What is the GDPR?

GDPR is also known as General Data Protection Regulation. It's a new law that affects not only European citizens and residents, but people all over the world. It came into effect on 25th May 2018.

The purpose of the regulation is to protect people from being exploited by big companies who collect data and use it to target-market individuals.

Here's What Wikipedia Says

As a website owner you are required to comply with the GDPR if your website can be accessed by people in Europe.

As a responsible person I embrace the regulation and support our right to privacy and the right to be forgotten.

Are you complying with the GDPR yet? There's more to it than simply updating your privacy policy page.

In this tutorial I've attempted to cover the many different things that you'll want to know about regarding the GDPR. If I've missed something then please tell me in the comments below so I can add it to the tutorial.

Next Page: Wealthy Affiliate's Official Take

Please share the love, click 'Like This' (if you do). Ask a question, share something or leave a comment.



Join the Discussion
Write something…
Recent messages
SerenitySwan Premium
Thank you so much for this! I've completed it. However I had a question about the GDPR plugin. My page looked a bit different to yours with just a check box and place to put email. Is that okay?
Reply
MarionBlack Premium
I edited the text when I was setting up the page. You can do the same if you like.
Reply
VeronicasLuv Premium
I'm going through this very slowly. If I can get everything finished by tomorrow, I'll be very happy!

So far, I don't have any questions, but I'll make sure to go through it thoroughly before asking any.

I really appreciate the thought in putting this together, Marion.
Thank you!
Reply
MarionBlack Premium
You're welcome, Veronica.
Reply
Pernilla Premium
Thank you for the GDPR roundup, Marion, just perfect!
Great, I have accomplished all GDPR tasks.
:-)
Reply
MarionBlack Premium
That's great!
Reply
celiacman Premium
Hello Marion,
I think I have everything completed for the GDPR, I did install the GDPR plugin to make the changes much easier, I have my GPDR request form on my website as a widget is this legal?
Reply
MarionBlack Premium
As I mentioned above, Jeff, I'm not a lawyer. I can't advise you what is legal. A real lawyer would charge hundreds, if not thousands, to make your website 100% compliant.

If you're not in the business of ripping people off then you're unlikely to get hit with a fine. But that's just my opinion :)
Reply
celiacman Premium
Thank You Marion
This is so confusing not really knowing what to do, I watched another training video which showed posting the request on your side blog.

Jeff
Reply
MarionBlack Premium
Yeah, it's an option, too. The only free advice we're going to get is from people who can put up a disclaimer saying "I'm not a lawyer". Most of us can't afford to hire a legal expert so we just do the best we can.
Reply
celiacman Premium
Hello Marion
I do agree very few bloggers could afford a lawyer, I am sure this is something they have considered when making these new changes
Jeff
Reply
ocris Premium
Hi
I am self from EU - I am feeling ashamed for that
The politicians are idiots sorry.
At the moment i have install a plugin and block the traffic.
Why?
you can design your website pdgr confirm
but you cant work with this email adress.
give a free download for mailadress - forbidden
The mail address must justify the download
write you the same people over collect mailadress a follow up over another product - booom thats it is
Facebook like and shares are forbidden on page - not confirm-
you can not enlighten people before their data goes off
I've already caught a warning about 700 euros, that's not worth the eu traffic.Make your site GDPR complient is not the problem !
But when you work with this mailadresses can you risk your bussiness.
10000 Followers are are satisfied with you
and an idiot will report you to the complaint office
Think about it
Reply
RikaSF Premium
Thanks for this great resource on all the aspects about GDPR Marion. This is a must keep until you are done with GDPR. It is also a great time save. Everything is in one place. EXCELLENT!
Reply
MarionBlack Premium
You're very welcome, Rika, as always.
Reply
50isthenew21 Premium
Thank you Marion thats really helpful and very clear :)
Warm Regards
Kim
Reply
MarionBlack Premium
You're welcome, Kim.
Reply
PatsyC Premium
Hi Marion, thank you!

