GDPR FOR BLOGGERS 18


GDPR FOR BLOGGERS

I am sure that by now you have heard about the GDPR and have even begun to make changes to your blog to try to comply with this new standard. I have searched for information about this, especially in regards to what we have to do, the administrators of our blog sites, and I have not found any information on how to do this concisely. I have only found general information, that to meet X you have to do Y, but they do not say exactly how to do it. That is why I decided to do this article where I will explain exactly what I did and why.

The GDPR (General Data Protection Regulation) is a data protection regulation for all European citizens that was created  2 years ago and that has already started to be enforceable as of May 25, 2018. This regulation affects all the sites of the world since it is impossible to know when a European citizen uses our sites because he or she can be on vacation or they can live in a non-European country and if they access online sites from outside Europe, the GDPR is still endorsable.

I do not want to abound much in what is the GDPR, for more information you can read the Wikipedia article on this topic General Data Protection Regulation

What are the major topics of the GDPR that affects us?

  1. Drafting of legal texts like the Privacy Policy and Terms Of Service Policy
  2. The correct way to implement Opt-In formats to collect emails.
  3. Information we collect when a user makes a comment on our pages.
  4. The right of users to know what information we have stored from them, the right to change it or download it and the right to erase it.
  5. Information that the Cookies of our sites collect from users and their right to block them.

 

There are multiple types of online pages, such as e-commerce stores, news sites, blogs, question and answer forums, etc. And each of them manages and processes information in different ways. On this article, I’m just going to focus on my experience, which is over blog sites.

Here I must make a statement, I am not a lawyer and my advice should be taken as it is, I am only based on my experience and my advice is not legal advice. Each one is responsible for implementing what is necessary to comply with this regulation. The information presented here is only as general information so I am not responsible for what each person implements on their website. If you think you need help, contact an expert in the field.

Well, now I can begin to explain how I resolved each point.

 

Drafting of legal texts like the Privacy Policy and Terms Of Service Policy

PRIVACY POLICY

One of the most important points of the GDPR is the transparency in the use of the data that we collect from users. This is why it is necessary to be as clear as possible by informing our users how this information is collected, how we use it, whether we share it with other companies or not. We must do this through the Policies. The most important are the Privacy Policy and the Terms of Service, although not necessarily the only ones. The more explicit and transparent we are, the better.

I use the following on my WebSite

Privacy Policy

The most important of all. Here you must explain what data you collect from users, how you handle them, the rights of users in relation to their data, how you protect their data and information about cookies, as well as my contact information.

Terms of Service

Necessary to explain everything related to the use of our blog, like explaining that my website may have links that point outside my domain and that The salty Feet doesn´t have control over the content of them, the correct use of comments (very important, here it is clarified that comments can be edited, changed or deleted), prohibited uses of our content and under what law we are legally governed (our country of stay).

Cookie Policy

Here I explain what cookies are and I give links to sites where it is explained step by step how to disable them (if it is the user´s wish) for the most common operating systems and browsers.

Disclaimer

Necessary to clarify to the users that the information that is in our site is not nor constitutes legal advice of any subject and that it only has to be used under his own good judgment, that all our content is information of general use. I also explain what affiliate marketing is and how their purchases through our site could generate a commission in our favor.

I imagine you must be thinking how do I write so many legal texts if I’m not a lawyer?

There is a multitude of sites that can generate these policies. In my case, I installed a plugin on my site called The GDPR FrameWork. I use this plug-in for two very important things: generate the Privacy Policy and have the tools to download or delete user data. More information ahead.

For the other policies I used different generators, just look for xxxx policy generator and you will find many options.

If you want to take my policies, copy them and use them on your site, go ahead, just be careful to read them carefully and be sure they comply with your site and make sure to delete and change any personal data that the policy contains (I have seen cases in which they copy the policy as it is and the administrators do not to even remove the name of the site from where they copied it and replace it with their own)

 

 

The correct way to implement Opt-In formats to collect emails.

