Disclaimer: I am not lawyer nor can I provide any legal guidance. In this post I will describe the journey that I have taken to make my blog GDPR compliant, as best as possible.

What is GDPR?

The European Commission passed a law in 2016 regarding Data Protection laws. This law can be considered one of the biggest movements in terms of protecting users of their Data. In summary, the law outlines that a user must be able to:

1. Provide their consent before storing their details
2. Contact the publisher
3. Allow user’s to remove themselves from newsletters automatically and easily
4. Be informed in the event of any data breach

Given the list above, let’s explore what this actually means for a blog publisher. We will see how I have tried to make my blog as compliant as possible.

Privacy and Cookie Policy

Privacy Policy

One of the first things I did was to update my Privacy Policy. I did not copy paste my Privacy Policy from an existing site. Instead toke the time to understand the data that TheTestRoom would need to store.

Cookie Policy

For the Cookie Policy, I used iubenda.com. This really helped me generate our Cookie Policy. Other than providing a free service, I was able to instantly update my Cookie Policy by logging into iubenda.

Policy Visibility

After I implemented the policies, I increased the visibility of these pages. The links have been placed in my blog footer in addition to any pop-ups.

If you are not able to do anything else, creating a Privacy and Cookie policy will go a long way towards making your blog GDPR compliant.

Consent from our Users

After implementing the policies, I ensured that I clearly communicated the collection of data to TheTestRoom’s users.

Cookie Consent

When you landed on my site, you may have noticed a ‘Accept Cookie’ banner at the bottom of TheTestRoom’s pages. In this banner, I clearly ask the user to accept the Cookie Policy i.e. storing Cookies. I primarily use Cookie for analytics purposes, however before I do so I ask for the user’s consent.

A GDPR requirement is to not ‘bundle’ all options under one. For our cookie consent I allow the option to open cookie settings and set specific cookie requirements.

Consent on Pop-Ups

After visiting TheTestRoom, you may have noticed a pop-up. Did you notice as part of that pop-up I:

• • Ask the user to agree to our Policies
  • Provided the links to our policies
  • Marked the checkbox field as required

The above ensures that TheTestRoom’s user’s clearly understand that it will be storing their data (including via 3rd party applications). I display this information before our user’s consent to providing their details.

Consent on Commenting

Take a look at the ‘insert comment’ section of this post, notice a required checkbox. When a user submits a comment, they would need to provide their details. To ensure that the user allows me to display their information and store it, they would need to accept the checkbox before posting a comment.

Consent on Emails

When TheTestRoom welcome’s a new subscriber, I use the double opt-in mechanism. After a user has accepted the policies and provides their email address and name, I send them a quick ‘confirm your subscription and email address’ email. I request their permission once more before I add them to TheTestRoom’s mailing list. This is again to ensure that the user understands before being added to the mailing list.

Remove Subscribers Automatically

Growing a list of loyal subscribers requires TheTestRoom to allow an automatic opt-out solution for my subscribers. This is vitally important as it is a required for GDPR.

The moment I confirm a new subscriber i.e. once they join the mailing list, I send the same user a ‘Welcome Email’. The ‘Welcome Email’ is the first email that my user’s receive once they join the mailing list.

All emails that we send to all users, we ensure that each email contains an ‘unsubscribe’ link. This is a clear way for any of my subscribers to unsubscribe themselves from the mailing list.

To achieve this, I used MailChimp. MailChimp is a brand building platform that I use to manage my emails. This tool provides the ability for my subscribers to remove themselves from my mailing list without me having to manage it.

Social Sharing Links

Social media share buttons is an easy detail to miss. I found my subscribers shared my posts on Social Media, some Social Media share buttons also tracked their personal information (to sell onto other 3rd party).

We explicitly make a mention of Social Media in the Cookie Policy. More importantly, I use a plugin that does not generate any cookies to share our posts. There are a number of plugins available for sharing on social media that are GDPR complaint.

I use ultimate Social Media Icons. They provide options to make social media share icons on your blog GDPR compliant.

Blog GDPR Compliant: Summary

Firstly, GDPR is not something that we need to be scared about. Applying simple solutions such as the above should go a long way in being blog GDPR compliant.

After I had created the Privacy and Cookie Policies, I ensured that they are visible and easily accessible. I ask the user’s consent where possible in the event where TheTestRoom collect’s their data.

I welcome new users using double opt-in and allow easy access for opt-out.

Finally, I welcome our subscribers to share our posts and at the same time ensure that their data is not saved.

With some research, I feel that TheTestRoom has gone a long way towards substantially becoming GDPR complaint. If you have any questions or if something in the post was not clear, feel free to leave a comment below below.