GDPR Explained in 10 mins [Checklist and Plugins]

hey it's Hoz here and in this quick video I'm going to tell you all I know about the GDPR – that is the general data protection regulation which comes into effect on the 25th of May and if you're watching this video at a later date then it doesn't matter because it still applies If you have a website or a blog or an e-commerce store then this affects you even if you're outside of the EU no matter where you are you need to understand the GDPR or you could be in a lot of trouble so strap in and let's find out what it's all about

Okay so the GDPR is really the new Data Protection Act Now you may be thinking well I thought we already had a Data Protection Act Well we did but the problem is that the original Data Protection Act was drawn before the web was a thing so it doesn't really cover web users This means that companies could for example collect your data and sell it on If you've ever subscribed to something or you've opted into something or you bought something and next minute you're getting bombarded with emails from companies you've never heard of offering you similar things or even different things then that probably is the result of somebody selling your data or sharing your data so as you can imagine some very big companies made a lot of money selling data and that's what the GDPR is going to stop

Now before you say yay the bad news is that the GDPR affects not just big corporates but also us – basically anybody with a website a blog or a online store particularly if you collect user data Now you may be thinking well I don't collect user data If you're using for example tracking tools like Google Analytics or the Facebook pixel then you are collecting user data; if you're selling something online when people go through your checkout if they leave in their details with you then you're storing user data; if you're trying to build a subscriber list and you're offering something in exchange for an email then you collecting user data Okay so let's break down what it is that you really need to understand about it The GDPR really is about transparency you need to be transparent with your website visitors you need to tell them what data you're collecting from them why are you collecting this data and what you plan to do with that data

You also need to allow them to request that data or to edit the data that you hold on them or even delete it – it's called the right to be forgotten You may remember that a few years ago some people who were deleting their Facebook accounts discovered their images and their data being used by Facebook without their consent and it turned out that the small print said something along the lines of whatever you post in facebook belongs to Facebook and that's the kind of thing that you can do when the Data Protection Act doesn't cover those areas but now it does so if you're a company that collects a lot of user data then you need to designate one person as a data controller and that person becomes the person in charge of everything to do with privacy The downside of that of course is that if you’re a one person blogger or a website or a very small tiny business and you're also collecting user data the GDPR still applies to you so a user for example or a website visitor could demand the data from you and you need to be able to provide it otherwise you could be in serious trouble Now the GDPR is actually coming from the EU but if you're in the US or anywhere outside of the EU it still affects you because the legislation covers every EU citizen regardless of where they are and I get it if you're outside of the EU and you're thinking hey I don't give a hoot about this what are they going to do are they gonna knock on my door and sue me? I can see the point because you'd think that the EU really have bigger fish to fry but I'm probably not the first person to mention that the US will probably follow suit very quickly and other countries maybe and they'll update their data protection act in accordance Now on that note two companies Honda UK and flybe have already been sued by the ICO who looks after data protection and privacy in the UK

Allegedly what happened is that these companies contacted their subscribers just to prepare for GDPR and they basically said hey we just want to make sure that you're happy to receive our emails if you want to stay on our mailing list then please click this link and if you don't then don't and for that they got fined collectively eighty-three thousand pounds which is over a hundred thousand dollars Now you may think that's crazy and I think so too The irony of course is that in legal terms these companies admitted that they didn't have the consent of their users to send them emails by the sheer fact that they asked them to opt in again Now these companies tried to defend themselves by saying well this wasn't a marketing email it was a customer support email but the ICO said it was a marketing email even if nothing was being marketed Apparently if you send something for free that's also a marketing email

Yes I know what you're thinking: it all stinks But what can you do My point is with this kind of stuff going on do you really want to be in breach of the GDPR? I think it's easier not to be in breach of it So the next question is what can you actually do, how on earth are you going to give a user access to their data? Well the good news is that if you're using WordPress then there are already some plugins that are starting to appear that are GDPR specific plugins and I'll have another video coming up soon talking about those plugins so make sure you subscribe to this channel and keep an eye out for that video Also WordPress are working hard to bring out a new release that has GDPR incorporated into the core and I don't know what that's going to look like just yet but I believe that you'll be able to enable users to actually check out their data whatever data you hold on them for example if people leave blog comments on your blog then you're holding their email address typically and their IP address and these are two things that the GDPR says are pieces of identifiable data so with this new functionality users will actually be able to request and download their data and also I believe edit their data and even delete it themselves