CHECKLIST

Under this regulation, collecting personal information, such as names and emails, you need the express authorization of the user and explain exactly how you are going to use this information and stick to it.

The user must give their express consent, which can be by checking an acceptance box (this should not be pre-authorized) and explaining why their information is needed, explaining that they will be receiving the newsletter and that you could send them advertisements.

In addition, if you give gifts as a hook to collect emails, such as the free download of ebooks, you must give the option to download the ebook without subscribing to your mailing list. From now on, users need to have the option of obtaining promotional material that is free without being required to send them emails with advertising. To achieve this, instead of having a checkbox that gives consent for receiving the material and consent to receive emails with advertising, you must have two checkboxes, one authorizing the use of their emails to send them the free material and another checkbox where they authorize the use of their emails for marketing purposes.

Mailchimp opt in drop down

I use MailChimp to collect emails, and at the time of writing this article, the checkbox in the forms of MailChimp cannot be set as necessary, so it was a bit difficult for me to add this option to my Pop Up form. The way I solved it was by adding a drop-down menu. In the first option of the drop-down menu, I left it blank, without data. I left the second option as Yes.  I made the drop-down menu as necessary to subscribe. How it works is like this: Since the first option has no data, the form detects that a selection has not been made, so it is not until the user selects Yes that it is possible to select Subscribe.

I have two drop-down menus, one is to give consent to the subscription and the other for the user to indicate that he has read the privacy policy and the Terms of use. The user must select Yes in both drop-down menus to be able to be registered in the newsletter.

Another important fact is that as you can see, I only ask for the email and not the name. The less information we collect, the better and I think, from my point of view, that only email is needed to be able to carry out marketing.

Also, there is a widget with a link to this form on my blog pages, so if a user wants to sign up he or she just needs to click on Subscribe to the newsletter and they will access this form.

It is important to note that all emails that MailChimp sends to subscribers have the option to unsubscribe which is also a requirement of this regulation.

 

Information we collect when a user makes a comment on our pages.

WordPress made two important changes in an effort to comply with the GDPR in its latest update. One of these changes is the addition of a checkbox in the comments section.

Comment

Save my name, email and website in this browser for the next time I comment

This is to ask permission to leave an identification cookie on the user computer with which the same user would be identified and automatically their data would be filled when making another comment on the same site.

The following checkbox is generated by the Plugin The GDPR FrameWork

I accept the Terms and Conditions and the Privacy Policy

This checkbox is necessary to make any comments on our sites. You must have previously written these policies and link them from the plugin control panel of The GDPR Framework. If you do not check this box, the user will not be able to make any comments.

There is something I want to share that is also very important and I have not found this anywhere else: The use of GRAVATAR.

Gravatar is part of the organization that maintains WordPress, so all site creators have a gravatar account in which their data is stored but also automatically uploads to the page of the sites where the user makes a comment on a photograph. This photograph is the one that the user registered in his / her gravatar account.

If the GDPR is about the use and protection of the data that we collect from our users then,  why do we publish something as personal as a picture?  When I realized this situation I configured WordPress so that the pictures do not appear (WordPress calls them Avatars) This can be done from the WordPress editor: SETTINGS -> DISCUSSION -> AVATARS -> AVATARS DISPLAY -> SHOW AVATARS

When you disable this box, the photos of the users of the comments disappear. Although they look very nice, I prefer to avoid complications with the new regulation.

 

The right of users to know what information we have stored from them, the right to change or download it and the right to erase it.

information

As I mentioned a few moments ago, WordPress made two important changes to comply with the GDPR, and one of them was the incorporation of two new tools:

Export Personal Data

Erase Personal Data

These are found in the WordPress Tools editor

If a user makes a request to see what data is stored on our website through the contact form or by any other means, you need to fill in his email and another one will be generated where the user is asked to confirm their request. We must follow the same steps to generate the deletion of the user’s data.

From what I have seen, most of the information saved from users is in the comments they have made on our sites.

 

The GDPR FRAMEWORK Plugin creates a page that is called Privacy Tools, with which users can do this themselves, and the plugin is responsible for sending an email to the administrator to record the request of users.

