LEGAL DISCLAIMER: This is NOT legal advice and I am NOT a legal professional. I have combed through many articles and information available on the topic of GDPR and have tried to summarize the main points as it relates to blogging. With this in mind, it is YOUR responsibility to further research this topic to ensure your blog is in compliance. If you are a Christian blogger physically located in the EU, you will have additional criteria to address.
BE SURE TO PIN ME FOR LATER
What is GDPR?
GDPR is short for General Data Protection Regulation. It is a regulation (law) that came about in the last couple of years and is meant to keep the data of EU citizens safe and secure. The short version is that it is simply a set of measure to ensure their privacy when they visit a website.
While GDPR is specific to citizens of the European Union, ensuring data privacy isn't a new concept. In the United States, for example, we regularly practice data protection by using passwords, protecting personal data such as social security numbers, birthdates, etc.
The internet and digital age have made it even more important that we ensure safeguards are in place to protect data against hackers. The EU has very strict compliance requirements for anyone who interacts with its citizens.
Who Must Comply:
The terminology used in most GDPR information articles often gives the impression that GDPR is only for the bigger websites operated by larger companies. Since websites (blogs) are accessible from anyone with Internet access, your site may have traffic from the EU, which means you must ensure compliance.
More specifically, if you have an online presence (a website) and do or use any of the following, you MUST be in compliance:
- Use Google Analytics (or another tracking program)
- Collect email addresses
- Collect credit card information
Basically, if you have a website that isn't strictly marketing to a particular geographic area (like a local business website), you need to be in compliance. As a Christian blogger, your content is accessible to anyone with an internet connection across the planet, including residents of the EU.
How to Ensure GDPR Compliance
There are three main areas that must be addressed for compliance:
- You must have a “lawful basis” for collecting and processing data.
- You must ensure you obtain explicit consent in an obvious and transparent manner.
- You must ensure you comply with the rules, protect the data, and be prepared to be held accountable.
1. Lawful Basis for Collecting and Processing Data.
There are six basic categories that constitute a lawful basis. Consent would be the most likely basis for bloggers (in my opinion). Consent means you can legally collect and process their data because they physically gave you permission to do so. The important thing to remember is to be transparent in your legal basis and keep documentation of that consent (covered later).
2. Obtain Consent in an Obvious and Transparent Manner.
When you collect personal information, you must always be blatantly obvious and upfront about doing so. Assumed consent is not allowed. When asked to provide their email (or other information), they must be clearly informed of what they are subsequently agreeing to.
You should avoid the tactic of making consent a precondition of a service (such as joining your email list to get a freebie). You can still ask for emails as a means to grow your list, however, there are specific requirements that need to be in place (discussed later).
3. Comply with Rules, Protect Data, and Accountability
It is very important that you make every effort to comply with the rules and regulations for protecting the data of your users. While most of us bloggers will probably never make it to the radar of the “GDPR Enforcers,” we know that the enemy is always looking for ways to keep us from spreading God's love. This would be such an easy way to do that.
GDPR Action Steps for Bloggers
As I mentioned before, I am not an attorney, but simply combed through the information to decipher the key components that apply to bloggers. The GDPR information is NOT in black and white and many areas are subject to interpretation. As Christian Bloggers, we should err on the side of caution and not try to “wing it” because, again, the enemy is watching!
** In addition to the things outlined here, Christian bloggers that are physical residents of the EU must also register with the Information Commissioners Office (ICO) and pay a fee.
Actions on Blog/Website
The following are things on your physical website that need to be addressed to be in full compliance.
- Plugins: Ensure you delete unused plugins and keep active plugins updates. Although most updates are for functionality, some may include crucial security updates to protect against newer threats.
- Giveaways and Contests: Conducting giveaways and other contests are a great way to build your email list. You can NOT, however, make it mandatory to join your list in order to participate in the giveaway or contest.
- Contact Forms: If you use an actual contact form on your site, ensure you are only collecting NECESSARY information. Typically, this would be a Name and Email Address (for you to reply to them). You have no real need to ask for information beyond name and email (do not ask for birthdates or other personal info). Once you've emailed them, you should delete their information from your site. If, however, they respond back to your email and a conversation follows, you can, if appropriate, offer them the opportunity to join your email list and provide them the sign-up link. NEVER add subscribers manually because then you have no proof of consent to being added.
- Comment Settings: You should not make it mandatory to enter an email address in order to leave a comment. You can have the box there, but it should be optional. If using a comment plugin, ensure you don't have the settings to where a reader must log in with their WordPress account or other social media. Use Comment Spam protection such as Akismet to prevent spam comments. If you are concerned with “comment trolls,” set your comments to require admin approval before showing in the feed.
- Subscriber List Forms (Optin forms): When you collect an email address from a reader, you must make it abundantly clear the exact purpose for which you will be using it. You can NOT make it mandatory for a reader to sign up for your email list in order to benefit from the freebie you are openly offering on your site. Additionally, you need to set up your subscribe sequence (explained in the next section) in a particular way to ensure compliance is met and to provide a paper trail for proof of consent being given.
– For example, I have an affiliate program for the courses that I offer. When I ask new affiliates to sign up for the Affiliate Email list, I let them know they will ONLY receive emails related to being an affiliate (new courses, new promotional images, new training videos, tips for increasing their sales, etc). If they want to receive regular blogging tips, I invite them to subscribe to my Blogging Tips email. Make sure what you send your list is what they signed up for!!
Email Subscribers & Email Settings
There has been a lot of fretting over GDPR compliance with regard to email subscriber lists. Some of you may worry about losing subscribers because of all the “ticks here and ticks there” but these added measures not only keep you in compliance but also help keep your email list full of people who genuinely want to follow you and receive your emails.
1 – Enable Double Optin for All Forms
Using double optin requires your reader physically go check their email and take an additional step to confirm they want to be added to your list. While this may seem like an unnecessary step and an additional burden for your reader, it is actually quite useful for building a quality email list. By taking that extra step, your reader is confirming they are interested in your content and are more likely to open your emails.
Be sure you are spelling out exactly what you plan to send them via email! An example would be:
“By confirming above, you are granting permission for Kingdom Bloggers to send you additional emails which may include new blog posts, tips for building and growing your Christian Blog Ministry.”
If offering a freebie as part of your optin form, you should add the link to download or access the free item in the confirmation email. Keep in mind, they do NOT have to subscribe to get the freebie, but by getting them to this page, you are more likely to get them to confirm.
3 – Ensure the UNSUBSCRIBE BUTTON is highly visible
Your Unsubscribe button should be set apart from other text so it is easy to find and click on if they no longer wish to receive your emails. Do NOT place in the middle of a paragraph of other, non-related text.
- The purpose of processing their data
- The lawful basis for processing their data
- Categories of personal data that might be collected
- Retention period or criteria used to determine the retention period
- The legitimate interests of the controller or third party (where applicable)
- The existence of each data subject's rights
- The right to withdraw consent at any time
- The right to lodge a complaint
- Identity and contact details of the controller
**You must also provide prompt notice of any data breaches that may occur (your site was hacked, etc).
As I stated before, we at Kingdom Bloggers are NOT attorneys and this is not legal advice. This is simply a summary of the information that is floating around to help you sift through the stuff you need to know as a Christian blogger. I also recommend you take a listen to Amy Porterfield's interview with an attorney on the subject of GDPR.
Be sure to read these additional posts about Christian Blogging Tips:
- The Truth About the Yoast Plugin
- The Sneaky Jesus Approach to Christian Blogging
- The Truth About Blogging Stats
- The Truth About Blog Traffic