Interview with Lawyer and GDPR Expert, Lucrezia Iapichino
When I first got started blogging, there were so many bloggers talking about GDPR and how you need it as a blogger. I’ll be honest, it sounded like propaganda at first (or maybe I just didn’t think it was THAT important).
And I honestly thought that my intention was not to make any money or have subscribers so it didn’t really apply to me anyway.
Of course, now that I know a little more, I see how important it is to protect the privacy of my readers and clients and I have enlisted the help of GDPR expert and lawyer, Lucrezia Iapichino to help you figure this all out.
We sat down to a live interview a couple weeks ago and she went through everything you could possibly need to know to start a blog that is GDPR compliant.
Here is the video from our live and the written answers as well.
Tell me about how you first got started blogging.
I actually started blogging by chance. It wasn’t in my plans at all to become a blogger and my blog didn’t start as a business venture.I just started blogging as a creative outlet.
My husband, Sam and I had been trying to conceive for a while but it wasn’t happening for us. So, I needed something to keep my mind off. I wanted to learn something new which would give me the opportunity to work alongside my sister, Marina and my sister-in-law, Emma.
It looks like this strategy may have worked as I’m currently in my ninth month of pregnancy! Lol
Originally, we started our blog as a platform to muse about life and relationships in a humorous way. That’s why my blog’s name is Tinylovebug.
However, over the course of the months, our blog has evolved into much more and an entire section of the website is dedicated to providing actionable tips to new bloggers.
This was because although as I said, when I launched my blog I had no intention of making an income from it, we did start earning through it from its inception.
I mean, at first, the income was negligible. We made $128 in the first month to be precise. But it gave us the confidence that we were into something, we had something to offer and we were on the right track.
Other bloggers started asking how we did it and from there, we started offering strategic advice to new bloggers, writing posts jam-packed with actionable blogging tips, started a Facebook group for bloggers (Blogging for New Bloggers ~20K engaged members), creating FREE courses on blogging and Pinterest, etc.
I now use the combination of my research, teaching, and blogging experience to show new bloggers how to start and run a profitable blog the right way. You can check out my FREE blogging course Blogging for New Bloggers here.
At some point, I realised that one of the struggles other fellow bloggers were facing was the legal side of blogging.
It might not always be easy for new bloggers or solopreneurs to tackle the legal requirements of an online business and unfortunately, there is no much advice out there specifically geared towards bloggers.
Especially once the GDPR came into force. Most bloggers started to freak out! I felt that was a big pain point I needed to address for my audience.
Having worked as a lawyer and an EU Law University Lecturer (PhD) for over a decade, it came natural to me to use the combination of my legal and teaching experience to show bloggers how to blog legally by offering courses and professionally crafted legal templates specifically designed for bloggers.
What essentially is GDPR all about?
Before I answer this question, please let me say something quickly:
Disclaimer: Although I’m a lawyer specialised in International and EU Law (PhD) by profession, this post is meant for educational and informational purposes only. It doesn’t constitute legal advice and I’m not liable for any losses or damages caused by acting or failing to act on the ground of the content of this post. Should your circumstances require, I encourage you to seek legal advice through other avenues.
Essentially, the GDPR is a Regulation of the European Union which sets the rules relating to the processing of personal data and enhances the right to the protection of personal data of individuals based in the EU.
This Regulation came into force on the 25th May 2018. And whoever doesn’t comply with it, may incur in hefty fines up to EUR 20 million or 4% of their annual turnover (whichever is greater) or may even get sued!
By now, most bloggers have heard of the GDPR. The problem is that even though this Regulation is easily accessible online, it is quite complex and if you’re not familiar with the legal jargon of the EU institutions, it may be somehow difficult to interpret the meaning of its 173 recitals and 99 articles.
I mean, look at the full name of the GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). You see? Even the name sounds scary and obscure!
In saying that though, once you start understanding the rationale and logic behind the GDPR, it gets pretty easy to implement and comply with its provisions.
And that’s what inspired me to start writing about the GDPR. I knew many fellow bloggers and online entrepreneurs were struggling to figure out what the GDPR meant for them and what they were required to do to comply with this new set of rules.
