For the last few weeks, I’ve been trying to wrap my head around the new GDPR (General Data Protection Regulation) which goes into effect on May 25, 2018. I’m starting to get clear on how it affects me and other authors. This is my first blog post about GDPR, but I expect it won’t be my last.
First, the standard disclaimer: I am not a lawyer and this blog post is not legal advice. This blog post is an attempt to explain in simple language what I’ve been learning. This post may not be completely accurate, but it’s my best shot.
What is GDPR and Why Should You Care?
The GDPR is a regulation created by the European Union to protect the personal data of European citizens. It applies to anyone who is offering goods and services (free or paid) to people in the European Union. That means if you have a website or blog that could ever be visited by someone from the EU, the GDPR applies to you.
You may be thinking that you don’t collect any personal data, so how could the GDPR apply to you? If you really don’t collect any private data at all, then you still need a privacy statement that says so. And that privacy statement needs to be clearly posted on your website or blog.
But don’t be so sure you’re not collecting any private data at all. Websites are complicated beasts with a lot of moving parts under the hood. Here are some ways you may be collecting private data on your website or blog that you may not have thought of:
- Do you have a contact form that lets people email you?
- Do you have an email newsletter list?
- Do you allow people to post comments on your blog or your website?
- Are you an affiliate of Amazon or Apple iBooks or any other online store?
- Do you have Facebook Like buttons? Or Twitter Tweet buttons? Or any other social media buttons?
- Do you track visitors to your site with Google Analytics or some other tracking tool?
- Do you have any sort of cookies on your site?
- Do you have a Facebook “pixel” on your site?
- Do you use Feedburner for your blog?
- Do you use a spam protection service, such as Akismet?
And there are hundreds of other ways your blog or website might conceivably be collecting personal information.
Now, it’s not wrong to collect and use personal information. That’s what allows you to serve people. But when you collect people’s personal information, such as names or email addresses, the GDPR says that you need to provide people with basic information: Who you are, what data you’re collecting and why, how long you hold on to that data, who you share that data with, how people can find out what data you’ve collected about them, how people can tell you to delete their data, and who they can contact in case they have questions.
You may be thinking this is getting complicated. Yes, it is a bit, but remember, this is for a good cause. This will benefit you. You will now be able to find out who has your personal data and what data they have. You will now be able to make them delete your personal data if you ask. Here’s why you will get this benefit: The GDPR gives European citizens the right to control their personal data. Therefore, virtually all websites and blogs will provide that right to Europeans—and at the same time, they’ll provide the same right to everyone else in the world, including you. (There may be a few sites that will find the GDPR too onerous and will refuse to serve European citizens. But the vast majority of sites are going to follow the GDPR.)
If you have a blog or a website, there are several things you need to do to get ready for GDPR. And the deadline is May 25, so now is a good time to begin.
So what do you need to do in order to make sure your website or blog is GDPR-compliant? What actions do you need to take?
That depends on what your site does. Most authors have simple “brochure websites” that will probably not take too much tweaking to get compliant.
In this blog post, I’ll talk only about the first step in the process. I don’t think you can do anything else until you take this first step.
In the old days, people put a one-line statement on their e-mail signup form that said something along the lines of “I respect your privacy and would never spam you.”
As you can see, it’s got some legalese built into it. I didn’t write that policy. I got it from a company named Iubenda that specializes in writing Privacy Policies for websites. They have a free Basic version. The Pro version costs $27 per year. I don’t remember the different between the Basic and Pro versions, but I paid for the Pro version. Iubenda generates the policy for you and keep it constantly up to date. If you need to make changes at any time, you can just click a few buttons and update your policy at no extra charge.
Here’s my affiliate link to their site: http://iubenda.refr.cc/2N349LZ
If you don’t want the discount for yourself nor the affiliate fee to go to me, I’m OK with that. You can just use this non-affiliate link: http://iubenda.com You’ll pay full price and I’ll get nothing. I would recommend Iubenda even if they had no affiliate program, because I think they do a good job at a fair price. I’ve been using their service for quite some time and I am happy with it.
At the end of the process, Iubenda gives you a link to your policy. They host the policy on their site, so if they ever change the language to meet new regulations, it’s always up to date. You can put that link on your own site, and you’re good.
If you’re using WordPress, there is a plugin named Head, Footer, and Post Injections that lets you put a link in the header or footer of every page of your site. If you don’t know how to do this yourself, then you probably have a webmaster who does. Do it promptly and then check to make sure it’s right.
And Finally You Need a Cookie Solution
There’s more to GDPR
I haven’t yet done these next two steps, but I think I know what to do. I’ll be working on those shortly, and as soon as I’ve got them done, I’ll try to blog about it here (if I have the energy). That way, you can benefit from what I learn. And I hope that if I make any mistakes along the way, one of my Loyal Blog Readers will tell me where I’m wrong, and again we’ll all benefit.
If you’re thinking this is all a massive pain in the butt, well, I can’t disagree. I wish it were all super easy. But the reality is that this is going to take most people a few hours to get it done. And the clock is ticking.