GDPR Compliance for blogger hosted blogs

One of the most discussed topic in blogger community this month is the GDPR Compliance. Unless you’re totally inactive, you would have come across this term and wondered what exactly you need to do as a blogger in order to be GDPR compliance.

Like many concerned bloggers I also spent some time checking around what is this, what I need to do and so on. In this post, I am making an attempt to explain the GDPR Mandate and its implications on bloggers. I was greatly assisted by Travel & Fashion blogger Bhushavali Natarajan, who is currently based in Europe and has seen these from close quarters. Swati Naik also provided some inputs.

What is GDPR?
GDPR is General Data Protection Regulations, mandated by EU to protect interests of EU citizens and their data privacy interests. At a high level, it mandates the following
  • If you’re capturing any data from your users/visitors, you should seek consent
  • You should disclose how you’re planning to use data captured in #1 above
  • You should given your visitor an option to opt out or get their personal data removed if they wish
What kind of data do bloggers capture? Why does GDPR guidelines apply to blogs?
Most blogs don’t mandate any user registration or sign up to view the posts. Bloggers publish their text, photo and videos and visitors from all over the world access it to read/view these content. Blogs are not a standalone website in most cases- they are hosted on platforms like blogger and wordpress, which handle most of the technical stuff, including data capture, hosting and so on. Bloggers usually focus on content and the matters that are important to GDPR are typically under the control of platforms that host the blog. Thus it is imperative these platforms (blogger, wordpress) provide essential support to comply with GDPR guidelines. From what I understand both blogger and wordpress are providing required support for bloggers to be GDPR compliant- so there’s nothing much to worry. In this post though I am focusing more in blogger hosted blogs. Refer Karthik's post for wordpress specific guidelines.

What kind of data do blogs collect?
It is important for bloggers to understand what all user data are collected on the blogging platform you use. Below is a snapshot of typical activities that happen on a blog
#
Activity
Data captured/
Remarks
1
Readers access the blog
IP Address & Demographics is captured by tools like Google Analytics

Cookies may be placed in visitor’s browser
If you’re using different tracking tools take appropriate steps
2
Readers leave a comment
Name, email, website info or other information captured while submitting a comment

3
Subscribes by email
Email ID

4
Clicks on a link/button etc
Navigation to destination site or whatever action facilitated by the link/button  (like tweeting/sharing)


How to comply with Data Privacy/GRPR guidelines?
#
Data Captured
Compliance Action
Remarks
1
Cookies
Blogger has added required feature- a popup automatically comes up seeking consent from readers whenever the blog loads in a European country- Refer screenshot below
If you have other tracking tools/too many plugins there could be issues- Each blogger should ensure that this popup actually appears
2
IP Address
Google Analytics lets you define how long this data will be retained. Default is 26 months.

Blogger needs to login to analytics account, go to privacy-data tracking- select retention duration

3
Leaving a comment
Could not find clear guidelines on this- anyway commenting is an optional activity.

Supporting Anonymous comment will give full control to visitors

In other cases there should be a way for someone to get their old comment removed, if they so wish. I believe providing a policy page and contact information is good enough
External platforms like Disqus may have their own way of complying with GDPR- Pls check
4
Email subscription
Every brand is bombarding their email subscribers to reconfirm their subscription, resulting in tons of spam.

Email subscription platform Feedblitz says reconfirmation is NOT necessary for those who have subscribed via dual opt-in (User enters email on your blog to subscribe, then Feedblitz sends them a mail to confirm and only upon confirmation they will be added to mailing list.

Do check feedblitz FAQs here. You may refer to emailing system you’re using-should be similar.

5
Clicking on a link/Button
I am assuming there’s nothing we need to do on this- it is responsibility of destination website to comply with GDPR once users land on their site from yours.

Blogger Cookie consent info in blogger dashboard
Feedblitz FAQ

Above are the typical activities that happen on a blog. If you’ve added lots of widgets, trackers and other customization, do review them to check if they catch user’s personal data. If they do, check how it is stored and used and if there’s any risk. Unless you’re confident that widget is safe and compliant, you might want to remove them or add some warnings.

What have I done to my blog in order to comply with GDPR?
  • I created a privacy page that explains what data is captured in my blogs, how they are used and what a user needs to do if it has to be removed.
  • I’ve ensured that cookie confirmation popup does appear when my blog is accessed from Europe
Cookie consent
  • I’ve logged into Analytics account, ensured purging settings is at 26 months
Disclaimer: I do not claim to be an expert or authority in GDPR guidelines. This post is based on my personal research, thoughts and interpretation, along with inputs from blogger friends mentioned earlier and is compiled with best intention of informing and helping fellow bloggers. Please cross check against more official, authoritative sources if you have a doubt or wish to be doubly safe. I do not accept any liability if information given in this post is not correct or causes you any inconvenience or loss.

2 comments:

  1. I really appreciate the efforts you have taken for penning down this post. Thanks for sharing!
    www.docdivatraveller.com

    ReplyDelete

Appreciate your efforts and interests to comment. Comments may be moderated due to increased spam. Will ideally respond to comments within few days.Use Anonymous option if you don't wish to leave your name/ID behind- Shrinidhi

Powered by Blogger.