The GDPR / Data Privacy Changes & What You Need To Do As A Blogger Before May 25th

You’ve probably heard about the GDPR (General Data Protection Regulations) that come into effect on May 25th, but most of us have been left a little baffled as to how they impact us as bloggers and what we need to do to ensure we’re compliant. Like any big change, it’s easy to panic – but there are only a handful of actions you need to take to ensure you’re operating within the regulations and protect yourself from potential action down the line. These new regulations are being introduced to uniform all EU member state’s approaches to data protection and ensure they’re applied identically (and yep, they’re relevant to us as British citizens even though we’re due to leave imminently!) As a consumer it will prevent organisations using our data irresponsibly, putting ‘opt in’ way ahead of previous ‘opt out’ approaches that could leave our inboxes overflowing with useless information.

It comes into force in less than a fortnight and essentially replaces the Data Protection Act 1998; compliance is vital, as any business found not sticking to the rules could be charged fines of up to 4% of the company’s global annual turnover. But as a blogger (or small business) what do you need to action? Even if you don’t think you collect data, you probably do: it could be IP addresses and names left in comments, connectivity you offer for readers to log in using their social channels, email addresses they shared to sign up to your newsletter, or even competitions they’ve entered. I’m by no means a data, law or internet expert, but after undertaking a lot of research and reading a lot of articles these are the steps I believe you need to take.


One of the most important things to check is whether your site is secure; you can do this by entering https:// ahead of your URL and if your site appears you’re already secure. If not, there are easy settings to change this within Blogger, WordPress and other platforms – or alternatively have a look on your provider to get a SSL certificate. (I just went into my settings and clicked a box to say ‘yes’ to https usage; it was that simple.)


The Information Commissioner’s Office (ICO) is, in their words: “the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.” The new regulations state that website owners should register with the ICO if they fall within certain categories, which brings with it a small annual subscription free. Although this has left many people feeling worried about budgeting for this additional cost, the majority of us don’t need to register at all. They’ve set up a handy quiz to give you a black and white answer to whether or not you need to take action (take it here.) For point of reference, I was told I didn’t because the data I acquire and manage is for promotion of my own products and isn’t shared with any third parties.


Consent is the number one issue of these new regulations, so it’s essential to have a privacy policy of your own that’s visible to anyone who visits your site. It doesn’t need to be complicated or scary, but it’s just there to cover your own back; I used an easy platform called Rocket Lawyer, which enabled me to personalise a privacy policy to cover all my businesses and download the full document so the content could be copy-pasted onto my site. (You can either pay a one-off fee of £30.00 or sign up to a free trial.) Placing the link in the footer of your site will ensure it’s visible on every page – and adding it to your ‘about’ info is a good idea too.


If you use cookies for collecting data, even for Google Analytics purposes, you should have a cookie pop-up on your site which readers can consciously agree to. They’re annoying, but absolutely necessary. If you host on Blogger or WordPress there will be an automatic version integrated into your site, so make sure this isn’t concealed or turned off; alternatively you can generate your own cookie pop-up by doing a quick search online and generating some coding to add to the backend of your site. CookieBot is a great resource and will do a free check to see if you’re GDPR compliant.


Newsletters have become big news in the bloggersphere, so if you hold a database of email addresses (or other more personal data) then you need to acitvely aask them if they’d still like to be contacted. The majority of databases have historically been passively created, so it’s really important to double check they still want to be contacted and give them an option to be removed / unsubscribe. You may have noticed a lot of these kind of emails landing in your inbox in the last few weeks, and that’s why. I’ve just sent my database a quick note at the top of my most recent newsletter checking they want to still hear from me and letting them know how their data is used.

It sounds like a lot, but really a few changes are all you need to ensure you’re keeping within the regulations and operating ethically as a small business owner and content creator. It’ll be beneficial to us all in the long term, so just make sure you’re making an effort to tick those boxes and illustrate you’re taking care over the data you collect.
Got any other advice, suggestions or things we should be looking out for? Let me know below!


Features PR samples unless otherwise stated. To read my full disclaimer, click here.  



  1. Jodie Melissa
    May 14, 2018 / 7:03 am

    This is so useful! Thanks for sharing Hayley

    • Hayley Hall
      May 14, 2018 / 8:45 am

      I'm glad it helped!

  2. Penny
    May 14, 2018 / 8:39 am

    Thank you Hayley. This is very helpful as you've put this so very clearly. I only realised a couple of weeks ago that this affected my little blog as before I'd thought surely not, I don't sell anything, it's all about writing. But no I realise now and I did panic at first. But it won't take much as I don't have a newsletter and this is the week when we get it all done – thanks again Hayley.

    • Hayley Hall
      May 14, 2018 / 8:46 am

      You're so welcome! I think many people panicked or thought it wasn't relevant to them (I did to start with,) but actually it covers everything we use in analytics behind the scenes so it's important to do research and implement the key requirements.

  3. Mrs Tubbs
    May 14, 2018 / 9:42 am

    I've just finished – fingers crossed – getting my blog ready for the end of the month. Apart from the comments check box which I'm hoping Google will do for me. Otherwise I'll have to pay to get some coding done. (I don't do code)It's been stressful, but it's also a great excuse to have a blog tidy. Have way through mine!

    • Hayley Hall
      May 14, 2018 / 10:52 am

      Google have been pretty good at implementing things – you usually just have to 'turn them on' or check that they work. But I'm with you, great excuse to get things in order!

  4. Pam Scalfi
    May 14, 2018 / 9:46 am

    thanks for the amazing things! off to check these for my own blog 🙂 always so helpful, THANK YOU!Pam xo/ Pam Scalfi♥

    • Hayley Hall
      May 14, 2018 / 10:52 am

      You're welcome Pam!

  5. Nital Shah
    May 14, 2018 / 5:02 pm

    Thank you so much Hayley, you have made so clear to understand and I so appreicate it. I now know what I need to do and I can start getting on with it. xx

    • Hayley Hall
      May 15, 2018 / 11:33 am

      I'm glad! It's confusing, but there's so little digestible info out there for small businesses or bloggers. Hopefully this helps clear it up a little.

  6. Ivy Shackleton
    May 16, 2018 / 2:45 pm

    Thanks Hayley! At least now I know where to start! You are right there is such little information for bloggers out there and it is all so confusing.

  7. Bekah
    May 22, 2018 / 10:16 am

    This post was really helpful Hayley! I was pretty intimidated by GPDR as a blogger, but I feel much better about it now. I've written up my privacy policy, so hopefully that's me sorted!

Leave a Reply


Looking for Something?