First, the user must identify himself with his email, once this is done the plugin generates an email with a link that is deactivated within 15 minutes after the email is sent  With this link, users can download their information or delete it.

I want to point out that after performing some tests, if the user’s email is from Hotmail, Hotmail automatically rejects it, it is not received, or at least that happened to me. It is not the first time something similar happened to me with Hotmail emails, that’s why I barely use it.

 

 

Information that the Cookies of our sites collect from users and their right to block them.

Cookies

NOT THAT KIND OF COOKIES

This is probably the most complicated point, at least for me, to solve.

In theory, in order to comply with the GDPR, you must give the user the option to block all cookies that are not essential for the correct use of our site. There should be a banner with all types of cookies that could be used (the consent should be before these cookies are loaded and not later). If the user does not consent, these cookies should not be loaded and he should enjoy the site in a normal way.

Think Google Analytics, Facebook Pixel, YouTube cookies, etc …

There is a lot of information that our plugins could be gathering from users without us noticing. Google Analytics cookies are necessary to know the performance of our sites, and if you advertise on Facebook, Facebook Pixel is necessary.

This can be counterproductive with our users, since normally when anyone says “you authorize me to be monitoring you” the answer will surely be no, they will be scared because they are not used to having to authorize everything and they are not well informed on how marketing works.

The way in which most of the big pages are solving this is through the use of a banner that appears when a user accesses the site where it is explained that the site uses Cookies and that its continued use of the site authorizes its use, otherwise they give you a link where you can learn how to disable cookies from your browser.

This is done under the assumption that if a user does not want the cookies of a certain site then he or she won’t want them from other sites and this can be achieved by configuring the internet browsers.

I also took this path, the plugin I am using is the Cookie Bar, which generates a banner that you should have saw if it was the first time you visited my site.

As you can see, I give the user the option to learn how to block all cookies in the most used browsers.

Another thing I did was to anonymize the information that Google Analytics collects from users.

Google Analytics collects, among other things, the users IP, with which you can know from which part of the world they visit us. The IPs consist of 4 sections of numbers as follows: 074.125.224.072 (this is one of the of Google´s IPs). The way to anonymize this information is to eliminate the last three numbers, in such a way that it would be 074.125.224.XXX. In this way, Google analytics can still know where they are visiting but with less accuracy, like not knowing from which city they are visiting us, but Google can still detect from what country and state they are coming from.

The way I did this was as follows:

analytics

You need the PlugIn HEAD AND FOOTER SCRIPTS INSERTER,  you can easily insert scripts (instructions) in your websites with this plugin.

In the Head section insert the following code

ga (‘set’, ‘anonymizeIp’, true);

and voila, one less problem with the GDPR

If you want to make a complete scan of the cookies you use, try the site cookiebot.com

Here you can request a free full scan. This information,  when you get it, should be added to your Privacy Policy.

Personally I think that WordPress needs to catch up with the GDPR in relation to cookies, and provide us with some tool within the WordPress base commands for the user to select which cookies to block and which to pass without the procedure being so complicated, and make it as simple as possible so as not to scare away users.

 

So, with these procedures are we fulfilling 100% with the GDPR?

Probably not. There are some points that are ambiguous, others, somewhat more complicated, especially for those who conduct electronic commerce and are not located within the EU, since they should necessarily have to hire a representative within the EU called Data Privacy Officers. This service is certainly not free and can be very complicated for those who want to start in e-commerce and do not have much capital.

Until I can find a simpler solution for cookies and that is free (there are plugins that perform the complete scan of the websites and generate a multiple option banner for users to choose which cookies to allow and which not and due to their complexity they require payment) I will continue with the banner as a notice of the cookies.

If you want to receive articles like this in your email subscribe to my NewsLetter


About Ruben

I was born in Mazatlan, Sinaloa, Mexico. I am an Electronic Engineer and father of three beautiful kids, two males and one female. I like movies, tv series and console games. I am an entrepreneur and blogger and I want to help people to realize their dreams.

