GDPR for Publishers: What You Need to Know to Protect Your Brand Amid Changing Regulations

At this point, you’ve heard of the GDPR. Maybe you’ve looked into what exactly it means for you and how to ensure your site is compliant, or maybe you’ve just been hoping it goes away. Perhaps you’re somewhere in the middle.

If you’re still not prepared, don’t panic: according to Hubspot, 42 percent of marketers are only “somewhat prepared” for GDPR.

Wherever you are on the knowledge spectrum, it’s officially time to get it together and figure out what GDPR means for publishers. With the May 25th compliance deadline quickly approaching, you need to know what to do to protect yourself and your business now.

The exact regulations of the GDPR and details for how it will be enforced remain unclear, but we’re drawing on the best resources out there to translate this somewhat confusing regulation into relevant tips for publishers.

Of course, while we aim to simplify your sponsored content strategy at every level, this article should not be taken as legal advice. Always consult with a lawyer about legal decisions for your business—after all, we here at Paved don’t know your specific situation.

What is GDPR?

GDPR stands for General Data Protection Regulation, and it’s a new piece of legislation out of the European Union. It’s purpose is to protect the privacy of EU citizens and give them more control over their own data.

That means that businesses will be held accountable for protecting user data and preventing data breaches, and users will have more rights when it comes to how their data is used.

Over 90% of users in the UK, Ireland, Germany, Austria, and Switzerland agree that the principles set out in the GDPR are good for consumers.

I’m Not Based in Europe, Does GDPR Affect My Business?

Probably. The GDPR website states that it applies to “data subjects residing in the European Union,” meaning that even your American business needs to comply with regulations if you do business with anyone who lives in Europe.

Less clear is who exactly qualifies as a “data subject” in this case—when your reader takes a holiday in Italy, are they a European data subject? What if they live in Germany temporarily?

Basically, it’s probably a case of better safe than sorry. When in doubt, if there’s a chance your business markets to or processes data for anyone in the EU, it’s probably worthwhile to ensure compliance. That way, you don’t have to worry about hefty fines and legal headaches.

What Will Happen if My Site Doesn’t Comply?

The issue of how GDPR will be enforced is still unclear, since there will be 28 member countries enforcing the regulation, all of them likely in varying degrees of strictness.

The potential punishments, however, are steep: up to €20 million, or 4 percent of annual turnover. Plus, your site and user data will be vulnerable to potential embarrassing and harmful data breaches.

GDPR for Publishers

Ready to ensure you’re compliant with the new regulation by May 25th? Read on for some of the best resources on GDPR for publishers we’ve seen.

GDPR Compliance on Your Website or Blog

When it comes to your blog or website, you collect user information in a few ways you might not even think about, including:

  • Comments
  • Email list signups
  • Analytics and tracking tools
  • Plugins, security tools, and logging tools

Code In WP has a great article addressing the various ways you can ensure compliance on your WordPress site. As Shaumik Daityari states, “As a WordPress site owner, you first need to publish a detailed policy on which personal data points you’re using, how they are being processed and stored.”

Then, you need to make it possible for users to see what data you have about them. Finally, you might want to consider which data is stored on your server to begin with. Read more in-depth GDPR help for wordpress users here.

You’ll want to consider GDPR even if you don’t have a WordPress blog. If you have an email list, you have a site where you collect data—which means you need to ensure compliance for that data and that lead gen location as well.

Leadpages has an excellent article that helps users understand how to make their software work with GDPR, that can apply no matter what opt-in software you work with.

The main change you’ll need to make is to ensure that you receive active consent from each user before any data collection takes place. Learn more about GDPR for opt-in pages from the Leadpages blog.

GDPR Compliance on Your Newsletter

When it comes to your email newsletter, you obviously have data of your followers, collected over the years through various opt-ins, contests, referral campaigns, and other list growth methods.

Some email service providers are therefore making it easy for publishers to be in compliance with GDPR regulations:

Mailchimp has created new GDPR features that allow you to comply with the new legislation. These include making it easy for you to access user data and handle data requests; GDPR-friendly forms; and strong data processing protections. If you’re a Mailchimp user, you can read about their GDPR features here.

CampaignMonitor is offering tips for their users in light of GDPR as well. For instance, they have outlined the factors you need to consider when implementing the GDPR regulation about data requests from your users. The team has also reassured readers of their updated security measures to remain secure for users and, now, legally compliant. Read more in the CampaignMonitor GDPR update post.

AWeber took a positive spin on the GDPR legislation for email marketers. Brandon Olson wrote that the added security and permissions necessary under GDPR “can translate into more trust with your subscribers, fewer spam complaints and unsubscribes, and better email deliverability.” Read more of AWeber’s GDPR advice for their customers here.

ConstantContact has gone so far as to create a fully-editable email template for their users that allows you to gain documented consent if you don’t yet have compliant consent for contacts. Plus, if you use ConstantContact sign-up forms, they will automatically document a subscriber’s consent to receive emails as well. Read more about ensuring GDPR compliance as a ConstantContact user in this post.

Finally, Drip also has a quick to-do list for their users who are looking to ensure compliance with GDPR laws. Plus, they have promised to update their article with new updates to their software as the deadline looms nearer, so be sure to keep checking their site as well. Check out their post here if you’re a Drip user wanting to be compliant.

If, after reading all of these great articles, you still have questions, we even found a great Facebook group where online entrepreneurs have been discussing the implications of this new legislation.

Ultimately, of course, your best bet is going to be consulting with a lawyer about your specific case.

GDPR for Publishers Doesn’t Need to Be Scary

Now, you have all the resources you need to research what exactly GDPR means for you. Even if you’ve been avoiding any thought of GDPR, it’s time to step up, do your research, and ensure that your users’ data is safe with you.

Once you’ve ensured GDPR compliance for your email list, it’s back to work finding great advertisers to work with. If you want to see how easy email advertising can be, sign up for Paved. Not only will advertisers come to you, but you’ll get paid the same day you send.