Your European viewers are dead. Not physically, but they’re dead to your site unless you’re compliant with GDPR.
After it went into effect in 2018, the EU countries will block access to any non-compliant GDPR site. That’s a lot of traffic and or conversions you’re missing out on.
Want to know how to be GDPR compliant? Read below.
An Overview of GDPR
The general data protection regulation (GDPR) came into play in April of 2016. That’s when it was passed by EU governments, at least. We didn’t see it take effect until 2018.
The law is meant to protect people from businesses who use and abuse their data to manipulate them into making sales. It’s also a response to things like the fake-news crisis in America and, though this hadn’t happened at the time, the Cambridge Analytica scandal.
And it’s well needed. 2016 was the year that Amazon put out Alexa, which can record what you say to it to “learn” how to serve you better.
The law is on the books in all EU states, including England, which hadn’t done their Brexit vote yet, at the time the law passed. They could choose to make getting out of it part of their Brexit plan.
The Pillars of GDPR
The bill is long and full of legal jargon, but there’s one main goal. Which is, to keep companies accountable for how they use and collect everyone’s data on their sites or through apps.
The first pillar of the bill states that businesses have to tell consumers when they’re collecting data. You’ll see this as a popup, usually on the bottom of the site, which asks you to confirm that you understand your data is being collected.
This data isn’t your name and location, at least, it’s not your exact location. That’s where the second pillar comes in.
Another requirement of the bill was that companies couldn’t collect as much data as they were before. Certain identifiers had to be taken out of collection software to better protect the citizens.
Third, companies are now required to let their users know if there’s a data breach, so they can take steps to secure their information.
Businesses are also responsible for making sure that their data safely transfers over borders – which is where international blogging comes in.
If your blog has visitors from a GDPR country, you have to put GDPR measures in place.
Which is why many businesses that get traffic from overseas have decided to comply with GDPR regulations, though they’re not US law.
If you don’t put measures into place and you in any way market to the EU, your website will be inaccessible from GDPR countries.
How to Make GDPR Changes on Your Site
Okay, now that you know the importance of being GDPR compliant, let’s talk about how you can get there.
It will require installing some new software and doing a lot of data work or auditing. If you pay someone to collect or process your data for you, you’ll have to make sure they’re following the same regulations.
But that’s still too big-picture. Let’s break down getting compliant step by step below.
Step 1: Educate Employees
As a blog, you likely don’t have employees. But you may have contractors, like the people that do marketing or upkeep on your site.
You’ll need to let them know that you’re putting GDPR regulations in place on your site, and make sure they’re onboard.
You may need to ask your web designer to install a pop-up, the kind that lets users know you’re collecting their data.
Step 2: Consider Your Current Data Library
If you have data from before GDPR, you need to do an information audit. Since you’re in the states, this isn’t 100% necessary, but it’s good practice.
Make sure that the data you have is GDPR compliant, and if it’s not, change what you collect in the future to match regulations.
Step 3: Rewrite Your Privacy Notices
Step 4: Consider Age-Range
GDPR bans people from collecting data from minors unless they have their parents permission. There is no true way to verify that online, so many people have an age wall built into their consent notification.
As part of the text, it’ll say something like “By clicking okay you’re agreeing that you’re 18 years of age and that you allow our site to collect information about you and your browsing habits so we can serve you better”.
Step 5: Make a Breach Plan
Finally, you’ll need to write down how you’ll detect and respond to data breaches, should they ever happen on your site.
How will you investigate the source of the breach and what actions will you take to make sure it doesn’t happen again. This can be listed on one of your policies pages, and accessible to the public.
Learn more about why you should spend the money on an ultra-secure website. (Hint, it’ll save you money in the long-run)
How to be GDPR Compliant
There are 99 different articles, or pillars, as we called them, in GDPR’s text. That’s a lot of things to keep track of and a lot of boxes to check off.
That’s why that Microsoft tool we linked to above is so helpful.
Now you’re probably thinking – is doing all this worth it? You should only learn how to be GDPR compliant if you value your European site traffic.
If that’s not where the majority of your audience is, whether or not you GDPR up is up to you.
Need some plugins to make dealing with GDPR easier? Click here.