So, I wrote this detailed blog posts about the GDPR specifically geared towards bloggers and online entrepreneurs to help them navigate the new legislation and tackle the new legal requirements.
But I know there are still some bloggers out there who either have never heard of the GDPR or are convinced it doesn’t apply to them because they’re not earning an income from their blog or they don’t have an e-mail list or they think they’re not processing personal data.
Nothing could be further from the truth.
In fact, the GDPR applies to any individual, company or agency that determines the purpose of or carry out the processing of personal data by either automated or not automated means (with the exception of personal or household use).
The GDPR approach to personal data is quite broad. In fact, the GDPR definition of personal data includes but it’s not limited to name, email address, identification number, location data and online identifier.
So, the GDPR applies to bloggers because even if you think you don’t, we do process personal data on our blogs.
Just to give you a few examples of how and when we process data on our blogs:
- Email list
- Contact forms
- Comment systems
- Google Analytics or other analytics tools
- Many other tools and plugins
- E-commerce transactions
- Affiliate portals
- Membership areas
- Ads targeting
And so on and so forth.
Plus, the GDPR applies to bloggers established in the EU or offering goods or services to individuals based in the EU, irrespective of whether a payment is required.
So, regardless of whether you are generating or are yet to generate an income from your blog, you’re still bound to comply with the GDPR requirements and provisions.
[ctt template=”4″ link=”16Z84″ via=”yes” ]As a matter of fact, for one reason or the other, pretty much every blogger falls within the scope of the GDPR. It’s very, very unlikely that the GDPR wouldn’t apply to you as a blogger.[/ctt]
What if I don’t live in the EU? Does GDPR still apply?
That’s a good question! I’m saying that because believe me, that’s another common misconception.
So many bloggers think that because the GDPR is an EU regulation, it would only apply to bloggers based in the EU.
But that’s not the case.
Of course, it does apply to EU bloggers by default but it also applies to bloggers who are not based in the EU but who process personal data for activities related to the offering of goods or services to individuals in the EU, irrespective of whether a payment is required; or the monitoring of their behaviour as far as their behaviour takes place within the EU.
This means that it doesn’t matter whether you’re based in the US, in Canada like Sasha, in Australia like myself or anywhere else in the world. If your blog has visitors, users, subscribers or clients who are based in the EU, the GDPR applies to you!
What do new bloggers need to do to make sure that they comply with the GDPR requirements?
The GDPR has introduces many new obligations for bloggers.
- the way consent can be obtained lawfully
- the duty to disclose how data are collected, stored and processed
- a series of rights that need to be guaranteed to users and subscribers
- a series of obligations you need to uphold
- and much more
These requirements are all legally binding and if you don’t comply with them you can incur fines up to EUR 20M. Your users based in the EU have the right under the GDPR to lodge a complaint against you with a supervisory authority and even the right to sue you!
After that, you will need to maintain records, undertake actions and carry out duties as per GDPR requirements in terms of the rights of access, right to data portability, obligations in case of breach and so on.
Basically, under the GDPR, you will have ongoing obligations for the rest of your blogging life.
But, to start with, if I have to pick 3 things you can do right now to start making your blog GDPR compliant, I will say
If there is one thing you don’t want to skimp on is the legal side of blogging because you may end up paying much, much more down the track should something go wrong.
So, either consult with a lawyer or purchase a template from a trustworthy source.
You can find my GDPR compliant privacy template here. It’s specifically designed for bloggers, meets all the GDPR requirements, it’s ready to be used without much customization and it’s reasonably priced. Probably one of the most affordable professionally made templates on the market.
2) Cookie pop-up
3) Sign up forms with checkboxes
Add checkboxes to your subscribe forms to obtain consent to process data for different purposes.
Under the GDPR, consent must be freely given, specific, informed and unambiguous. In addition, consent must be clearly distinguishable from other matters and must be given by a clear affirmative action.
This means that if you offer a freebie on your blog to encourage your visitors to join your email list/newsletter for marketing purposes, you cannot actually add them to your email list/newsletter unless they have expressed separate and distinguishable consent for that.
You can achieve that by adding a checkbox for your email list/newsletter to the sign up form for your freebie but keep in mind that the checkbox cannot be pre-ticked and if your visitors don’t tick it, you are committed to sending them your freebie but you cannot add them to your email list/newsletter.
