GDPR for Bloggers (exact steps for complying)
Consequences of GDPR for bloggers and how to comply with that privacy regulation has been a hot topic since the GDPR went into effect on may 25, 2018.
The General Data Protection Regulation, better known by its acronym of GDPR, is possibly the most important change in data privacy regulations for at least a decade. The GDPR is a lengthy document that involves many different areas of data processing. You can read the entire regulation here. GDPR compliance for bloggers is an important subject, but not everyone knows how to comply or the exact steps to take. This post will show you how to have GDPR compliant consent form templates. You will also see a discussion on GDPR email consent examples and images for GDPR opt-in email examples.
However, when it comes to blogging and online communities, GDPR almost strictly comes into play when it comes to collecting data from your website visitors for email marketing purposes. Since GDPR’s implementation, many articles, videos, and posts came out about GDPR for bloggers and how to comply.
However, not many of those posts and articles actually show you how bloggers can comply with GDPR when it comes to data collection, consent, and email marketing. Continue reading this post because you’re not only gonna read about how to comply with GDPR as a blogger, but you’ll actually see examples in a form of photos and videos.
This is a lengthy and actionable post, so bookmark or pin this to be able to come back to it if you need to.
The main areas of GDPR that bloggers and online entrepreneurs need to be concerned about are related to data collection, data use, and email marketing.
Most importantly, you need to state your terms clearly, get express and clear consent before you can add anyone living in the European Union to your email list.
To make sure that your website is compliant also, you should have a GDPR compliant Privacy Policy and Disclosures in place. If you don’t already have this, or if it’s not fully compliant, check out my Website Legal Policies Bundle where you can get fully customizable legal templates for your website.
If you want to know what type of policies you should have in place, and what disclosures to make, read my post on how to blog legally.
Generally speaking, as bloggers and online entrepreneurs, you collect a certain amount and type of data from your visitors. This data can be a name, email address, phone number, geographic location, computer system, etc.
Some of this information gets collected by cookies. The other part you collect manually by having your visitors enter this information.
In the case of information collected by cookies, GDPR requires that your visitors must consent to have the cookies collected, and they also must have an opt-out option.
In the case of manual data collection entered by your visitors, they must consent to be included in your email list, regardless of whether you have their email addresses or not.
Cookie policy consent options for GDPR compliance
Cookies are a very small file that gets downloaded when a person visits your website. It can store snippets of information such as geolocation, computer system, visiting website, analytical data, third party data, etc.
Cookies are separated into two parts: essential cookies and non-essential cookies.
Prior to GDPR enforcement, you just had to tell people that your blog/website was using cookies. Generally speaking, people weren’t given the option of agreeing or opting-out.
However, post-GDPR, websites are required to not only give the notice that your website is using cookies but also to give the people an option to accept or not.
This means that information does not get stored in the cookie until the user accepts it.
You don’t have to make the cookie policy super fancy and have all kinds of buttons on it, but it’s important to have consent to store cookies.
The above cookie policy notice is a GDPR compliant notice because it gives people the opportunity to accept all cookies, or not, plus it also goes a step further and lets visitors choose which cookies they will accept or reject from the cookie preferences.
In order for bloggers and online entrepreneurs to comply with GDPR, it’s important to remember that the key is to give choice to your visitor. A choice to agree or not, a choice to be on your email list or not. You cannot assume consent or dictate it by having certain fields be pre-filled.
Steps that bloggers and online entrepreneurs can take to comply with GDPR when building the email list
Email list building is one of the areas that was impacted by GDPR. A popular and successful method of email list building became offering a free resource for people who want that resource and when they opt-in, they get added to your email list. Pin This ↓
When they would click on this resource, they had to enter their email address in order to get it. This email address would automatically be added to the email list of the blogger or online entrepreneur.
However, under GDPR, you can no longer add anyone to your email list unless they specifically, unambiguously, and expressly consent to be on your email list.
So what does this mean for bloggers? What can you do as a blogger or online entrepreneur to grow your email list, yet remain compliant?