Leave a comment

Your email address will not be published. Required fields are marked *

18 thoughts on “GDPR FOR BLOGGERS

  • Huzefa

    Wow
    You have explained this whole concept of GDPR so perfectly.
    Earlier this was just like another jargon to me but now i feel i know something about it.
    Thank you so much for this

    • Ruben Post author

      I wish more admins were aware of GDPR, I have been browsing many websites and most of them haven’t taken any steps to comply with this regulation.

  • Jennifer

    Wow! I had no idea that the new regulation(s) was so complicated! I’m bookmarking your page to reference back to because there’s so much information! I didn’t even think about the fact that our plugins are collecting data from users as well. Your post was an eye-opener and I hope you continue to offer your opinion and the great training continues like what you’ve posted here! I totally agree with you about WordPress needing to catch up with the GDPR in regards to cookies. It does seem like a complicated process to expect everyone to comply with.Thanks Ruben:)

    • Ruben Post author

      Yes, it may look simple but truly implement GDPR is not an easy task. A lot of people are making good money with this regulation, specialty Privacy Data Lawyers in Europe. I hope WordPress takes notes of all these requirements and they can improve the platform.

  • Fred

    You did a really great job explaining this subject on GDPR I think that they just did this to make it more difficult for bloggers and people trying to do business. I thought it was doing just fine before all this. I’ve gone ahead and readied my sites for this I hope they are alright. I may have to come back here and copy this info if I need it.

  • Garen

    Hey Ruben,

    To be quite honest with you I haven’t even updated my privacy an TOS. It’s something that I am not really looking forward to doing, though. I’ve been getting email after email from the million affiliate programs I am in that states that they are now GDPR friendly.

    But thanks a lot for telling me about the GDPR framework plugin. That is a huge time saver! I’m certainly going to do that on a couple of my websites this week, though.

    For most of my websites, I use the Amazon affiliate program and Google Adsense. I do have 3rd party affiliate programs I have joined, too.

    Just food for thought I wonder how many WordPress themes will get in hot water for not complying with the new GDPR update. I would see lawyers jumping all over developers to take out other popular WordPress themes. Possibly, I’m overthinking it though 🙂

    • Ruben Post author

      You may be right. We are just starting with GDPR being enforceable, this is a big opportunity for lawyers to make money. I just hope that we, the small blog admins, are not so much affected

  • Alina

    So I’m saving this page to my bookmarks. There’s so much information I have to make sure I’ve done everything step by step. Question… do the plugins overlap each other?

    • Ruben Post author

      If you are giving free stuff, then your visitors should receive this gifts without being listed in your marketing campaign. Under GDPR they must have the option of not subscribing to an email list

  • shalom omotoso

    Sincerely, I have just learned something new. I have never heard of GDPR before but I can say one or two things about it now. I shall use that Wikipedia link you gave to read more about it too.

    It was this week I understood the term gravatar. I once tried uploading my pics into my blog profile but couldn’t because I was referred to gravatar, and I couldn’t use it. Somehow, I was able to navigate my way through it as that problem has been filled.

    Using WordPress has confirmed the general saying that learning is lifelong. I know a lot of bloggers who don’t know all these WordPress features and plugins. I’m one of them cos my blog is new and am still learning. I’ll try to come here often to get new tips. Many thanks Ruben!

    • Ruben Post author

      I cant believe how many bloggers dont even know what GDPR is. The fines that can come your way can be very big (20,000,000 Euros). It is very important that we keep legal our blogs.

  • Shane Black

    Such an in-depth explanation of GDPR! Thank you for sharing.
    I’d been wondering about how GDPR was applicable to the standard website documents (privacy policy, cookie policy etc) and you have explained it in such a way that I now understand.
    Do you think it’s important to take steps to comply even if your business isn’t located in Europe?
    Thanks again!

    • Ruben Post author

      You must, because you cant know where your readers are from. Imagine a Sweden person who lives in the USA and this person is accessing your website. This regulation applies to all European people regardless where they are.