Is all of this GDPR compliant stuff making you crazy and stressed?
Discover how to get through it and keep your sanity intact and your overwhelm low.
Get the GDPR Guide
You’ll want to reference my GDPR Guide as you follow the steps below.
So, keep that link handy.
How to stop the overwhelm feeling
Forget about the May 25, 2018 deadline for compliance.
Only a sliver of folks globally will be compliant by then, including companies in the EU.
“It’s clear that the majority of organizations are not currently prepared to meet GDPR requirements,” said John Ottman, Executive Chairman of Solix Technologies
~ quote from ZDNet article on GDPR compliance as of Feb 2018
GDPR is a work in progress
And will be for the rest of 2018.
You have no shot at becoming fully compliant by the deadline.
- Most of the 3rd party entities you need to rely on for becoming fully compliant, by linking to their policies in your own policy, are scrambling to become fully compliant themselves.
- Devs involved with creating ways to notify your site visitors and obtain consent for tracking are all scrambling to build those automated systems right now too.
It seems like EVERYBODY involved with GDPR waited to the last minute to get their act together.
So, we, as site owners, have to take a chill pill and let some of the path be created so we can walk it.
What you should focus on first
That’s simple – create your Privacy Policy.
Yes, there’s a lot to it.
And you’re not going to get everything you need into it on your first draft.
So, let yourself off the hook with trying to make your Privacy Policy perfect, or even complete, on the first go.
This will we a working document that you update as we all go through this together.
Where to start
That’s simple too – list all of the ways you track client data on your site.
Just make that list – on paper – or a Word doc or such.
That will be enough for one day.
See Step 1 in my GDPR Guide for lists to get you going.
Keep in mind that WordPress 4.9.6 will be out soon.
It has an internal way to detect the ways you are tracking visitors based on your theme and plugins.
It will also create a rough draft of a Privacy Policy page for you, with that info in it.
So, just do the best you can with making your tracking list for today.
And then wait for WP 4.9.6 to come out and see what it detects, and then add anything missing that you have on your own list.
What to focus on next
Simple – create the next section of your Privacy Policy – the one that explains what you do with all the site visitor info you track.
Again, just make a list.
Here are a few ideas to get you started.
- Do you use Google Analytics? Then you use those collected IP addresses to determine metrics on your site.
- Do you use Facebook Pixel Tracking? Then you use those collected IP addresses to serve targeted ads on Facebook.
- Do you have a newsletter optin? Then you use that to send folks your blog posts or other helpful info.
See how easy this is?
Go visit Step 2 in my GDPR Guide for more guidance on this phase. But don’t get bogged down in all the extra email collecting info in that section.
Just stick with making this little list for now.
What’s Next?
Pick some places on your site where folks can easily find your Privacy Policy.
And again, make a short list of them.
Now, we don’t have that page posted yet, so we don’t have a link yet.
But, we can poke around our site and get ideas for the best places to put it.
In fact, poking around is all we need to do right now.
Keep in mind that WP 4.9.6 is going to help us with that too, as are new plugin updates.
So, all we want to do in this phase is choose a few easy places where we can add a link.
Easy link places include:
- Somewhere in your navigation menu. That could be in a footer menu, or a drop-down from your About page or such too.
- Near an optin. Maybe you use a plugin that doesn’t have a place for you to add an extra link yet. Maybe it will one day. In the meantime, can you create a new Text widget with that?
We’ll also need a link in our comments area. We’re going to wait and let WP 4.9.6 take care of that one for us.
See Step 4 in my GDPR Guide for more link placement ideas to add to your list.
Now what?
How you conduct your email marketing, and what you need to do to be GDPR compliant with it will be one of those topics that will be debated forever, as we all make our way through these new changes.
As a U.S. based blogger, that does not specifically target EU citizens, you’ll have a LOT of gray area to work with here.
If you have super simple email marketing practices, this is going to be easy for you.
Like at BlogAid. If you sign up for BlogAid News then you’re going to get:
- my blog posts via email
- urgent site news
- special offers and discounts only available to BlogAid News subscribers
And that’s all I have to tell you in my privacy policy too.
See how easy that is?
If you’re big on email marketing, and have a complex system, then you’ll need to dig into that.
See Step 2 in my GDPR Guide for examples to get you started.
But you’re also going to want to seek out other GDPR folks who specialize in big email marketing for even more advice.
Next thing
By now you should have most of what you need for your Privacy Policy.
It will include the lists you made for:
- What data you collect
- What 3rd parties you share that data with, and links to their Privacy Policy
- How you use the info you collect
- A way to contact you, so a visitor can ask for their info to be modified or deleted.
Okay, you’re ready to post the first draft of your policy.
And realize that it is a work in progress that you will be editing as we all go through this, and new info becomes available.
Once that is published and you have a link, then put it in the easy places you listed.
Don’t worry about the rest for now. Just get this much done.
Last 2 things
As of this writing, May 9, 2018, I’m still vetting the best plugins for us to use.
We’ll need a plugin to create a little pop up to:
- Notify visitors that tracking and cookies are in use, and turn off that tracking until visitors say okay
- Provide a button that visitors can click to give consent, so all that tracking can be turned back on
- Provide a way to record that consent was given
We’ll also need a plugin or a service to help:
- Provide a way to produce a report on demand of that visitor consent
- A way to modify the data, per a visitor’s request to do so
Some that help will be provided by WP 4.9.6.
