5 Ways to Respond to GDPR

Stressed out over the new General Data Protection Regulation (or GDPR) legislation? It affects all of us as bloggers and online business owners! But don't panic! This post addresses how to respond to GDPR. #eliteblogacademy #GDPR #emailmarketing #blogging #onlinebusiness #businesstips

[Note: This material has been prepared for informational purposes only, and is not intended to provide and should not be relied on for legal advice or GDPR compliance. If you have further questions about compliance, consult your legal counsel.]

New legislation in Europe, called the General Data Protection Regulation (or GDPR) went into effect on May 25, 2018, and it doesn’t just impact business and citizens in the European Union (EU). It affects all of us as bloggers and online business owners.

Simply put, the GDPR gives citizens in the EU more control over how their data is used.

Confused about where to start?

Our brand new From Concept to Online Business Starter Kit will show you exactly what steps to take to get your online business up and running—as well as earning real money—as fast as possible.

If you have a blog, chances are you at some point could have a reader based in the EU, which means that technically, you could be subject to compliance these laws.

And while it might be hard to enforce right now, the reality is that legislation like this is likely to continue roll out. Truth be told, the laws regulating how we receive, use and store data need to be updated, and while it’s primarily aimed for EU companies and citizens, becoming at least somewhat compliant improves online marketing in our neck of the woods, too!

Likened to establishing speed limits, GDPR makes online data protection enforceable with hefty fees in proportion to your income. But here’s the most important thing to know right now: if you’re used to doing business “above board,” there’s no reason to panic. Stay within the established limits and you should be safe. Click to Tweet

It’s really all about informed consent — meaning, when people give you their information (email address, contact information, etc.), they understand what type of communication they’ll receive from you.

Besides NOT panicking, here are several first steps when learning how to respond to GDPR.

1. Get educated.

Here are five resources to review to help you evaluate what you can do to become GDPR-compliant and help answer questions you may have about the new regulations.

2. Update your site’s Privacy Policy.

If you require any type of consent for your data, publish an easy-to-read privacy policy that uses clear and natural language – unlike this: “We may use your personal data to develop new services.”

Natasha Lomas at TechCrunch explains:

“‘We may use your personal data for research purposes’ will not pass muster under the new regime. So a wholesale rewriting of vague and/or confusingly worded T&Cs is something Europeans can look forward to this year. Add to that, any changes to privacy policies must be clearly communicated to the user on an ongoing basis. Which means no more stale references in the privacy statement telling users to ‘regularly check for changes or updates’ — that just won’t be workable.”

Be able to demonstrate that you have permission (consent) if you contact any customers using e-mail, direct mail, SMS or other means. Be clear about what each customer opts to provide and receive, and you avoid using pre-checked consent boxes to get their consent.

3. Include additional consent opt-ins for mailing lists and online communities.

When someone gives you their information, you’ll need to have a fair processing notice to tell them why you’re collecting it, what you plan to do with it, other companies that could receive it, and how long you’ll be keeping it.

For example, on opt-in forms, tell them all the types of communication you plan to send them. If they’re downloading a free PDF from you, also mention you will send them information about your products and services.

4. Make your unsubscribe and opt-out options clear and easy to access.

If you use a reputable email platform like Mailchimp, Drip, ConvertKit, etc., they’ll likely have guidelines in place to make it easy for you to stay compliant.

5. Prepare to report data breaches within 72 hours.

You’re totally responsible for the data your website collects. So if you’re hit with a cyberattack and the data is stolen, you could be liable. GDPR requires you to demonstrate that your data is safe, and the simplest solution may be to invest in encryption software. Encryption software is not required by GDPR but might be a good option to help keep your data secure and also prove that you’re looking out for your subscribers and customers.

Once again, we would like to reiterate that WE ARE NOT ATTORNEYS, and the advice here is for informational purposes only, and should NOT be considered legal advice.

Similar Posts


  1. Thanks for sharing this great article with us..Keep Doing Good work..We need more information like this .

  2. Ruth Soukup says:

    So happy to hear it Hilde! Have a wonderful weekend!

  3. Wow, this is very helpful! Thank you!

Leave a Reply

Your email address will not be published. Required fields are marked *