• This Girl Does

GDPR and What It Means for Bloggers?

The GDPR deadline is looming. For some, that will send shivers down their spine. For others they will wonder what on earth it stands for. GDPR, or the General Data Protection Regulation is a piece of legislation that comes into force on the 25th of May. It will affect anyone who controls and processes data.

So what is GDPR and what does it mean for bloggers?

Whilst this blog post is by no means exhaustive and should not be used as professional guidance, it will hopefully give bloggers a basic understanding of what changes they need to make to comply from the 25th May.

The main thing that unites bloggers will be the capturing of email addresses for newsletters and comments on posts so lets begin there.


It is imperative that everyone who's data you have access to has given you explicit permission to do so. You may have seen your favourite companies send "opt in" emails over the past few weeks. This is to ensure they have this consent but also have a record of when it was given. If you store a large database of leads, it will be worthwhile arranging one of these. Mailchimp over good guidelines on how users can update their profiles. Yes this is decimate your database, however you will be left with a group of people who really do want to hear from you, and work can now begin on regrowth.

Consent doesn't just relate to email addresses, but if you gather and use cookie data for remarketing or advertising (or even for a chatbot) you need to think about this The good news is most third party platforms are GDPR compliant however you will need to update your cookie policy alongside your privacy policy to let people know what you collect and how you use it.

Additionally, if you allow comments on your blog, you should make sure there is a checkbox present to ask users if they agree to the message they have posted being linked to their email address. As wordpress are fully engaged in being GDPR compliant, this should be covered if you use them for blogging.


It is imperative you only store data that you absolutely need and that it is cleansed regularly. If people do not opt in to your communications, then you should remove any personal data you hold about that person. Any excel file housing data should be password protected or ideally stored in a GDPR compliant platform, ie Mailchimp.

The Right to Be Forgotten

Users should have an easy way to contact you to ask you to amend or remove their data. Details of how they can do this should be included in your privacy policy where you should also include why and how you collect and store data.


Remember to make sure you check your plugins are all GDPR compliant. You will be surprised what apps collect what information and it is best to read up on them individually. Even the likes of Jetpack will be collecting data you might not be aware of.

What happens if my data is breached?

Should the unlikely happen and your website is comprised and data breached, you have 72 hours to notify your audience. Most of us do not need to worry about it but is a reminder we should always keep our site and data we hold secure.

What if you don't comply?

We should all try to follow legislation not just because it is the right thing to do but because GDPR is designed to protect people. If you don't comply, larger companies can face huge fines and notification to relevant authorities. Luckily for most of us, we will be under the radar however it is the best practise of any blogger to ensure we are fully compliant.

For further information, you can drop me a wee line. Have you got any GDPR advice you can help the community with?

5 views0 comments

Recent Posts

See All