Summary of GDPR for Affiliates and Bloggers: More than a Privacy Policy and Cookies

Last Update: May 26, 2018

Hi guys, this is a very brief 'in a nutshell' summary to show you that GDPR compliance has a couple of more basic steps than just privacy policy and cookies or analytics.

I will do out a proper walkthrough on this next week but with the WP 4.9.6 GDPR update already upon us peeps are stressing out now and unnecessarily, especially afraid of fines. Sso just some quick pointers here to help you RELAX and not worry about those big fines which are not aimed at us, they are aimed at big organizations for non-compliance and data breaches that cause chaos in people's lives. Does that mean we can ignore GDPR, no, visitors can still report you if their new 'rights' aren't upheld. But it's not so hard. And here is why:

GDPR in a Nutshell = Security, Privacy, Accountability and Data i.e. S.P.A.D.

S - P - A - D

  1. Security:
  • This includes keeping up with wp and plugin updates as they come into your dashboard, also theme updates;
  • Make sure your SSL certs are applied to your website, they are free here at WA;
  • We also have SiteProtect here but people hosted elsewhere will have to make sure they have extra security plugins and MarionBlack has some training on all that.

2. Privacy:

  • This includes the new updated privacy policy in wordpress

3. Accountability:

  • This is you being able to show that you've a plan in place for proper security
  • Updated privacy policy with the inbuilt disclosures
  • Can demonstrate you are collecting data according to the GDPR which includes choosing GDPR compliant plugins and tools which are in the process of being rolled out right now. You will see these now have clearer consent.

4. Data:

  • Personal data is name and surname, photo, basically anything that can identify a person so you've got to respect people's privacy in the handling of all of this now. We always respected this at WA but things are being tightened up a lot more with GDPR. You have to be aware of where you are collecting data on your site and plugins.
  • The person has the right to ask you for whatever personal data you have collected on them, and there is a new feature built into the wp dashboard under Tools>Export for 'data portability' so you can export that on their request.
  • The person has the right to ask you to erase personal data you've collected, again built into Tools>Export

There is a bit of a learning curve but it will become second nature. Also even the official websites on this are not yet compliant, you should not feel so bad and entire week before the deadline. This is where 'accountability' plays in your favor, keep a record of the steps you've taken as you go along.

And remember some perspective on this is it is being rolled out worldwide and there is a settling period. They are aiming at big organizations with sensitive data but also cleaning up some direct marketing practices where people get spammed, or slimey marketing practices where people are profiled and data gathered up for no good reason and without consent. It's a good thing guys.

But we are one small sector with our websites and we need to focus on our specific needs when it comes to GDPR for affiliates and bloggers. I will do a proper walkthrough soon based on what I've seen in the official information, some people are interpreting 'export data' wrong for example, keep it personal data only.

Meanwhile I revamped this blog entirely as some of you went into meltdown, you'll get a feel for the big picture here, it still needs application but that is actually a process and you have time. It includes a very nice example of a privacy policy done up by people who had access to lawyers, though they are a webshop there's only a few differences in terms of which cookies.

https://my.wealthyaffiliate.com/mozmary/blog/gdpr-privacy-po...

This is what google has asked people to update

https://my.wealthyaffiliate.com/training/google-analytics-gd...

*Update: There is a lot of hype on cookie popups and IP anonymization at the moment but imo we do not need to worry about that, google should look after it on their back end as part of the 'privacy by design' that comes with the general data protection regulation. Many sites out there especially in europe seem to have been given some very bad advice...

Mary



Join the Discussion
Write something…
Recent messages
Aria-Len Premium
I'm so confused... Is there a template?
Reply
onmyownterms Premium
Yes, it's located in SiteContent.
Reply
Aria-Len Premium
Ah. Thank you!
Reply
MozMary Premium
Kyle has a privacy policy template in sitecontent, bit of an update on the old one, he also has a blog he released 'a discussion on gdpr' in his profile, it is a bit of an open discussion with different people interpreting gdpr differently - it would be easy to be confused because half of europe over reacted and literally 'broke the internet', they completely wrecked access to their website but really we don't have to panic just stick to the outline I showed you, keep up to date with security, do the privacy policy, full respect for personal data and get used to the new features on the wp dashboard, though hopefully no one will ever ask for that :D

google is part of the problem they have to do more on their end, not us imo
Reply
Aria-Len Premium
Thanks! I found it. I was able to update my privacy policy page fairly easily (thank goodness) so I think I should be ok now. Broke the internet? Wow, that's massive!
Reply
Pamela111 Premium
Thanks for helping all this make sense to me.
Reply
tommmm111 Premium
Alot to do but so glad for your help. Good luck,

tom
Reply
MozMary Premium
Hi Tom, Tommmm :)