I already saw Loes' tutorial for the WP GDPR Compliance plugin and watched yours as well. I'm glad I did and now have the Data Access Request on the Menu with the Privacy Policy and like it there much better than having a widget :D

I had it all done except for the Cookie Notice plugin. I had that I don't use cookies, but now see that we all do with your information here and it does make sense. I can't stand popups, but if it's anything like the ones I see on websites I visit where it's not 'really' a popup, but needs to be checked then it disappears it's fine.

I will add it right now, thanks again :)
Reply
MarionBlack Premium
I dislike popups too but the Cookie Notice is just a static banner and it's really non-obtrusive. Just the way we like it :)
Reply
PatsyC Premium
Yes! I saw that and it's like the ones I see on other websites. I really like it and I'm glad I saw your post.

I'm not on as much and must be missing out but saw your's in the top 10 so its perfect :D
Reply
ElaineSmith1 Premium
Thanks Marion!!. I thought I was done with everything but you have shown me I have a little bit more.

Tried and True

Elaine
Reply
MarionBlack Premium
That's exactly why I put this together, Elaine, so we could see if we've missed anything.
Reply
suzzziq Premium
Thank you for this great tutorial, Marion:). I thought I was finished, but I guess I need to do one more thing to my site. Thanks again for your support and help:)
Blessings:)
Suzi
Reply
MarionBlack Premium
You're welcome, Suzi. Until I started putting this together I thought I'd covered all bases but I hadn't :)
Reply
QAVAVO Premium
Thanks I've deleted my old PP and replaced it with GDPR modified version
Reply
MarionBlack Premium
Sounds good to me, Taniela.
Reply
EKaye1 Premium
Thank you Marion, it has been most helpful.
Reply
MarionBlack Premium
You're welcome, Eden.
Reply
RAFStuart Premium
Most useful.
Reply
MarionBlack Premium
Thanks, Edwin.
Reply
Tirolith Premium
Thanks, Marion.
Tom.
Reply
MarionBlack Premium
You're welcome, Tom :)
Reply
MarvH Premium
Thanks Marion, It's helpful having a lot of it in one place.
Reply
MarionBlack Premium
Just quietly, it helped me too.
Reply
AlanJE Premium
Thanks very much Marion, thats great training which I need to follow, Best Alan
Reply
MarionBlack Premium
You're welcome, Alan.
Reply
JosonInc Premium
Thanks for this share Marion ! Getting ready to tackle this today and the next few days! ha ha ha. Have a good one.

Joe from the High Desert of So California
Reply
MarionBlack Premium
Sounds like you've got it all worked out :)
Reply
MDejarme Premium
Thanks for sharing.
Reply
MarionBlack Premium
You're welcome, Nanet.
Reply
MKearns Premium
Great post-Marion. As soon as there is more definition and resolution I hope we can see worldwide applicable templates come out
Reply
MarionBlack Premium
I really would like to see the whole world protected.
Reply
onmyownterms Premium
Love your disclaimer. ;)
Reply
MarionBlack Premium
Thanks, Mel. I might need it :)
Reply
HalimNajm Premium
Thanks
Reply
MarionBlack Premium
You're welcome, Halim, as always.
Reply
jvranjes Premium
"if your website can be accessed by people in Europe."

Are you sure this is a correct statement? I here in a discussion from yesterday that this is not so. A EU citizen is supposed to be protected regardless from where he/she is accessing your site.

I am just repeating what was claimed.
Reply
MarionBlack Premium
I'm just going by what I've read including this extract from Wikipedia:
"The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.[1]"

It doesn't mention European citizens that are not located within Europe.

Please note that I am not a lawyer and therefore not qualified to give legal advice.

Thanks for bringing up this aspect, Jovo.
Reply
jvranjes Premium
I understand, pity we do not have a legal expert to make this clear.
Reply
jvranjes Premium
See this link

https://www.eugdpr.org/gdpr-faqs.html

It says " if they offer goods or services to, or monitor the behaviour of, EU data subjects."

So this is not "people in Europe". Wikipedia is not the official voice of the EU.

The question is, what is the true meaning?
Reply
MarionBlack Premium
As far as I'm concerned it should apply to every citizen of the world. We should all have the right to privacy and the right to be forgotten.

