The European Union General Data Protection Regulation (GDPR) comes into force on May 25, redefining the way consumers and businesses manage data online for good. The new regulation is set to affect virtually everyone operating in the Internet, from retailers to social networks, from influencers to bloggers.

The main aim of the GDPR is giving citizens in the EU more control over their personal data, forcing organisations to change their approach to information collection and management.

As a blogger, do I need to comply with the GDPR?

Yes. As an umbrella regulation incepted to provide European Union citizens with total control over their data, the GDPR is rather ample, affecting all types of webs, including blogs.

Even unknowingly, bloggers collect personal data – defined in the GDPR as “anything relating to an identified or identifiable natural person” – like name, email, address or even an IP address. Additionally, bloggers do process data, what under the light of the new regulation consists of “any operation or set of operations which is performed on personal data”.

Most blogs will collect data in different ways:

Blog post comments data (name, email, IP) Traffic stats plugins/tools such as Google Analytics Third party hosted services such as content sharing or subscriptions to blogrolls Email signup forms Contact forms Data transferred to and from the server where your blog is hosted

Does GDPR just affect bloggers in the European Union?

? What’s the price of doing nothing?

Are just European bloggers the ones who need to comply with GDPR?

No. The GDPR applies to data collected about EU citizens from anywhere in the world or, in other words, a blog with any EU visitors or subscribers to newsletters, mail lists, etc. must comply with the GDPR.

How should bloggers get and manage data?

Once the GDPR is enacted, people visiting your blog from the EU must confirm that their data can be collected. Furthermore, you need to make it clear that you have a privacy policy which openly explains how data is going to be stored and how it is going to be used.

But most importantly, you need to provide you readers the right to withdraw the consent to use their personal data (consequently deleting the data), if required. This applies to both new and current readers and subscribers to your blog.

If you use email and / or social media marketing, you need to give people the right to opt out of direct marketing that uses their data. If you have a mailing list, you need to inform your subscribers about the GDPR and ask them to click to confirm they still want to receive those emails. After May 25 all non-responders will have to be removed.

What’sthe cost of doing nothing?

The penalty for non-compliance can be up to 20 million euro, or in the case of an undertaking, up to 4 percent of the total worldwide annual turnover of the preceding financial year, whichever is higher.

Also, if your blog was hacked or suffered from any sort of data breach, there might be additional penalties depending on the seriousness of the breach.

Image:The Blonde Salad blog