Is your blog GDPR ready?

GDPR for bloggers – Is your blog GDPR ready?

I only learned about GDPR recently when a news article about it was retweeted onto my Twitter feed. GDPR stands for General Data Protection Regulation and it essentially replaces the Data Protection Act of 1996. But what exactly does this have to do with our blogs and websites? EVERYTHING! I’ve researched into exactly what I need to do to make sure my blog is GDPR compliant and thought I’d share my results on the blog today.

Disclaimer – This post is not legal advice. For full information and guidance, please visit the GDPR site for professional legal advice. I am not an expert or lawyer therefore I cannot be held liable for any advice taken from this article.

Does your site use cookies? Time to update your plug-in!

Under current EU legislation, any site that uses cookies needs to have a disclaimer stating as such. Most sites simply have a little pop up at the bottom of their homepage stating so and by visiting this site, you have agreed to the use of cookies. But the days of implied consent are now gone. With the implementation of GDPR, users must be given the option as to whether to accept cookies or not.

This change in the rules could be a potential headache if your current cookie plug-in provider chooses not to update to the new rules. There is currently only one plugin (called Cookiebot) which claims to be GDPR compliant for cookies but I’d like to think that most, if not all of the cookie plug-ins will update to reflect these new rules. For now, I’m holding off on installing anything in the hope that most, if not all cookie plug-ins update to reflect these new rules.

Accept comments? Mailing lists? Consent is cool!

It’s not all just about cookies though with this new legislation. It’s all about consent and giving visitors to your site a choice! If your blog currently accepts comments either through WordPress or a 3rd party plug-in, you must now get user consent to storing their information. But why would we need to get permission for this I hear you ask? Essentially, you must gain user consent for any information you obtain that enables you to identify who they are. For most comment plug-ins, you will obtain a user’s name, email address and IP address, enough information for you to be able to identify who they are. So for this, you must now obtain consent. Thankfully there is already a plug-in for this! The WP GDPR Compliance plug-in currently adds this consent to both WordPress contact forms and comments with more to come in the future. Definitely check it out!

If your blog has a mailing list then it’s time to check if your plug-in or provider is GDPR compliant. For most, this will be Mailchimp. I personally don’t use any sort of subscription service but if you do, it’s worth contacting your provider to see their plans for getting GDPR compliant.

But we’re leaving the EU, this won’t matter to us Brits right?

This may be an EU law but any website that obtains user information must adhere to these rules. So sorry Brexiteers, you ain’t getting out of this one! Facebook, Google, Amazon, Bebo (lol) all have apply to these new rules for EU citizens so unless you can guarantee that all your traffic is UK only then these be the rules.

Do I need to sign up for ICO?

The ICO (Information Commissioner’s Office) is a UK body for upholding information rights. I’ve seen quite a few articles state that bloggers have to register with the ICO at the cost of £35 per year. This is not necessarily the case! The ICO website has a quiz that you can do which can determine whether you need to register or not. Please do take this quiz and if you’re still not sure whether you need to register or not – contact them and ask!

Update your Privacy Policy!

Yes, unfortunately this means we have to update our privacy policies to reflect these new rules. This is probably the most frustrating bit as we have to write it ourselves! In your privacy policy, it is recommended that you write in detail what information you obtain from visitors to your site, why you obtain this information and how it will be used. You also need to let visitors to your site know how to have this information deleted at any time at their request. Relay all of this information in your privacy policy and you should be covered.

The bottom line

This all seems like a bit of a nightmare but it’s actually a good thing. For too long, large multi-national corporations have been mining user data and selling it without us knowing. It’s about giving us back our right to privacy and I for one think it’s a good idea. At the end of the day, as long as you are making it clear how and why you obtain user information, you’ll be fine. Someone leaves a comment on a blog post – cool, just don’t take that email address and add it to your mailing list. I hope that you have found this blog post informative and helpful. I don’t claim to be correct or have all the answers, this is just my understanding of the situation. Please do check out the GDPR website for more information.


  • You totally nailed it Liam. I’ve been looking at GDPR for work and have been dreading getting my head around it for my blog. You are the first article aimed at bloggers that has actually suggested some sensible solutions! Thank you so much 😀

Leave a Reply

Your email address will not be published. Required fields are marked *