The Truth About Data Privacy – GDPR for Christian Bloggers

LEGAL DISCLAIMER: This is NOT legal advice and I am NOT a legal professional. I have combed through many articles and information available on the topic of GDPR and have tried to summarize the main points as it relates to blogging. With this in mind, it is YOUR responsibility to further research this topic to ensure your blog is in compliance. If you are a Christian blogger physically located in the EU, you will have additional criteria to address.


GDPR for Christian Blogs

This post may contain affiliate links. You can read my full affiliate disclosure here.

What is GDPR?

GDPR is short for General Data Protection Regulation. It is a regulation (law) that came about in the last couple of years and is meant to keep the data of EU citizens safe and secure. The short version is that it is simply a set of measure to ensure their privacy when they visit a website.

While GDPR is specific to citizens of the European Union, ensuring data privacy isn’t a new concept. In the United States, for example, we regularly practice data protection by using passwords, protecting personal data such as social security numbers, birthdates, etc.

The internet and digital age have made it even more important that we ensure safeguards are in place to protect data against hackers. The EU has very strict compliance requirements for anyone who interacts with its citizens.

Who Must Comply:

The terminology used in most GDPR information articles often gives the impression that GDPR is only for the bigger websites operated by larger companies. Since websites (blogs) are accessible from anyone with Internet access, your site may have traffic from the EU, which means you must ensure compliance.

More specifically, if you have an online presence (a website) and do or use any of the following, you MUST be in compliance:

  • Use Google Analytics (or another tracking program)
  • Use cookies
  • Collect email addresses
  • Collect credit card information

Even though you may not specifically target residents of the EU with your blog content, they may come across it via search engine searches. You may think you don’t do any of these things, however, the use of 3rd party services such as Google Analytics and the plugins used on your site do use them so you must notify your readers. Also, web browsers (Chrome, etc) use cookies on your site.

Basically, if you have a website that isn’t strictly marketing to a particular geographic area (like a local business website), you need to be in compliance. As a Christian blogger, your content is accessible to anyone with an internet connection across the planet, including residents of the EU.

How to Ensure GDPR Compliance

There are three main areas that must be addressed for compliance:

  1. You must have a “lawful basis” for collecting and processing data.
  2. You must ensure you obtain explicit consent in an obvious and transparent manner.
  3. You must ensure you comply with the rules, protect the data, and be prepared to be held accountable.

1. Lawful Basis for Collecting and Processing Data.

There are six basic categories that constitute a lawful basis. Consent would be the most likely basis for bloggers (in my opinion). Consent means you can legally collect and process their data because they physically gave you permission to do so. The important thing to remember is to be transparent in your legal basis and keep documentation of that consent (covered later).

2. Obtain Consent in an Obvious and Transparent Manner.

When you collect personal information, you must always be blatantly obvious and upfront about doing so. Assumed consent is not allowed. When asked to provide their email (or other information), they must be clearly informed of what they are subsequently agreeing to.

You should avoid the tactic of making consent a precondition of a service (such as joining your email list to get a freebie). You can still ask for emails as a means to grow your list, however, there are specific requirements that need to be in place (discussed later).

3. Comply with Rules, Protect Data, and Accountability

It is very important that you make every effort to comply with the rules and regulations for protecting the data of your users. While most of us bloggers will probably never make it to the radar of the “GDPR Enforcers,” we know that the enemy is always looking for ways to keep us from spreading God’s love. This would be such an easy way to do that.

GDPR Action Steps for Bloggers

As I mentioned before, I am not an attorney, but simply combed through the information to decipher the key components that apply to bloggers. The GDPR information is NOT in black and white and many areas are subject to interpretation. As Christian Bloggers, we should err on the side of caution and not try to “wing it” because, again, the enemy is watching!

** In addition to the things outlined here, Christian bloggers that are physical residents of the EU must also register with the Information Commissioners Office (ICO) and pay a fee.

Actions on Blog/Website

The following are things on your physical website that need to be addressed to be in full compliance.