I just read this on the link you've given me:
"Who does the GDPR affect?
The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location."
Reply
StefanC Premium
Legal experts charge at leat 500 euros and 150 euros per hour. I am yet to discover legal experts providing legal advice on GDPR for affordable prices for bloggers. That's the situation.
Reply
jvranjes Premium
Yes this is the paragraph from which I gave the previous quote.

So back to my starting question. Is it "people in Europe" as you wrote? Or is it citizens of Europe regardless from where they come to your site. The difference is essential (and potentially costly).
Reply
jvranjes Premium
But we do not need them in principle. The legislator's duty is to make this clear in the law. They did a bad job as far as I understand.
Reply
jvranjes Premium
See why I am asking; US brands now block me. No doubt they do this by my computer IP address. This would indicate (if they understood the law correctly) that this is by EU territory. But what if this is not so?

I go outside of EU and access this site, so should I sue them? I am an EU citizen anywhere.
Reply
MarionBlack Premium
They do use the word "residing", so I'm thinking that it protects people living in Europe (whether they are European citizens or not).
"It applies to all companies processing and holding the personal data of data subjects residing in the European Union"

So from that, I guess that European citizens who reside elsewhere in the world are not protected YET.
Reply
jvranjes Premium
I took the note about the disclaimer.

I can be travelling the world and still be residing in the EU.

But in any case this contradicts to what Dom wrote yesterday (see Labman's blog). So the bottom line is we have no clear answer.
Reply
StefanC Premium
I believe you are right Jovo, it's EU citizen regardless of their location.

Also, you are right that the law is unclear in many aspects. Deep study is required to minimize the risks. However, I don't think they will apply fines without giving people the chance to change
Reply
MarionBlack Premium
I think that is very short-sighted on the part of those companies that are blocking people based on their geo-location. I really would like to see the GDPR apply worldwide.
Reply
StefanC Premium
Got it! Yeah, they are using the easy approach of blocking EU ips, but that doesn't make them compliant. Now, if you are successful suing them is another story. I don't think a business outside Europe will ever be sued for this. Very complicated Jovo! I think not even the legislators know what to do. Only time will tell
Reply
jvranjes Premium
You are right Marion. One of them is Backcountry-com, the second largest US outdoor retailer. Very surprising what they are doing. Have seen several in my niche. It is becoming annoying.
Reply
StefanC Premium
Hi Marion, I think the price to pay is disproportionate compared to real benefits for individuals. Instead, They are making the process of doing business harder for individuals.

The time you are wasting to research how to block cookies could be used to increase production. It's waste of capital, now I have another price to pay for specific services because I am not a lawyer nor a web developer.

It makes user experience rubbish... It makes Google Analytics tracking useless For EU residents. It creates fear and a false perception that websites are trying to get secret data to spy people's lives.
Reply
MarionBlack Premium
There are some companies that are doing just that, Stefan. Without naming names some very big companies are tracking people's online movements and serving up ads based on their browsing history.

And there's this:
https://www.news.com.au/technology/online/social/wow-thats-disgustingly-devious-facebook-accused-of-cheap-trick-in-new-privacy-policy/news-story/21213d8ff52fbc3b431c6b6062bf1c26
https://noyb.eu/wp-content/uploads/2018/05/complaint-facebook.pdf
Reply
StefanC Premium
Hmm, people are not forced to use the website if they don't want to share their data. If they are so concerned about it, them simply don't use the website! Go back to the caves

Now, companies are forced to provide not only free service but also accept getting nothing in return? Would this be a business or charity?
Reply
StefanC Premium
Why is it so bad companies will track your movement to display relevant ads? no one is pointing a gun to your head and forcing you to buy anything.

Sorry, but it makes no sense at all
Reply
MarionBlack Premium
Thank for sharing your thoughts, Stefan.
Reply
Loes Premium
Super compact and complete. Thank you very much. Bookmarked!
Reply
MarionBlack Premium
Thanks, Loes. Please let me know if you can think of anything I've missed.
Reply
Loes Premium
Can't think of anything you missed
Reply
MarionBlack Premium
You were so fast getting here, I hadn't finished putting in the links to the next pages. I had to publish first before I could get the URLs to link to.
Reply
Loes Premium
I know:) I could skip text I already knew:))
Reply
MarionBlack Premium
That would have been all of it :)
Reply
Loes Premium
Yes:))
Reply