Obviously, this applies only to your potential subscribers based in the EU. I have awarded this higher level of data protection to all my potential subscribers, regardless of which country they’re based in. But that’s my personal choice, you’re not required to do that by law.
So, these are three things that you can do right now if you haven’t already!. But as I said, compliance with the GDPR entails much more. This is only the surface, it’s what I call the “cosmetics” to make your blog look GDPR compliant as soon as your visitors land on one of your pages or posts.
However, there is so much more you need to set up and maintain behind the scene to uphold all the obligations under the GDPR which are all equally important and legally binding.
Tell us about your course on GDPR
My GDPR Compliant Blog Course covers everything you need to know and do to make your blog GDPR compliant.
It comes with an overview of the key GDPR provisions relevant to bloggers and a step-by-step action plan to make your blog fully GDPR compliant in less than 48 hours.
My course is not limited to the steps you need to follow to make your blog GDPR compliant but it also includes instructions on how to uphold your ongoing obligations, how to act upon a request from one of your users or subscribers exercising their rights under the GDPR, and what to do in the unfortunate event of a breach.
So, it’s not limited to the “cosmetics”. It goes in depth into everything you need to do on your blog and behind the scenes to be fully GDPR compliant.
But each lesson has been kept short and to the point. In fact, each lesson is designed to be super easy to implement and each action step can be tackled in 15/30 minutes or less.
Basically, I did my best to leave aside all the legalese and mumbo-jumbo and explain in layman’s terms what the GDPR means for bloggers and what is expected from us.
My course is completely self-paced. You can even jump straight to the action plan, follow the action steps to make your blog GDPR compliant and then go through the overview of the key provisions at a later time.
It will also be updated with future legislative development such as, for example, the regulation on privacy and cookies expected to come into force in 2019.
You will have lifetime access to the current version of the course and all its future updates at no extra cost to you.
And the best part is, this course also comes with several amazing bonuses including ready-to-use privacy template, terms of service template, documentation template and much more.
You can check out my course on the GDPR here.
On top of that, my GDPR Compliant Blog course is very affordable and it also gives access to my affiliate program with a generous commission of 40% on sale price and an outstanding 365-day cookie time, which means if your readers click on your link and purchase my course within a year, you will be awarded the 40% commission.
You will have access to the affiliate program for the GDPR Compliant Course and all my other legal templates.
Hundreds of bloggers have already enrolled in my course and/or purchased my templates and most of them have recouped the cost plus made already a significant income via my affiliate program! YAY!
Currently, my affiliate program is only open to bloggers who have taken my courses or purchased one of my templates because I only want you to promote my courses and templates if you have taken or used it yourself and genuinely loved it.
However, I’m considering opening it up for A LIMITED TIME to all bloggers for two main reasons:
1) I’m expecting a baby very soon (I mean, less than 2 weeks) and probably, I won’t be able to commit much time to my blog and promotional efforts for a while so it would also be useful for me to recruit new affiliates.
2) Since my course and templates are selling like hot cakes, I would like to offer other bloggers – and especially new bloggers – the opportunity to generate money online via their blogs. I’m also considering increasing the price of my course very soon to reflect its real value. So, more $$$ coming your way!
If this is something that may interest you, please free to contact me here to request to join my affiliate program.
How can we find more about you online?
You can head over to Tinylovebug to find out more.
To keep in touch, take my FREE course Blogging for New Bloggers Fast Track or join me in our private Facebook Group Blogging for New Bloggers.
Our Facebook group is a supportive, friendly and very engaged community of around 20K awesome bloggers. I would love to see you there!
Lucrezia is a blogger, lawyer and former EU law university lecturer. She has studied Law (LLB, LLM, PhD in International and EU law), passed her bar exam in 2006 and worked in several countries including Italy, France, UK, Spain, The Netherlands, and Australia for the past 15 years. She is currently based in Melbourne. Lucrezia finds herself in the unique position of being a blogger, a trained lawyer specialised in EU law and a former university lecturer with several years of teaching experience. She now uses her blogging, legal and teaching skills to show other bloggers how to start and run a profitable blog the right way and how to blog legally by providing courses and professionally crafted legal templates.