  • Site Security: Part of GDPR-compliance is ensuring that your visitors’ data is protected. Your privacy policy (discussed later) has a section that states your site is secure. One of the most common areas that is in direct violation of this is having a domain that isn’t secure. First, you MUST have a domain that is HTTPS (not HTTP). This means you have an SSL encryption certificate installed which protects your domain from outside hacking. Second, if your web address (when you view the site as a visitor) doesn’t have the padlock showing, your site is not fully secure. This can happen for a variety of reasons but if the padlock isn’t showing, you can simply test the URL through WhyNoPadlock and it will identify the issues for you to correct.
  • Cookies: You MUST let visitors know that your site uses cookies and how they can disable it if they want to. Whether you realize it or not, cookies are used by web browsers, Google analytics tracking, third-party ad services (Google Adsense, etc), and other third-party services used on your site such as social sharing and other plugins. There are many plugins that make it easy to accomplish this. Kingdom Bloggers uses Cookie Notice by dFactory.
  • Plugins: Ensure you delete unused plugins and keep active plugins updates. Although most updates are for functionality, some may include crucial security updates to protect against newer threats.
  • Visible Privacy Policy: Your site must have a Privacy Policy and it must be visible and easy to locate by visitors. Be sure to keep it current and update it as needed. Entrepreneur Legal Corner has a GDPR-compliant template to make it easier for you to create one.
  • Giveaways and Contests: Conducting giveaways and other contests are a great way to build your email list. You can NOT, however, make it mandatory to join your list in order to participate in the giveaway or contest.
  • Contact Forms: If you use an actual contact form on your site, ensure you are only collecting NECESSARY information. Typically, this would be a Name and Email Address (for you to reply to them). You have no real need to ask for information beyond name and email (do not ask for birthdates or other personal info). Once you’ve emailed them, you should delete their information from your site. If, however, they respond back to your email and a conversation follows, you can, if appropriate, offer them the opportunity to join your email list and provide them the sign-up link. NEVER add subscribers manually because then you have no proof of consent to being added.
  • Comment Settings: You should not make it mandatory to enter an email address in order to leave a comment. You can have the box there, but it should be optional. If using a comment plugin, ensure you don’t have the settings to where a reader must log in with their WordPress account or other social media. Use Comment Spam protection such as Akismet to prevent spam comments. If you are concerned with “comment trolls,” set your comments to require admin approval before showing in the feed.
  • Subscriber List Forms (Optin forms): When you collect an email address from a reader, you must make it abundantly clear the exact purpose for which you will be using it. You can NOT make it mandatory for a reader to sign up for your email list in order to benefit from the freebie you are openly offering on your site. Additionally, you need to set up your subscribe sequence (explained in the next section) in a particular way to ensure compliance is met and to provide a paper trail for proof of consent being given.

 – For example, I have an affiliate program for the courses that I offer. When I ask new affiliates to sign up for the Affiliate Email list, I let them know they will ONLY receive emails related to being an affiliate (new courses, new promotional images, new training videos, tips for increasing their sales, etc).  If they want to receive regular blogging tips, I invite them to subscribe to my Blogging Tips email.  Make sure what you send your list is what they signed up for!!

Email Subscribers & Email Settings 

There has been a lot of fretting over GDPR compliance with regard to email subscriber lists. Some of you may worry about losing subscribers because of all the “ticks here and ticks there” but these added measures not only keep you in compliance but also help keep your email list full of people who genuinely want to follow you and receive your emails.

1 – Enable Double Optin for All Forms

Using double optin requires your reader physically go check their email and take an additional step to confirm they want to be added to your list. While this may seem like an unnecessary step and an additional burden for your reader, it is actually quite useful for building a quality email list. By taking that extra step, your reader is confirming they are interested in your content and are more likely to open your emails.

Be sure you are spelling out exactly what you plan to send them via email! An example would be:

“By confirming above, you are granting permission for Kingdom Bloggers to send you additional emails which may include new blog posts, tips for building and growing your Christian Blog Ministry.”

If offering a freebie as part of your optin form, you should add the link to download or access the free item in the confirmation email. Keep in mind, they do NOT have to subscribe to get the freebie, but by getting them to this page, you are more likely to get them to confirm.

2 – Provide a link to your Privacy Policy in every email.

At the very end of the email, simply a line of text and link to the Privacy Policy on your site.

3 – Ensure the UNSUBSCRIBE BUTTON is highly visible

Your Unsubscribe button should be set apart from other text so it is easy to find and click on if they no longer wish to receive your emails. Do NOT place in the middle of a paragraph of other, non-related text.

Privacy Policy

Under the transparency part of GDPR, you’ll need to address the following information in your privacy policy.

  • The purpose of processing their data
  • The lawful basis for processing their data
  • Categories of personal data that might be collected
  • Retention period or criteria used to determine the retention period
  • The legitimate interests of the controller or third party (where applicable)
  • The existence of each data subject’s rights
  • The right to withdraw consent at any time
  • The right to lodge a complaint
  • Identity and contact details of the controller

**You must also provide prompt notice of any data breaches that may occur (your site was hacked, etc).

While some of these may sound very “legal” and you may not fully understand exactly what the mean, you can use a GDPR-compliant Privacy Policy generator to draft yours. You will be asked a series of questions about your site and the generator will draft a policy based on your responses.


As I stated before, we at Kingdom Bloggers are NOT attorneys and this is not legal advice. This is simply a summary of the information that is floating around to help you sift through the stuff you need to know as a Christian blogger. I also recommend you take a listen to Amy Porterfield’s interview with an attorney on the subject of GDPR.

If all this legal jargon really confuses you to the point that you aren’t quite sure how to draft your Privacy Policy and other legal pages, you can check out Marian @ Entrepreneur Legal Corner. She is an attorney turned entrepreneur and has created legal templates for everything you need to keep your blog legal.

Be sure to read these additional posts about Christian Blogging Tips:

Sharing is caring!

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top