GDPR for Bloggers

GDPR for Bloggers: How to Be Compliant in 3 Simple Steps

In a Hurry? Click Here to Download the PDF Version

If you’ve been left confused, frustrated or even oblivious to GDPR and why it even matters to bloggers like you and me, then I have good news. I want to share with you three simple steps you can take to become GDPR compliant.

Maybe you’re tired of hearing about “GDPR”… I know I am!

Say GDPR one more time…

I’m sure, if you’re like me, you’ve been seeing lots of articles, news, and emails about GDPR (enough to drive you crazy)!

It reminds me of my favorite line in the movie Elf…

“You feeling strong my friend? Then call me elf one more time!


What even is GDPR anyways?

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU).

Which countries are in the European Union anyway?

Currently, there are 28 countries that form the European Union, which include: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and the United Kingdom.

Why Does GDPR even matter and does it apply to me as a blogger?

If you have web traffic coming to your blog from one of the countries listed above, then yes this matters to you.

If you are not GDPR-compliant, then you open yourself up to potential fines in the future (not fun)!

GDPR for Bloggers: How to Be Compliant in 3 Simple Steps

[callout]Disclaimer: This post is not legal advice. For advice on your specific situation, please seek professional legal advice. This is our interpretation of what we’ve researched so far but I am not a lawyer and can not be held liable for any advice taken from this article.[/callout]

The good news is many of the blogging tools you use are taking this very seriously. In many cases, there’s nothing you need to do since the GDPR compliance is now built in. However, we’ve identified at least three actions steps bloggers should take now. Let’s start with action step #1.

Action Step #1: Consent Options for Future Subscribers

We want to set up our email marketing service to add an extra layer of consent for new subscribers coming from the European Union.

(Note: You can also choose to add this extra layer to all new subscribers moving forward if you would like as well.)

If you have a ConvertKit account, then go under “account settings” and then “account info.” As you scroll down you will see a section labeled: “Subscriber Consent Options.

By default, the setting is on “don’t show to anyone.” Change the toggle to “Show only to subscribers currently in the EU.”

(see image below for an example)

This feature redirects EU visitors to a special GDPR consent page. This way you can have them provide consent without cluttering every opt-in form on your site with checkboxes.

For an example of the extra page your EU email opt-ins will be redirected to, see the image below.

NOTE: If you use an email marketing service other than ConvertKit, you’ll need to check out their support page on how to handle this feature.

Action Step #2: Consent for Current EU Subscribers

Besides securing your email marketing service for future subscribers, you’ll also need to re-confirm existing EU subscribers to keep them on your list.

You’ll need to send an email (or three email sequence) to get your European Union subscribers to re-optin to your email list in order to keep sending them emails.

Question: How do I figure out if I have EU subscribers on my email list?

Each email marketing platform will be different, but here’s how to do this using ConvertKit (see image below).

If your list shows “0” after you apply this setting, then there’s nothing more you need to do for now. Yay!

Question: If I have EU subscribers already on my list, what am I supposed to do?

Simply put, you’ll need to send them an email asking them to confirm that they want to still receive emails from you.

Don’t know what to put in the email?

I’ve got you covered! 🙂

Click Here to Swipe My GDPR Email Template

Click the link above and you’ll be taken to a Google Doc that has an email I created to send to my list. Adjust it where needed and send that email to your EU subscribers today!

Here’s a snapshot of what the sample email looks like:

[callout]Note: Depending on what other third-party data collection tools you use, you may need to do more than mentioned above. Go to the support section of their site and they should have a GDPR help article.[/callout]

Action Step #3: Make Your Blog GDPR-Compliant in Under 10 Minutes

The final action step is all about making your website/blog GDPR-compliant. While things change on a regular basis, at the time of this writing there are potentially seven actions you’ll need to take on your blog.

  • Cookie consent & management
  • Terms & Conditions policy
  • Privacy Policy
  • Right to be forgotten requirement
  • Data access requirement
  • Data breach notification requirement
  • Data rectification system requirement

Doesn’t this sound fun to implement on your blog? 🙂

Let me share with you a low-tech solution that you can use to become compliant in under ten minutes.

Sound good?

There is a WordPress plugin that you can install on your WordPress blog to help you manage this new compliance easily and effortlessly.

Using this plugin, I followed the checklist provided to make my website GDPR-compliant.


The name of the plugin is called the WP GDPR Fix Plugin.

It’s a one-time purchase that takes seconds to install on your site.

While I am an affiliate for this plugin, I believe in it enough to install it across all of my current blogs.

Here are a few of the reasons I recommend adding this plugin:

  • A simple checklist to follow – you can see what steps you need to take
  • Ability to display ONLY to EU visitors – for example, I have my plugin setup to only display the “cookie consent” notification to only EU visitors to my blog.
  • Sample email scripts and notices – Don’t know what to write in your notices? Just click “add default text” for pre-written template
  • Terms & Conditions and Privacy Policy templates – You can also download a template for both the Terms & Conditions page and the Privacy Policy page that was written by a GDPR-approved Lawyer from the European Union.
  • Right to refuse EU traffic – While most bloggers won’t use this feature, it’s still handy. If you are just getting started and want to avoid this whole GDPR thing altogether, then tick the box to “refuse EU traffic.”

I’m sure as time evolves there will be changes to what we need to do to stay compliant. We will make every endeavor to keep this page updated.

Bottom Line: Don’t panic over the chaos. Take simple action steps to become compliant with GDPR and return to blogging your passion!