the need for a basic blog’s privacy page but for now I’m sticking to writing one. The advantage of writing up your own policy is that you will appear more trustworthy in the eyes of visitors.

What do I need to put on the privacy policy and what data is collected?

You need to state what data is collected when people use the site and why. You need to state who else has access to this information and let people know they have a right to both ask about this information and ask for it to be deleted.

This is where it gets tricky. I’ve relied heavily on the help thread about GDRP for the following. All websites collect data via comments and feedback. The data collected includes names, emails and IP addresses. These can all be seen when you view the comments section of your WordPress Dashboard.

Cookies also collect relevant information and need to be used for most websites so make sure to include this information too. I’ve seen plenty of blogs with privacy policies that mention only the cookie usage but this isn’t enough and you should write up a more detailed policy if you allow others to comment or contact you through your blog (this especially applies if you have a contact form available on your blog).

Don’t forget to mention third parties who may have access to information. This may include Akismet which is the default spam filter on most WordPress websites and some information is sent to them for verifying spam.

If you sell things directly through your blog then you’ll have to state that you collect this additional information, which may or may not include credit and details, when customers make purchases. In such cases you may be liable for more responsibility in keeping that information safe and accessing it so try to find out more about this by consulting someone for more legal advice. I don’t run a business from my blog so at this time I can’t comment further on what to do as I don’t know.

If your blog uses things like paid for advertising or analytics tools it’s worth including that information too.

How should you write your privacy page?

To start, the privacy policy should be written in plain language, jargon that’s too fancy doesn’t help as the new rules require there to be transparency for those who want to know. I’ve created my own privacy policy page (which I’ve updated since last night) which you are free to look, I can’t say for sure it’s accurate but I’ve written it in my own style and tried best to share what information is collected. There are many templates for privacy policy pages around, you can use one or not, but make sure you create one that is specific to your own blog (depending on the services you offer).

On my own privacy policy page I’ve also included information on when the privacy policy came into effect, my email address should people want to know what my blog collects or to delete data, as well as details of the Information Commissions Office (ICO) which people can contact for more information (not 100% sure if it’s needed but I’m playing it safe).

Mailing List/Newsletter

If your blog has a mailing list or newsletter (this is different from the standard ‘follow blog’ option) you need to check you have people subscribing in the right way. There’s no more informed consent available, you have to let people opt-in to getting your newsletter and that includes giving them a way of unsubscribing each time they read your newsletter.

Useful Resources

Writing a Privacy Policy won’t be too difficult for the average blogger who wishes to do so but it’s something which we should all be aware of especially if we plan to do more with our blogs. I’ve searched high and low on the web for information to help decode the GDPR rules. If you want to read the official rule from the official EU site then you are welcome to here. Those of you interested in the UKs ICO (Information Commissioners Office) can read more on GDPR here, their website is easier to understand and has the self-assessment questionnaire on whether you need to register your business with them. There are lots of other sites out there some of them with conflicting information so be careful on what you read and try to verify it, or if you feel like it try to read the actual law on GDPR (😱!!!) I’ve found these websites to be a good resource though with this one targeted towards sites, but it’s got good information for all bloggers. The last website I found is a blog, it’s the first useful blog I found on this and mentions a lot of detail which the blogger has interpreted from the GDPR rules. Worth reading if you want to here.

Don’t Worry

As I’ve said, GDPR compliance is not too difficult for the average blogger and on I’m sure there will be updates released soon to make this easier to do. For the average blogger, a lot of our sites and various plugins we have installed with be GDPR compliant but it’s important to check what we do and be aware that if our blogs change we are transparent with the public who read our blogs and at the very least we could all send them to WordPress/Automattic’s privacy policy.

If you want to write out a privacy policy then it’s won’t be too hard. Check out some other websites for details on how they explain their own privacy policy or see the above link to automatic’s policy. Whether my own policy is correct or not or whether I’ve included too much information or not enough is something I’m not sure 100% about. But as long as I keep everyone informed of what information is collected and how they have a right to know and have it deleted then hopefully everything will be alright. Remember if you do handle personal information, even things like personal addresses which do happen to bloggers who hold competitions you have to handle that personal information carefully.

Let me know how you cope with the new GDPR rules and if you believe anything I’ve stated is wrong don’t be afraid to say so, as I said I’m no lawyer, I’m just doing my best to interpret the new law.

Note: At the time of writing this the EU Cookie banner widget is faulty and causes a refreshing of the page each time it is clicked. Apologies if it’s making you go around in circles, try to ignore it and read on.

Featured image from

Did you know about the GDPR rules? Does it affect your blog or website? Are you happy for the new privacy law in terms of your rights to your own data or is the whole GDPR thing a bit of a headache for you at the moment? Let me know any thoughts I’d love to hear from you 🙂

Don’t forget to follow My Peacock Books in these locations so you won’t miss the next post. Just click on the links below 🙂 :

Facebook ~Twitter ~ Google+ ~ Instagram ~ Pinterest ~ Goodreads ~ Bloglovin’ ~ StumbleUpon

40 thoughts on “GDPR: What Should You Do As A Blogger? #MPBooks

  1. Reblogged this on ThoughtsnLifeBlog and commented:
    Are you GDPR read. Yesterday a new law came out in the EU that means every international blogger is impacted. Cat of My peacock books blog shares the ins and out very well. You are advised to read.
    Ps UK bloggers this applies to you too, brexit doesnt stop its application as the UK gov have said we are in. But this applies to the rest of the world too. Dont be scared, read up and take action, tge deadline was yesterday.

    Liked by 1 person

  2. Cat, have you been speaking to wordpress? Is wordpress the data controllers or data processor? Because whether we pay or are free users they utilmately hold the data and they are in the usa and if they have a breach it impacts us. I guess do have more to worry about and they have tell us more.. because how can we be sure what they are doing with our comment data?

    I am impressed with your hard work here.

    Liked by 1 person

  3. Reblogged this on What We Want (www) and commented:
    It’s easy to get overwhelmed with the new GDPR requirements especially if you’re just starting out as a blogger or still in the process of being firmly rooted. My Peacock Books has done an awesome job demystifying the complexities surrounding the policy setup to give beginners a pretty straightforward method of being on the right side of this new regulation. I’m getting set to implement what I’ve learned, just thought to share with you. Enjoy!

    Liked by 1 person

  4. Thank you for all your research and help, Cat. I must admit I am hopelessly at sea here and still don’t understand most of what we have to do! I will try to write a page of my own but will also re-blog this post, if I may xx

    Liked by 1 person

Phoenix the Peacock's waiting to hear what you think!

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.