I'm hearing so many crazy things out there telling people to do stuff they don't have to do, a lot of people making money on it, some company just tried to sell my dad $1000 worth of stuff he doesn't need! It will boil down to very little, Kyle has come out with an update on privacy policy, your favorite plugins that you already use will all become gdpr compliant by themselves, there is no real need for most of the plugins and popups out there ;)
Reply
tommmm111 Premium
Thanks again for the help and it is true about use few plugins. I guess the main reason is to preserve site speed. Good luck to you,

tom
Reply
ElianeLima Premium
Thanks, Mary.
Reply
mbouteiller Premium
Thank you Mary,

I'm reading as much as I can here on GDPR.

I appreciate your help.

Monica
Reply
MozMary Premium
Hi Monica, it's going to get a lot easier, you've already all the security and best practice here at WA and in the training, Kyle will do up an update to the pp to show us the way, the other plugins are becoming compliant, it's just awareness now and not getting caught into buying stuff we don't need...
Reply
mbouteiller Premium
Hi Mary,

Thank you. I just read Kyle's GDPR Compliance.. he makes it easy. I appreciate the heads up on Kyle's update.

I'm definitely not going to buy stuff...

Thanks again,
Monica
Reply
mybiz4u Premium
Thx, MM
M
Reply
MozMary Premium
lol, ur wlcm :D
Reply
EOPolini Premium
Hi, I've read about obtaining consent for cookies when people visit our sites before they actually receive them; for what I've seen a warning banner is not enough, and only premium plugins might provide this capability. Would you share how you are managing this aspect?
Reply
MozMary Premium
I'm watching the debate on all that, it is not settled, but one thing for sure is it will never be necessary to buy a premium plugin to handle an issue like that.

Also we need to distinguish between WordPress and Google Analytics in that...
Reply
EOPolini Premium
Thanks Mary, I agree on this being a process we're all adjusting to, hopefully the dust will settle soon!
Reply
denara2017 Premium
Thanks Mary. Keep going WA.
Reply
feigner Premium
thanks for all the work you are doing on this Mary.
Reply
MozMary Premium
Thank you! I like to get to the bottom of things and cut through the hype otherwise we tend to get told and sold a lot of crazy stuff out there !
Reply
Igor13 Premium
Thanks for your help!
Best regards!
Reply
MozMary Premium
Thanks Igor!
Reply
LouisaB Premium
Thank you very much for this timely information.

A Newbie may not know what GDPR means.
Maybe spelling it out within brackets may work to.

Just a suggestion!

Thank You!
Reply
MozMary Premium
general data protection regulation

yes, this is just a summary blog, had intended to do a longer one with those sort of details, but with all the hype out there and some people in meltdown I left it short and sweet this time with no mouthful terms, because it can get pretty wild :)
Reply
LouisaB Premium
Okay, I got it in your other GDPR report/blog.
Thanks very much!
Now, let me follow through with your tutorial.

Louisa B
Reply
Jewelia Premium
Thank you very much for the clearly and very well explained information, Mary.
Reply
MozMary Premium
Thanks! :)
Reply
Pernilla Premium
Thank you Mary for your reassuring post.
This topic occurs complex to me, so I'm grateful do hear your calming words.

Better do the work now.
:-)
Reply
MozMary Premium
Kyle is going to help us with an updated privacy policy but yes there is still a little personalization we have to make. It will all get easier! :)
Reply
Pernilla Premium
Thank you Mary for the additional news.
That's wonderful that Kyle will provide us with an updated privacy policy.

I have generated a Cookie Policy with the cookie generator Stefan (Tolinoli) have suggested. Won't it be necessary whith the updated Privacy Policy?

What about the Google Analytics? Shall I do that as the last step after the Privacy Policy update and after installing the GDPR-Plugin?

