Privacy Top 20 Ratgeber

Blog data privacy: How to comply with the guidelines

Since the topic of data protection has been discussed in Europe, there has been great uncertainty about the internet. Early on, many content creators already asked themselves what the EU GDPR provides for bloggers. The guidelines often seemed too confusing. The result: Due to the General Data Protection Regulation, many people put their blogs on ice for the time being in order to protect themselves from GDPR warnings. But we assure you that you don’t have to be afraid of the new guidelines. In this guide, we’ll show you what you need to look out for to keep your blog up to date when it comes to data protection.

No blog without a privacy statement and legal notice

For several years you have been obliged as a website operator to publish both a legal notice and a data protection declaration on your homepage. This means that this topic is by and large not new territory. According to Art. 13 and Art. 14, however, the scope is now clearly increasing. At the same time, there is now a greater danger if you have blindly copied your text from another website without checking its content. This is because not everything that looks like privacy or not every piece of content is applicable to your blog and corresponds to the information you need.

Why are the legal notice and privacy statement so important?

A privacy statement is mandatory on your homepage to inform your users that you process or store personal information and how you do it. The new GDPR also stipulates that the text must be clearly visible to your users. This means that both components must be accessible from every subpage. For data protection reasons, we therefore recommend that you include a corresponding link in the footer of your blog. This is always displayed, no matter where the user is on your site.

Privacy statement: Samples, templates and generators

On the World Wide Web, you will find many websites that will help you write a statement to that effect. But be sure to check who is the originator or source of the site. Because even if it initially looks like something to take seriously, it might not be. But that doesn’t mean that you can’t use samples, templates, and generators to improve your blog’s privacy. All we’re recommending is that you first question and watch out for everything so that the content really is what you need for your blog.

What do you need to include in your privacy statement?

First of all, it is important that you correctly implement the requirements of Art. 12 (1). This states that you should formulate the statement in a transparent, precise and, above all, comprehensible manner. The reader must know what your intentions are and what you are trying to achieve with this privacy statement.

Basically, the content of your blog’s privacy statement must include the following points:

  • Controller
  • Types of processing
  • Categories of data subjects
  • Processing purpose

You refer to the following questions in detail:

  • What type of data processing takes place? A blog usually involves communication with your readers or through a contact form.
  • Do you carry out direct marketing activities, such as a newsletter?
  • Do you use tools or plug-ins (Google Analytics, etc.)?
  • Do you embed foreign content on your site, such as photos or videos?
  • Are your users’ data processed externally or forwarded to third countries? This plays an important role in the data protection of your blog.

In addition, explicitly address the rights of users: Being forgotten and deleting data. You must comply with this request immediately – within the framework of the retention obligations – if you want to comply with data protection on your blog.

Content of the legal notice

In addition to the general privacy statement, you must publish a legal notice on your website or blog. You must never forget this information:

  • First name and last name (complete)
  • Mailing address
  • Email address
  • Telephone number
  • If applicable, information about profession
  • Value-added tax ID
  • Legal representation
  • Supervisory authority, if any
  • Commercial register

Tools and plug-ins

Most blog owners use various tools and plug-ins, either to make their site more appealing or to network with other platforms. At the same time, they can be used to analyze user behavior or to facilitate a larger exchange. The problem, however, is that personal data is stored during each operation. In most cases, this happens without your readers noticing. The new GDPR therefore provides clear data protection guidelines for blogs and other websites.

Social media

Facebook, Twitter, Instagram: Most bloggers don’t just blog on their own websites, but also increase their reach through social media channels. Blogs usually have plug-ins. In principle, this doesn’t seem to be a big problem at first, because no user is forced to click on a button. But when they do, the servers on these platforms vacuum up all the information they can get. This creates a direct connection that many users are not aware of. Your readers don’t even have to have their own account for this. Data processing takes place independently of this. If you are logged into a social media platform at the same time, you unconsciously reveal all your data – including your own search behavior! Because as long as someone is logged in, everything about their behavior is stored. In order to make certain that you properly cover the issue of privacy on your blog, it is mandatory that you include a privacy statement with a detailed discussion of these issues.

Google Analytics

This offer from Google is extremely popular. As a blog operator, it helps you to find out which content is particularly interesting for your users and which categories they spend the longest time in. To protect your readers, the first step is the privacy statement on your blog. The second step is to integrate a kind of opt-out button on the website. This gives your users the opportunity to prevent their data from being processed. It is also important to anonymize your readers’ IP addresses. Moreover, you can protect yourself by entering into a processing contract with Google. We strongly advise you to take a closer look at the relevant settings before using Google Analytics.

Data protection and data security

For blog operators, too much is better than too little. Therefore, your actions should not stop at this point. In order to guarantee the highest level of protection for your users’ data, we recommend SSL encryption. This anonymizes all information that is collected in any way during the use of your website.

Cookies are and will remain a major data protection problem. These are small text files that are created as soon as a user enters a website. Every click is saved. We can assume that data protection is massively impaired by cookies alone. This is because they enable outsiders to follow user behavior in detail. In addition, cookies are very susceptible to data theft. Unfortunately, the GDPR does not contain any direct regulation on this subject. You, as the website operator, therefore only have the option of indicating the use of cookies in the privacy statement of your blog and additionally offering an opt-in button. This allows your users to actively object to this practice.

Create a directory of processing activities

With this you break down when, in what form and for what purpose you collect, store or process the personal data of your users. As soon as you allow a contact form or blog comments, for example, you are obliged to keep a directory of processing activities. Only in this way can you meet the requirements of the General Data Protection Regulation on your website or blog. You will find all relevant information on this subject both in our guidebook on this subject and in Art. 30 GDPR.

A legally compliant blog is not impossible

However, you must take the time to deal intensively with the matter. By reading this privacy website guide, you have already taken the first step. In addition, it is helpful, for example, to consult a GDPR website that offers a generator, a checklist or a model privacy statement. However, always check the content for correctness. If necessary, seek help from an expert who can advise and support you. A data protection kit can also be worthwhile for you if you want to operate your blog commercially.