GDPR & Small Business Bloggers

Disclaimer: This post is not legal advice. For full information and guidance please see the GDPR site and seek professional legal advice. This is an  interpretation of what I have read but I am not an expert or a lawyer and as such I can not be held liable for any advice taken from this article.

Is your blog a small business?

Are you earning money with your blog?

Are you a Brand Ambassador for other companies?


Are you ready for GDPR?


GDPR – General Data Protection Register is a new privacy law approved by the EU Parliament that will go into effect on the 25th May 2018

To be honest, at first I thought GDPR was only going to affect big business  because of the Facebook and the Cambridge Analytica debacle, but nope,  turns out it is going to affect business bloggers and other entrepreneurs.


GDPR logo


As a matter of fact, any individual or organization that receives or processes data is affected. It is important because there are fines for any data processor, big or small that is not in compliance.  If you are earning money from your blog, not only does the brand you represent need to be in compliance, but you too need to be in compliance.

Below are just a few of the many steps that need to be taken and I thought these would be the easiest to tackle before the deadline on Thursday.

Newsletters/Email Lists & Google Analytics

Do you use an email list to send out Newsletters?  If so, you will need to decide whether or not you want to keep a subscriber list (Mail Chimp/Constant Contact, etc).   Even if you don’t use it to market to your subscribers you might email them once a month to give them updates on your blog.   So if you do want to keep the subscribers, you will need to email them all (again) and get them to positively agree to allow you to keep emailing them. If you don’t get positive confirmation, then you will need to delete them.

If you use Google Analytics or a similar traffic tracking system, it applies.   If you have advertisers on your blog, it applies. If you have a Contact Me form, it applies, if you use a third party widget like Bloglovin, it applies.

Comments & Cookies

When people leave comments on your blog, using a standard WordPress Plugin, they leave their name, email address, or website and their IP address is also captured. That information is stored on the blog website.  So you will need to either get a widget that will make this data anonymous, turn off comments, (NO) or put in a disclaimer to explain what will happen when they leave a comment.

If you don’t already have a cookie banner at the top or bottom of your site or as a pop up when someone visits your site you need to have one in place.  Websites have always been required to alert visitors to the fact they have cookies in use but it didn’t have as heavy an influence as it does under GDPR.

It is now imperative that you let your blog viewers know that cookies are in use and, as with everything under GDPR, it needs to be in their face.

Privacy Policy/Statement

You will need to update your Privacy Policy to include a statement on what data is saved, how it is kept, and what you do with it.  If you do decide to keep any personal data connected with your blog, i.e. after running a Giveaway, you will need to register it with the ICO (Information Commissioners Office) as a Data processor. 

Please note that there is an annual fee involved and you will also need to register your business address (in most cases it’s your home address).

SSL Certificate

Secure sites are all the more important under GDPR so it’s worth checking if yours is or not. The easiest check is to type https:/ before your website address and see if it sends you to that site, not http.


Lots of blogs have clients who pay to advertise on their sidebar and then be promoted by the blogger. These advertisers collect a large amount of personal data including names, email addresses, blog URLs, social media handles and sometimes even payment information.

If you do have advertisers you need to get in contact with them and outline exactly what information you hold and how you use and secure it. You will need consent from them for you to store their data or request for it’s removal.

For any future advertisers you will need to have a form that outlines what information you require, how and why you store it and get their explicit consent allowing you to do so. 

There is a lot more information and I will try to update this post next week, however, if you are saying to yourself,  “I don’t market to the EU” remember that you may have readers in the EU so this new privacy law does affect you and your blogging business.

  • Update your cookies banner.
  • Check your SSL certificate.
  • Write your privacy policy.
  • Research your third party providers.
  • Update your mailing list.
  • Contact your advertisers.
  • Put in place GDPR compliant sign ups for future advertisers/collaborators/mailing list subscribers.


The EU countries are:

Austria, Belgium, Bulgaria, Croatia, Republic of Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece,Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands,Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the UK.

Let’s Chat > Will you be in GDPR compliance on May 25th?

One Reply to “GDPR & Small Business Bloggers”

  1. According to Author Media, Americans don’t have to comply because they won the Second World War. This (tedious) new law is there to protect us all from being exploited, so thank you for taking this seriously. Well detailed and useful post.


This site uses Akismet to reduce spam. Learn how your comment data is processed.