Appreciate your help very much!
:-)
Reply
Happy2Learn Premium
Thanks Mary
Reply
ElaineSmith1 Premium
Done and done.. Thanks Mary!

Tried and True

Elaine
Reply
Rae-1965 Premium
I've been out of the loop due to computer problems, is this like the HIPPA disclosure one has to sign before they can see their medical provider?
Reply
MozMary Premium
I'm not familiar with hippa but it's way more than a disclosure, it is a whole level up on how people were handling personal data with some responsibilities added in the mix
Reply
QAVAVO Premium
Thanks for the information
Reply
PatsyC Premium
Thanks Mary.

I updated my Privacy Policy from Marion's and she has updates needed on the version we all have from the lessons.

Plugins and Tools>Export are new to me!

So far I did both Google Analytics things and my Privacy policy so I have a good part of it done.

Not sure about the subscriber form stuff. I removed my form to find another and will add it soon to my website, but will wait to see if something is needed before I add it.

Thanks for doing all this work for us!!
Reply
MozMary Premium
oh tools is the regular Tools in the dashboard, like if you were going to back up your website, we are familiar with tools>export, but now they've added two features because GDPR allows any visitor to your site to request any personal data you've collected on them and wp has created that feature within wordpress core so you can export THEIR personal data, also another feature in the same menu allows you to delete their personal data

that is part of the new law, 'data portability', the visitors literally can request all the info you have on them lol

So as far as accountability goes you can list the steps above and add a few others like what security you have in place, your ga green date, any gdpr compliant plugins you have...you are getting there

I haven't looked at Marion's pp yet, too busy this w/e :)
Reply
PatsyC Premium
Thanks for clarifying that it's part of the WP update they those features were added to Tools.

I'm on my way to submit my Privacy Policy in the 'Private' menu where WP added that if we don't have a PP, we can use their template and if we do, to submit it.

Marion's PP is the same as what we have from the lessons, but the one Google Ad link is updated, we had an older version and she had a bit more information I now have including a Google Cookie link. And a couple more things.

I will PM you my PP so you can see it. At the bottom I added that it supports GDPR

So far, for accountability I have the 3 Google Analytics:
1) Data Retention
2)Data Processing Amendment with the Green date May 13/18
3) Legal Entity registering my name etc..
Both 2 and 3 I printed out screenshots ;)

Then the Privacy Policy is updated and submitted to WP in 'Privacy'.

The plugins I have no idea but will when the info comes out.

Thanks!!
Reply
MozMary Premium
think about all the things you do for security and list them, some people that will be an eye opener but I'm sure you are on top of it

Marion has stated today she hasn't updated her pp yet, and Kyle has commented they will be helping us later in the week, though there is some individuality involved in them now

You aren't a legal entity, we did the second box there in GA

accountability lists will be individual, but you've shown you are taking action

there will be a couple of other things, we'll add them in due course
Reply
PatsyC Premium
Hi Mary,

It's great to hear Kyle surfaced and said something!
Reply
suzzziq Premium
Thank you, Mary:)
Reply
MozMary Premium
:)
Reply
JamesJB Premium
That's wonderful, Mary. Many thanks for this post as I'm a bit concerned about it all.

I'll look forward for more updates.

James
Reply
MozMary Premium
there's a lot of hype James, the fear element makes people want to comply but it may have been over played ;)

it will settle down and likely mostly be an improvement
Reply
MSnargrass Premium
Thanks for the info!
Best,
Marcus
Reply
MozMary Premium
you are welcome Marcus :)
Reply
Alan Hocking Premium
Thanks for keeping us all in the picture Mary I'm glad to see someone has their finger on the pulse! :)
Reply
MozMary Premium
Thanks Alan! Too many hours reading official sources lol!
Reply
Alan Hocking Premium
LOL!

Someone has to!! :D
Reply
MozMary Premium
muggins here, lol! I think I found my inner geek with this one though :D
Reply
Alan Hocking Premium
:D
Reply
Fleeky Premium
You are the best!
Reply
MozMary Premium
LOL! You ain't so bad yourself ;)
Reply
Loes Premium
Great info again Mary
Reply
MozMary Premium
Thanks Loes!! :)
Reply