Here are some steps you can take to make sure you’re not breaking any laws:
- Ask for express consent;
- Convince/sell on giving express consent; or
- Revert back to the old days of asking people to join your newsletter.
Ask for express consent to add people to your list
Once the GDPR went into effect, we bloggers started having a hard time building our email lists as before because now we couldn’t automatically add visitors to our email list if they opted-in to receive a free resource like freebies or lead magnets.
To stay compliant with GDPR regulations, as a blogger you have to ask/receive for express consent before you can add anyone to your email list.
This can be done by including a consent checkbox, a dropdown option, or radio buttons on your opt-in forms.
However, I would urge you to be cautious when using a checkbox. Many lead forms and lead collecting forms have an option fo adding a checkbox, but it’s a mandatory checkbox.
This means that if a reader does not check the checkbox, they can’t move forward. So if you were offering a freebie, and your reader wanted to get that freebie, the form would not let this reader move forward until they checked the checkbox.
This, however, is not compliant with GDPR rules. The consent that you get must be voluntary, unambiguous, and express. A consent that you get by essentially forcing your readers to give to move forward is not
I recently ended up on a certain website. There was a popup that opened up offering a freebie growing a YouTube audience. This interested me, and I wanted to get the freebie. I filled out my name and email. However, there was a checkbox that said something along the lines of “by checking this box, you’re giving me permission to send marketing and promotional emails.”
Well, I didn’t want to receive e-mails. I just wanted the freebie, so I decided to leave the box blank. I tried to submit my information. Except, it wouldn’t let me submit unless I checked the box.
Do you see the problem here? If I don’t check it, I am not getting the freebie. If I do check it though, it’s not proper consent for her to add me to her email list because my consent was forced, it wasn’t voluntary.
Using drop-down selection or radio buttons is more effective than using a checkbox
As bloggers, you have to be careful to comply with legal requirements for blogging, as well as GDPR rules. You must get explicit and voluntary consent before you can add anyone to your email list.
As I discussed above, having a checkbox for the consent doesn’t always work, because most of the time bloggers either don’t realize or don’t know that they’re making consent to the checkbox mandatory in order to move forward.
For this reason, drop-down boxes and radio buttons are a better option for getting consent on the opt-in forms.
As bloggers, you should realize that your freebies have to be provided to your readers when they sign up for it regardless of whether they give consent for future marketing and promotional emails.
This means that the way you set up your opt-ins and lead generation forms are important. You have to make giving consent optional. This means that your reader must be able to get the freebie from you without giving consent.
This step is best done with a drop-down option question, which allows the reader to either agree to give consent or not. Moreover, if you make answering this question optional, this means that your reader might not even answer the consent question and move forward.
Obviously, if they do this, then you do not have consent.
This means that your reader can either give consent or not, depending on which option they will choose from the drop-down. Moreover, if you don’t make the drop-down required, then they might even completely skip it.
If they skip it, and you don’t have their express consent, this means they cannot be part of your email list unless you convince them otherwise.
Convince your visitors to give you consent
Getting consent for GDPR purposes on the opt-in form itself is not the only chance you have for convincing someone to be on your email list or give consent to receive marketing and promotional content from you.
You have a few other opportunities to convince your readers to give consent.
“Sandwich” Landing page is an alternative method for getting consent
One such opportunity is gonna be on what I call a “sandwich” landing page. When your reader opts-in to get a freebie but does not consent to be on your email list, then they get sent to your thank you page after they entered their email. On this “Thank You” page you’re either gonna let them download the material, or you’re telling them that you’ll send the freebie over email.
Now what you can do is to create one additional landing page before your “thank you” page. I call this method, “selling your reader on giving consent”. This additional landing page that is immediately between the optin and the “
On this page, you might outline some key benefits of being on your email list, the types of content you send out, and the type of information you generally provide.
The sole purpose of this page is to sell your reader on the idea of giving consent because being on your email list is gonna benefit them.
You can have a link or a button that they can click on if they agree to be on your email list. In your Email Service Provider (ESP) you can designate a tag of GDPR_Consent, so when people agree to be on your email list and click on the button or link, your ESP automatically tags them as GDPR_Consent.
