What do bloggers need to know about GDPR?
Does GDPR even apply to digital influencers?
What happens if I don’t comply with GDPR?
Personally, I think there are two main approaches to GDPR in the influencer community right now.
In the red corner, there are those of us who are simply sticking our heads in the sand and waiting for GDPR to go away.
And in the blue corner, there are those of us who have Googled, “What do I need to know about GDPR?”, scared ourselves stupid and are now waiting for the whole thing to go away.
I have good news and bad news. The bad news is that GDPR isn’t going to go away. Even if we’re not in the EU, our government is very keen on implementing this bit of EU law so that UK businesses can trade more easily with Europe.
But there’s also good news.
For influencers, GDPR really doesn’t need to be scary, or complicated. Honest!
Here at Flea Enterprises, we’ve taken expert advice on our GDPR compliance. If you run a business that’s built on data, I recommend you do the same.
But for bloggers, GDPR isn’t necessarily a huge step up from what you’re probably already doing to comply with our existing (pretty strong) data protection laws.
Today we’re going to share a really quick GDPR primer (enough to help you glide through those tricky dinner party convos) and 10 tips based on our understanding of GDPR. This will help ensure you’re in good shape for when GDPR comes into force.
What is GDPR?
GDPR is an EU law that strengthens our existing data protection laws. It comes into force on May 25.
The aim of GDPR is to ensure we treat people’s data with respect. You need to have a legal right to collect and process data. It needs to be stored in a secure, appropriate way. People need to be able to easily find out what data you hold on them. If they ask you to correct or delete it, you must do so promptly.
Do Bloggers Need to Worry about GDPR?
As an influencer, the type of personal data you hold is likely to be limited – but you almost certainly hold some personal data.
If you’re a blogger, you may store email addresses from comments. Perhaps you store email addresses or shipping addresses relating to giveaway or mailing lists. If you employ a VA, you might store their address and payment details.
Anything that could identify a living person is classed as personal data.
Sidenote: information about a media outlet or company isn’t considered personal data.
How to Relax and Comply with GDPR
Today we are sharing 10 snippets of advice that we hope will get you well on the way to relaxing about your GDPR compliance.
- It’s not a cooked cake. GDPR is a new piece of EU law, but it’s going to be monitored by local organisations – in our case the ICO. With GDPR on the horizon lots of businesses are rushing to register with the ICO as “data controllers” to show their commitment to data privacy. This isn’t necessary if you only process personal data for “core business purposes of staff administration, marketing, PR and administration”. If you’re unsure if this exemption applies to you – take this quiz.
- You don’t need to rebuild your whole mailing list. One of the most common myths around GDPR is that you need to “re-permission” everyone who receives your emails to get their consent to continue mailing them. Nope. If you got opt-in consent in the first place, and have a clear “unsubscribe” option in your mailings, then you’re good to go.
- You may have legitimate interest to process data. If your business has a core activity that relies on processing personal data then this is considered allowable under “legitimate interest“. This is the basis under which our company will be operating, when processing influencer data, for example.
- Legitimate interest doesn’t cover direct marketing. So you may show a legitimate interest in contacting a mailing list with your latest blog post, but if you’re selling something directly then then that’s not covered by legitimate interest.
- You’ll still get press releases and PR pitches: I’ve read that nobody will be able to send unsolicited messages after GDPR. Yes, PR agencies need to comply with GDPR. This means they’ll need to show they hold only appropriate data, and it’s up to date and can be deleted on request. But they’ll still be allowed to send you material providing they can demonstrate it’s potentially useful for you in creating online content (so it should be relevant and they may well request an update to your details)
- As a citizen you have more rights. As an individual GDPR protects your data, so it’s not all about what you have to do. Under GDPR you can ask any organisation what data they hold about you, request amendments, or ask for that data to be deleted. Companies will be required to comply with such requests swiftly.
- Check in on your IT systems and processes. One of the key requirements of GDPR is ensuring that where you hold personal data, it’s collected, stored and processed securely. So make sure laptops are password protected, office doors (or filing cabinets) are securely locked, and computers have up-to-date security software installed. Consider moving your blog to HTTPS.
- Check out your suppliers. Think about all the third party sites where you might store personal data. Do you use third-party giveaway widgets? Have a hosting company? Use a cloud-based back-up service? Do a quick check on their sites for GDPR compliance. And don’t forget that you still need to ensure your systems protect that personal data when you’re accessing and viewing it via a third-party site or tool.
What You Really, Really Need to Know about GDPR
If you don’t remember anything else about GDPR, remember this: don’t panic.
GDPR shouldn’t be a chore for most bloggers and digital influencers. It’s really about three key things:
- Treat data with respect. Only collect what you need, and ensure it’s accurate, and that your data storage and processing is secure.
- Review your IT arrangements so that you know all your computer systems are secure, including checking on any third-party services you use to store or process personal data
Are you worried about the introduction of GDPR? Let us know in the comments if you have any tips about getting ready for GDPR for bloggers.