GDPR Compliance for blogger hosted blogs
One of the most discussed topic in blogger community this
month is the GDPR Compliance. Unless you’re totally inactive, you would have
come across this term and wondered what exactly you need to do as a blogger in
order to be GDPR compliance.
Disclaimer: I do not claim to be an expert or authority in
GDPR guidelines. This post is based on my personal research, thoughts and
interpretation, along with inputs from blogger friends mentioned earlier and is compiled with best intention of informing and helping fellow bloggers. Please cross check against more official, authoritative sources
if you have a doubt or wish to be doubly safe. I do not accept any liability if
information given in this post is not correct or causes you any inconvenience
or loss.
Like many concerned bloggers I also spent some time checking
around what is this, what I need to do and so on. In this post, I am making an
attempt to explain the GDPR Mandate and its implications on bloggers. I was
greatly assisted by Travel & Fashion blogger Bhushavali Natarajan, who is currently
based in Europe and has seen these from close quarters. Swati Naik also
provided some inputs.
What is GDPR?
GDPR is General Data Protection Regulations, mandated by EU to protect interests of EU citizens and their data privacy interests. At a high
level, it mandates the following
- If
you’re capturing any data from your users/visitors, you should seek
consent
- You
should disclose how you’re planning to use data captured in #1 above
- You
should given your visitor an option to opt out or get their personal data
removed if they wish
What kind of data do bloggers capture? Why does GDPR
guidelines apply to blogs?
Most blogs don’t mandate any user registration or sign up to
view the posts. Bloggers publish their text, photo and videos and visitors from
all over the world access it to read/view these content. Blogs are not a
standalone website in most cases- they are hosted on platforms like blogger and
wordpress, which handle most of the technical stuff, including data capture,
hosting and so on. Bloggers usually focus on content and the matters that are
important to GDPR are typically under the control of platforms that host the
blog. Thus it is imperative these platforms (blogger, wordpress) provide
essential support to comply with GDPR guidelines. From what I understand both
blogger and wordpress are providing required support for bloggers to be GDPR
compliant- so there’s nothing much to worry. In this post though I am focusing
more in blogger hosted blogs. Refer Karthik's post for wordpress specific guidelines.
What kind of data do blogs collect?
It is important for bloggers to understand what all user
data are collected on the blogging platform you use. Below is a snapshot of
typical activities that happen on a blog
#
|
Activity
|
Data captured/
|
Remarks
|
1
|
Readers access the blog
|
IP Address & Demographics is captured by tools like
Google Analytics
Cookies may be placed in visitor’s browser
|
If you’re using different tracking tools take appropriate
steps
|
2
|
Readers leave a comment
|
Name, email, website info or other information captured
while submitting a comment
|
|
3
|
Subscribes by email
|
Email ID
|
|
4
|
Clicks on a link/button etc
|
Navigation to destination site or whatever action
facilitated by the link/button (like
tweeting/sharing)
|
How to comply with Data Privacy/GRPR guidelines?
#
|
Data Captured
|
Compliance Action
|
Remarks
|
1
|
Cookies
|
Blogger has added required feature- a popup automatically
comes up seeking consent from readers whenever the blog loads in a European
country- Refer screenshot below
|
If you have other tracking tools/too many plugins there
could be issues- Each blogger should ensure that this popup actually appears
|
2
|
IP Address
|
Google Analytics lets you define how long this data will
be retained. Default is 26 months.
Blogger needs to login to analytics account, go to
privacy-data tracking- select retention duration
|
|
3
|
Leaving a comment
|
Could not find clear guidelines on this- anyway commenting
is an optional activity.
Supporting Anonymous comment will give full control to
visitors
In other cases there should be a way for someone to get
their old comment removed, if they so wish. I believe providing a policy page
and contact information is good enough
|
External platforms like Disqus may have their own way of
complying with GDPR- Pls check
|
4
|
Email subscription
|
Every brand is bombarding their email subscribers to
reconfirm their subscription, resulting in tons of spam.
Email subscription platform Feedblitz says reconfirmation
is NOT necessary for those who have subscribed via dual opt-in (User enters
email on your blog to subscribe, then Feedblitz sends them a mail to confirm
and only upon confirmation they will be added to mailing list.
Do check feedblitz FAQs here. You may refer to emailing
system you’re using-should be similar.
|
|
5
|
Clicking on a link/Button
|
I am assuming there’s nothing we need to do on this- it is
responsibility of destination website to comply with GDPR once users land on
their site from yours.
|
 |
| Blogger Cookie consent info in blogger dashboard |
 |
| Feedblitz FAQ |
Above are the typical activities that happen on a blog. If
you’ve added lots of widgets, trackers and other customization, do review them
to check if they catch user’s personal data. If they do, check how it is stored
and used and if there’s any risk. Unless you’re confident that widget is safe
and compliant, you might want to remove them or add some warnings.
What have I done to my blog in order to comply with GDPR?
- I created a privacy page that explains what data is captured in my blogs, how they are used and what a user needs to do if it has to be removed.
- I’ve ensured that cookie confirmation popup does appear when my blog is accessed from Europe
 |
| Cookie consent |
- I’ve logged into Analytics account, ensured purging settings is at 26 months
I really appreciate the efforts you have taken for penning down this post. Thanks for sharing!
ReplyDeletewww.docdivatraveller.com