Request Callback
How to Keep your Blog or Website Within GDPR Guidelines

In the month of May, GDPR was all we ever heard about.

The new data protection legislation saw an abundance of businesses clamping down on their privacy policies and updating their databases. Whilst all of the ‘big businesses’ seem to have cracked GDPR… Smaller businesses or bloggers might not have had the same level of professional advice.

Although it’s a somewhat intricate legislation, the core concepts of GDPR are actually pretty easy to get your head around. Nevertheless, if you’re running your own business or blog then it can still be hard to ensure that you’re ticking every box.

The key concepts of GDPR

In short, GDPR was proposed in 2016 by the European Commission.

It briefly states that if your website collects or stores data related to an EU citizen then you must comply with the following:

  • Tell the user who you are, why you are collecting the data, and how long it will be stored for.
  • Get clear consent before collecting any data (or get continued consent for user data you already have stored).
  • Give users the ability access or delete their data if they wish to do so.
  • Let users know immediately if any data breaches occur.

You can find out the full ‘ins and outs’ on the handy EU GDPR information portal. However, if you’re a small business or a blogger then simply knowing the basics is a good place to start.

If it all sounds a little tricky to wrap your head around, then fear not. The document management experts here at Box-it North West are here help support you in achieving GDPR compliance.

Here’s our tips on how to keep your blog or website within GDPR guidelines:

How to ensure your blog or website GDPR friendly

GDPR was introduced to ensure that businesses and organisations are using the data that they have stored: correctly, transparently and with consent from individuals. 

In some cases, personal details of others (such as CVs) were being stored by a business for far longer than necessary. This was seen as a breach of privacy. Therefore, GDPR was introduced to crack down on general data retainment. Most businesses are now fully compliant with the legislation.

If you feel under-educated about the rules and regulations however, it can be easy to get left behind. We would always advise you visit the ICO website for official guidance.

So, if you’re feeling suddenly overwhelmed, thinking: ‘am I GDPR compliant?’  Then here’s some tips to help you get on to the right path.

Update your email subscriptions

The month of May was awash with ‘can we still email you?’ messages from countless companies. Some were even offering incentives for their consumers to ‘opt in’ to email marketing.

One of the ‘biggies’ of GDPR is making sure that users’ emails you have stored are still okay with you emailing them, and giving them the option of the type of information they would like to receive. The cut-off date was 25th May so you should now only be emailing people who have given their consent, and you need to have evidence of this.

Https NOT http

Your site should already be https rather than http by now, but if it isn’t – it needs to be.

If your domain still operates under http then you should get in touch with your host right away and ask them to alter this to make it more secure and compliant with GDPR.

Update your privacy policy

If you don’t already have one, you’ll need to create a privacy policy.

You should ideally be linking the Privacy Policy to your main menu, in a drop down for example. This isn’t strictly necessary but it is a good idea to have your Privacy Policy clearly outlined for users to access.

It is important that you do not copy and paste a Privacy Policy from another site as it won’t be bespoke to your business or your blog.

If you’re finding Privacy Policy writing a little tricky, you can use the site iubenda. Iubenda offers a free plan for writing up a Privacy Policy tailored specifically to your site.

Check your 3rd party services

If you use any 3rd party services, you’ll want to check for information about their compliance to GDPR. You’ll also need to list any information about your 3rd party services in your Privacy Policy too. Remember – transparency is key.

Give the option for an opt-out

Linking back to the email subscription point. Something else worth mentioning is that even if your email subscribers have agreed to keep receiving emails from you, you need to still offer them the option to ‘opt-out’ at any time.

If you use an automated mailing service then they may be able to provide you with a quick ‘unsubscribe’ button at the end of an e-mail. Or, if you handle your mailing lists yourself then make it clear that subscribers can contact you to opt out at any given time.

Securely store your information

Lastly, if you’re storing information – it should always be stored securely.

Whether you store paper files or digital documents, you should always have a safe storage method in place to protect your data. Protecting your personal information is one thing, but protecting the information of others is paramount.


Ensure you’re safely within GDPR guidelines by chatting to us today about safe data storage options.

Posted on: August 8th, 2018