Don’t forget to have another link or button on that landing page where again you’re telling your readers that if they don’t want to be on your email list, then click on that link. This link would ideally take them to the “Thank You” page where they can get their freebie or get it in their inbox.
Use your freebie delivery email and your follow-up as an opportunity to convince your reader to give consent
One thing I want to note
However, make sure that you also tag the people who don’t give consent, so you don’t send them any emails aside from delivering the freebie and follow-up email.
These emails that you’re allowed to send are another way that you can try to convince your readers to join your email list. In the email that is delivering the freebie, you can outline a few important points about how much value you provide to your email list members, and how you love to send helpful content to help their businesses grow.
Then just like before, include a link for them to click on if they give consent to be in your email list. Track this link, and assign a tag as GDPR_Consent or whatever tag or custom field you designated to indicate that consent was given. If your reader does not give consent, then at this point the best and safest course of action will be to deliver the freebie, follow up, then delete the contact permanently. You don’t want to send them emails accidentally.
Ask people to join your newsletter
If all else fails, you can always go back to the way things were before.
Accepted practice was to ask people to subscribe to your email list to get updates and new emails from you. This worked well in the beginning. However, as the market became saturated, people started using the lead magnet or freebie technique to attract readers to their email list.
Asking someone to sign up for your newsletter, and them doing so is compliant with GDPR laws.
This is because you’re not adding them to your email list without their knowledge or consent. You’re asking them to join your newsletter, which is already the consent part straight away. Once they sign up, that means they consented, and therefore, you don’t need to worry about other requirements as far as GDPR is concerned anymore.
Is double opt-in necessary for complying with GDPR as bloggers?
Many bloggers and online personalities have mixed feelings about double opt-ins. To make sure that everyone is on the same page, double opt-in is when someone opts into your email list or wants to get a freebie, you tell them to check their email. Then you go ahead and send an email, where you ask them to confirm their email by clicking on a link or button.
Double opt-in a good practice for having a clean email list. This will help you avoid having spam accounts in your email list. If used correctly, double opt-in is also a good way to comply with GDPR laws.
However, that’s where most people go wrong. By just having a double opt-in does not make your website or your data collection process GDPR compliant.
Here is an example of how most people use double opt-in. This is not compliant!
In the scenario laid out in the infographic, your European Union (EU) reader did not give you consent if you asked for it, or you didn’t even ask for it.
Note: If you did ask for consent, and your reader gave it to you explicitly, and voluntarily, then that double opt-in is compliant. This particular case is about when there is no consent.
Basically, after your EU reader does not consent, and just wants the freebie you were offering, you still make them click confirm (this means they are a confirmed member of your email list) in order to get the free resource they opted in for.
This is not GDPR compliant because you’re forcing them to click confirm to get the freebie. To comply with GDPR as a blogger, you have to provide free access to the freebie whether or not they want to be on your list.
You can’t make your readers consent in order to get the freebie.
Double opt-in can work beautifully and comply with GDPR if you use it as a method for asking consent after you give your readers access to your freebie. This can be part of your persuasion in the email itself for your readers to give you consent to be on your email list.
Conclusion
Throughout this post, you saw different methods for complying with GDPR as a blogger. More often than not, bloggers know that they’re supposed to be compliant with GDPR rules, and they might even know what it means, but they don’t know how to get it done.
GDPR for bloggers is an important change in regulations and it affects certain important parts of blogging practices, information collection, and websites.
Related reading
Hi Mariam,
That made it so much clearer, thanks. One thing I’m still confused on, though. Where you say “You’re asking them to join your newsletter, which is already the consent part straight away. Once they sign up, that means they consented” they consented to a newsletter, right? So you can’t send them anything that is not a newsletter. So if you find a neat niche-related product or something, then you can’t send a short email blast out telling them about that. Is that correct?
Is there a better way to word that besides “newsletter” so you can send them other email info?
Yes, in theory this is correct, Mike. A better way would be maybe to ask them to join your email list for updates on new products and services.