Now on that note, there are plugin developers already working hard to provide similar functionality if their plugins collect data So let's touch briefly on the areas that you need to really think about when it comes to the GDPR: if you use contact forms where you're collecting email addresses perhaps telephone numbers and names then you need to perhaps have some kind of notice in there that says you are consenting to me holding this information preferably you'll have a checkbox for them to check if you have a lead magnet or an offer or you are asking people to subscribe to your list then that also needs to come with a big disclaimer Now one big issue with the GDPR is if you hold data on the actual server and some contact forms in WordPress do exactly that as well as some optin plugins When somebody opts in or somebody sends you a submission via a contact form their data is actually on the server and you can tell this because you can see the messages or the submissions on your WordPress dashboard – that means that it's stored in the database and that's one thing you need to be careful of because you need to enable users to be able to access that information that you're storing on them which means that you really need to be good at backing up make sure that you don't screw that up and you need to be using GDPR compliant software or plugins or systems that enable users to be able to do this Now if you don't want the hassle one way around this may be to remove your contact form and just have an email address and say if you want to get in touch with me then email me at that email address

By the way let me point out here as if you didn't know that I'm not a lawyer I'm a blogger so all this I'm telling you is not legal advice Do not go away after watching this video thinking that you know everything about the GDPR I'm going to leave some links in the description below this video to different GDPR resources just to help you do your own due diligence I'm just sharing what I know what I've been able to find out thus far and I'm gonna throw in an interesting fact at the end of this video So as I understand it it's better not to hold data on the server if you can

If you run a forum or any type of online meeting place or a membership site then you really do need to be GDPR compliant and enable users to access their data Other things you may need to be aware of are things like SSL you should really be running SSL because not running SSL means that you're not encrypting the connection the data between the visitors computer and your website and that could mean that you're breaching the GDPR And on the subject of lead magnets and this is particularly important for bloggers and internet marketers you can no longer get away with offering a lead magnet and then marketing to that person You can't say type in your email here and get this cool free download of this report or this PDF and then claim that as a subscriber and this is because technically that user did not agree to be on your mailing list – all they did was agree to the free download that you were given away Now of course the other side of the coin is that no one wants to give away their content for free come on! But to be compliant with the GDPR you have to keep both things separate so the way around this in my opinion would be to offer the lead magnet and have a checkbox that says check this if you would also like to be on my mailing list so that I can send you more useful content and marketing promotions

And if you're thinking that your conversions are going to tank then you're probably right And the worst part of it of course is knowing that many people will just pop in their email address to get the free without any intention of ever wanting to hear from you again So I'm not sure how that's gonna go but that's the way it's got to be played now Which brings me to the last thing that I want to mention which is the quirky interesting thing and that is that although we have to be compliant with the GDPR, the rules are a little bit wishy-washy Any lawyer will tell you that law is shaped by lawsuits which really means that somebody needs to get sued for the court or the judge to set a precedence and only then definitions will start to take meaning

So in summary the GDPR is the new updated data protection act which actually covers website users To be compliant with the GDPR if you run a blog or a website of any site at the very least you need to be 100% transparent with your website visitors if you collect data from them you need to let them know what it is you're collecting why are you collecting this and what you plan to do with it You also need to be able to give them access to your data particularly if you store it on the server and the ability to edit and even delete it It is down to you to make sure that all the tools you're using and all the plugins and all the software is actually GDPR compliant And lastly somebody somewhere is probably going to get sued and we're all going to learn a little bit more about GDPR

Ok I'm going to put a few links in the description below this video One of them is going to be a GDPR checklist how cool is that! That's going to save you a ton of time and possibly a ton of stress I'm also going to add a link to my post on GDPR where you can find a lot more information that I've gone into in this video and anything else that I think may be useful Ok so I hope you're now a little bit more clear about GDPR than you were at the beginning of this video If you are please give me a thumbs up and remember to subscribe to the channel and that way you can keep up-to-date with all this content

Thank you for watching and I shall catch you in the next video

Free Email Updates
We respect your privacy.

wordpress themes tutorials

affiliate marketing