GDPR Compliance: How to Get Through it Without Overwhelm

Is all of this GDPR compliant stuff making you crazy and stressed?

Discover how to get through it and keep your sanity intact and your overwhelm low.

Get the GDPR Guide

You’ll want to reference my GDPR Guide as you follow the steps below.

So, keep that link handy.

How to stop the overwhelm feeling

Forget about the May 25, 2018 deadline for compliance.

Only a sliver of folks globally will be compliant by then, including companies in the EU.

“It’s clear that the majority of organizations are not currently prepared to meet GDPR requirements,” said John Ottman, Executive Chairman of Solix Technologies

~ quote from ZDNet article on GDPR compliance as of Feb 2018

GDPR is a work in progress

And will be for the rest of 2018.

You have no shot at becoming fully compliant by the deadline.

• Most of the 3rd party entities you need to rely on for becoming fully compliant, by linking to their policies in your own policy, are scrambling to become fully compliant themselves.
• Devs involved with creating ways to notify your site visitors and obtain consent for tracking are all scrambling to build those automated systems right now too.

It seems like EVERYBODY involved with GDPR waited to the last minute to get their act together.

So, we, as site owners, have to take a chill pill and let some of the path be created so we can walk it.

What you should focus on first

That’s simple – create your Privacy Policy.

Yes, there’s a lot to it.

And you’re not going to get everything you need into it on your first draft.

So, let yourself off the hook with trying to make your Privacy Policy perfect, or even complete, on the first go.

This will we a working document that you update as we all go through this together.

Where to start

That’s simple too – list all of the ways you track client data on your site.

Just make that list – on paper – or a Word doc or such.

That will be enough for one day.

See Step 1 in my GDPR Guide for lists to get you going.

Keep in mind that WordPress 4.9.6 will be out soon.

It has an internal way to detect the ways you are tracking visitors based on your theme and plugins.

It will also create a rough draft of a Privacy Policy page for you, with that info in it.

So, just do the best you can with making your tracking list for today.

And then wait for WP 4.9.6 to come out and see what it detects, and then add anything missing that you have on your own list.

What to focus on next

Simple – create the next section of your Privacy Policy – the one that explains what you do with all the site visitor info you track.

Again, just make a list.

Here are a few ideas to get you started.

• Do you use Google Analytics? Then you use those collected IP addresses to determine metrics on your site.
• Do you use Facebook Pixel Tracking? Then you use those collected IP addresses to serve targeted ads on Facebook.
• Do you have a newsletter optin? Then you use that to send folks your blog posts or other helpful info.

See how easy this is?

Go visit Step 2 in my GDPR Guide for more guidance on this phase. But don’t get bogged down in all the extra email collecting info in that section.

Just stick with making this little list for now.

What’s Next?

Pick some places on your site where folks can easily find your Privacy Policy.

And again, make a short list of them.

Now, we don’t have that page posted yet, so we don’t have a link yet.

But, we can poke around our site and get ideas for the best places to put it.

In fact, poking around is all we need to do right now.

Keep in mind that WP 4.9.6 is going to help us with that too, as are new plugin updates.

So, all we want to do in this phase is choose a few easy places where we can add a link.

Easy link places include:

• Somewhere in your navigation menu. That could be in a footer menu, or a drop-down from your About page or such too.
• Near an optin. Maybe you use a plugin that doesn’t have a place for you to add an extra link yet. Maybe it will one day. In the meantime, can you create a new Text widget with that?

We’ll also need a link in our comments area. We’re going to wait and let WP 4.9.6 take care of that one for us.

See Step 4 in my GDPR Guide for more link placement ideas to add to your list.

Now what?

How you conduct your email marketing, and what you need to do to be GDPR compliant with it will be one of those topics that will be debated forever, as we all make our way through these new changes.

As a U.S. based blogger, that does not specifically target EU citizens, you’ll have a LOT of gray area to work with here.

If you have super simple email marketing practices, this is going to be easy for you.

Like at BlogAid. If you sign up for BlogAid News then you’re going to get:

• my blog posts via email
• urgent site news
• special offers and discounts only available to BlogAid News subscribers

And that’s all I have to tell you in my privacy policy too.

See how easy that is?

If you’re big on email marketing, and have a complex system, then you’ll need to dig into that.

See Step 2 in my GDPR Guide for examples to get you started.

But you’re also going to want to seek out other GDPR folks who specialize in big email marketing for even more advice.

Next thing

By now you should have most of what you need for your Privacy Policy.

It will include the lists you made for:

• What data you collect
• What 3rd parties you share that data with, and links to their Privacy Policy
• How you use the info you collect
• A way to contact you, so a visitor can ask for their info to be modified or deleted.

Okay, you’re ready to post the first draft of your policy.

And realize that it is a work in progress that you will be editing as we all go through this, and new info becomes available.

Once that is published and you have a link, then put it in the easy places you listed.

Don’t worry about the rest for now. Just get this much done.

Last 2 things

As of this writing, May 9, 2018, I’m still vetting the best plugins for us to use.

We’ll need a plugin to create a little pop up to:

• Notify visitors that tracking and cookies are in use, and turn off that tracking until visitors say okay
• Provide a button that visitors can click to give consent, so all that tracking can be turned back on
• Provide a way to record that consent was given

We’ll also need a plugin or a service to help:

• Provide a way to produce a report on demand of that visitor consent
• A way to modify the data, per a visitor’s request to do so

Some that help will be provided by WP 4.9.6.

Some will be provided by our vendors, like our email list service (Mailchimp, Aweber, etc).

And some may be provided by other vendors, like other plugins that have an all-in-one GDPR service. But those can be expensive and some of them even scare me a little with regard to site security.

I’m vetting and testing all of this stuff as fast as I can. I’ll post more when I have it.

Just watch for those posts on BlogAid. That’s all you have to do.

Keep in mind that I have to find something to work for me too, so I’m on the ball with it.

Bonus Points

Ultimately, you, as the site owner, will be held responsible for keeping all of the data you collect secure.

Get a site audit.

On average, I find 26 security holes and performance drags that no plugin can detect.

2 birds – 1 stone – we’ll get your site speedy while we’re at it. Don’t let all this GDPR hoohaa make you forget that speed will become an SEO ranking factor in July.

Be patient with GDPR stuff and yourself

The GDPR police are not likely to come after you or your blog on May 26, 2018.

It’s also not likely that site visitors will suddenly demand that you get their consent for tracking first, or produce a report of consent on that date either.

Take the easy steps you can today.

Wait on help that is coming for the rest.

Add what you need, as you go.

Breathe, it will be alright. We’ll get through this together.

Disclaimer

I am not a lawyer. This post is for informational purposes only and should not be taken as legal advice. Do your own homework on GDPR. Due to the legalities of all this, I do not offer GDPR compliance services. But I will do my very best to help you stay informed so you can do this for yourself!!!!