This is such a helpful post for bloggers. I’ve heard you talk about this on a podcast but it’s great to read it again. I think this is a very confusing area and most ESPs do not make it easy to follow the rules. I think online privacy will only continue to increase, so following the rules from the start is good practice. Thank you for such an informative post.
You’re welcome Maura! I am glad you found this helpful. I agree with you, I think online privacy laws will become more and stricter as we go.
Hi Mariam! Thank you for this great post.
In Convertkit, you can subscribe someone to a list by having them tap a link within an email. If someone signs up for a freebie and they receive the freebie in an email, can I offer them the opportunity to tap to sign up for my email list? Would that qualify as consent?
Thank you!
Hi Mariam,
I’d like to thank you for this blog post. Finally I’ve found everything explained as I needed to!
One question: can I have only a sign up form for the newsletter on my website and make all my freebies subscribers only? It would be a different approach: freebies are like a kind of a bonus to the subscription. It’d be all or nothing: with the newsletter subscription you have also access to all freebies and content upgrades. I wouldn‘t have any explicit sing up forms for a freebie.
Thanks for your answer!
Cheers
Mario
Hi Mario,
I am glad you found the post helpful. Thank you for your letting me know. As to your question, honestly, it’s a very gray area. I know some people who do this, but I strongly believe that this tactic is not GDPR compliant. However, seeing as how there is no case law at the moment telling us specifically this is not permitted, you might be ok. However, this is a judgment call on your part. So use this method cautiously. One way that might make it more compliant is if you say you regularly send your list free resources and bonuses along with great tips and strategies (but don’t say specifically what the freebies are or when they’ll get it).
Hi,
Thanks for your answer. It clears the whole thing up.
I’ve got another question: can I consider an email sequence of 6 mails delivered weekly which explains the topics I’ve got in a cheat sheet as a follow up to the freebie?
Thanks
Mario
Hi Mario,
no, generally that’s not allowed. The only email you can send out is just one follow up immediately after the person signs up to deliver the lead magnet. The only time it’ll be ok to email them for that many times is if the person signed up for a freebie like that, let’s say 6 weeks of free email course delivered via emails by six emails.
Cool! Thanks!
Hi! Great detail article, thank you!
Can you please clarify this for me: “This is not GDPR compliant because you’re forcing them to click confirm to get the freebie. To comply with GDPR as a blogger, you have to provide free access to the freebie whether or not they want to be on your list.
You can’t make your readers to consent in order to get the freebie.”
Can I not make it mandatory to tick a box to sign up to marketing emails to be able to get a freebie? They are able to opt out and have taken positive action to opt in. I haven’t seen this being pointed out in this way anywhere else before.
Thanks!
Hi Maria, I am glad you found this post helpful!
Yes, a closer reading of GDPR explains that free resources (freebies) must be given to the person who wants them, and you can’t make them agree to be on your list before doing so.
A checkbox will be compliant with GDPR only if it’s optional. That’s why I said most checkboxes aren’t compliant because if someone wants your freebie, but doesn’t want to receive marketing emails, they won’t be able to move forward to get the freebie unless they mark the checkbox. This consent is no longer a valid consent, because they are forced to give it in order to get the freebie. A better approach is to give them the freebie, but have a link in your email for them to click it if they want to stay on your email list. That way you deliver the freebie, and ask for valid consent. If they don’t click the link to be on your email list, you should either delete them from your system, or put on “no marketing emails” list.
Thank you for covering GDPR in a way that is so easy to understand, and with concrete steps on how to actually be compliant beyond putting a privacy policy in place. It’s still an intimidating topic for me, but it’s no longer paralyzing now that I understand it better
Thanks for the kind comment Rita. If you feel that way, then this post served its purpose. 🙂
This is really useful information, especially for bloggers starting out, sometimes the legal stuff is really easy to miss, and quite terrible to do so. Thank you Mariam!
I am glad you found it useful Carlo! I completely agree with you. Legal stuff is not very attractive, and gets forgotten often times. Thanks for stopping by!
Thank you for this article, it was full of great information.
I am so happy you liked it Leslie! Thanks for stopping by 🙂