Some will be provided by our vendors, like our email list service (Mailchimp, Aweber, etc).
And some may be provided by other vendors, like other plugins that have an all-in-one GDPR service. But those can be expensive and some of them even scare me a little with regard to site security.
I’m vetting and testing all of this stuff as fast as I can. I’ll post more when I have it.
Just watch for those posts on BlogAid. That’s all you have to do.
Keep in mind that I have to find something to work for me too, so I’m on the ball with it.
Bonus Points
Ultimately, you, as the site owner, will be held responsible for keeping all of the data you collect secure.
On average, I find 26 security holes and performance drags that no plugin can detect.
2 birds – 1 stone – we’ll get your site speedy while we’re at it. Don’t let all this GDPR hoohaa make you forget that speed will become an SEO ranking factor in July.
Be patient with GDPR stuff and yourself
The GDPR police are not likely to come after you or your blog on May 26, 2018.
It’s also not likely that site visitors will suddenly demand that you get their consent for tracking first, or produce a report of consent on that date either.
Take the easy steps you can today.
Wait on help that is coming for the rest.
Add what you need, as you go.
Breathe, it will be alright. We’ll get through this together.
Disclaimer
I am not a lawyer. This post is for informational purposes only and should not be taken as legal advice. Do your own homework on GDPR. Due to the legalities of all this, I do not offer GDPR compliance services. But I will do my very best to help you stay informed so you can do this for yourself!!!!
This book could save you hundreds of dollars and months of frustration. Get it free with your subscription to
MaAnna, This an amazing amount of information and you’re wonderful to lay it all out like this for us.
Gotta say, I’m still feeling a little overwhelmed (smile) but you’ve made me less so with this breakdown.
Thanks for the guide to getting started.
Happy day to you.
I was feeling pretty overwhelmed with it myself!! Now that I’ve checked into it more and get the overall view, and have a plan to work on a little each day, I feel a lot better!
I feel so much better! I’ve been in freak out depressed mode since I read Tips Tuesday yesterday. It seems so overwhelming!!! BUT you’ve made it seem doable today : ) Thank you for talking me off the ledge LOL!
Same here Tipper!! It was plain that the big thing to address with this was that overwhelm feeling.
We can do this!!!
I am so glad you are breaking it down for us. Because yes the tech stuff does overwhelm me. And we are getting so much information which can also be overwhelming. Thank you for being there.
Glad it’s helpful Debra!!! Good to get it in bite size pieces.
Bless you, MaAnna!!!!! This helps SOOOO much!!! What would we do without you?!?!?!?
Woot!! Glad it’s helpful, Dee!!!
Thanks for the chill pill! After feeling like GDPR has become my entire life for the past two weeks (at the expense of my real work), it’s good to hear the world won’t come to a screeching halt on May 25. (Kinda like Y2K …) And just FYI, here’s what Bloomberg tweeted yesterday: “Europe may come to regret its new data rules” (Ya think?)
I’m still moving forward on this … finished my Privacy Policy revisions last night & will post later today (with more changes to come after the WP update). Now I just need to decide how to approach my e-mail list … whether to force everyone to reconfirm, or just the 5% or so that are non-US based. (I’m leaning toward the latter option.)
Yeah, I think we all needed a chill pill. The frenzy was getting to be too much.
I was an electronics engineer for 30 years and involved in updating systems to avoid the Y2K thing. That’s why it seemed like a non-event. A lot of folks worked hard to make it so!! But this thing – oh my word. It’s going to hit a lot of wallets, in every kind of way!!
Agreed about thinking through the email list options for sure!! That will probably be the last thing on my list. But, I had intended to make changes to my optin anyway, both the freebie, and the way the segment is set up. So, this will be a good time to tackle all of that.
Thanks for talking us all down. As you know, I’m still getting through the https transition. And then GDPR is right on my heels. I’m off to read your guide. Thanks MaAnna!
Yeah, I had to take a day off from it and get some perspective about all the GDPR stuff. We definitely don’t want to panic or make knee-jerk reactions that hurt our site, or make things worse with other changes coming very soon, like WP 4.9.6
Thanks for all this MaAnna. I took my chill pill a while back. I’m just waiting to see how all this will come down & in the meantime, I’ll work on my Privacy Policy.
Good for you, Florence!! I’ll have more news on it as I complete my tests.
So everyone who has a tracking account with Google is collecting IP addresses! I did not know and barely look in Google Analytics because I find it all too much! And Google is reading the visitors IP address from their…browser?
I am actually glad that higher levels of data protection are being forced onto web businesses even if I find it confusing.
Thanks for giving us a step by step MaAnna
Alex, let’s be very clear about this.
YOU, as the site owner, and Google Analytics account holder, have access to the data that Google Analytics collects.
Google does not have access to that data. Nor does any other Google related product except Search Console, if you choose to hook them together.
And that is an account you privately own too. Google can’t see it either.
Thanks so much for this info! It is totally overwhelming. To someone’s question above, what are your thoughts on sending an email to your entire list to have them re-opt in? I’m not sure if that’s necessary or not! Thanks!
I’ve been talking about the email situation a lot in my livestreams on the BlogAid Facebook page. You’ll want to check all of those out, as each one has good tips.
thank you I will!