The GDPR goes into effect today; what this site has done to comply
Today – May 25, 2018 – the European Union’s General Data Protection Regulation (GDPR) goes into effect.
The GDPR is a 200-page law designed to protect internet users from spam and abuse at the hands of websites and services that use or store data on individual users. It applies to any website that does business with people who live in the European Union. Which means every website in the world. Including this one.
I’m posting this GDPR update to let you know that I take your data and security seriously. And, for that matter, to let you know how much I appreciate the time you spend on this site.
The distraction from day-to-day business and the tsunami of re-opt-in emails from every newsletter and marketer on the planet is a bit annoying. (I’m assuming here that I must be subscribed to every single one. It certainly seems that way.)
But, given the recent revelations about how our data has been stolen, misused, and handed back and forth between corporations and bad actors like a bottle of cheap wine in a hobo camp, we can only laud the European government for taking action to protect its citizens. And wish other governments cared enough to do the same.
Operators of small websites like mine have been scrambling in recent weeks to bring their operations into GDPR compliance. We don’t have lawyers on staff. We may use dozens of off-the-shelf products to make our sites function. And, let’s be real, on a site this small, many of those products are of the cheap-to-free category. That means that herding all the technological hamsters that run in the wheels that make this thing go can be a bit of a hit or miss proposition.
That said, I think the site is GDPR compliant today.
This site runs on WordPress. WordPress core has been GDPR compliant for, well, a week or two. Hopefully, all those features work properly. I have checked the plugins that add functionality to the site and they either don’t intersect with the GDPR or they have been patched. Outside vendors have all claimed that they comply with GDPR rules.
I don’t sell anything on the site and my mailing list and commenter signup has always been explicit about the information you’re giving me and why. As in, you give me your email address and I send you emails about blog posts. So those things have always complied with the basic GDPR requirements.
I have had a cookie policy and have recently added a cookie notice, even though this site only very rarely sets a cookie. (Cookie policies are actually a requirement of an existing EU law.) You should see a (hopefully) non-obnoxious cookie notice only once.
And I will attempt to revise my mailing list signup forms to make it explicitly clear that we do respect the GDPR. At the moment, my mailing list provider (Mailchimp) is only offering GDPR features in a popup that covers three-quarters of your screen, and that doesn’t even work right, so I’m still using the old unobtrusive one.
If any of these GDPR bells and whistles give you a problem, please, please, please get in touch with me so I can fix whatever’s broken. In day to day use, I don’t see the same view of the site that you do, so it’s easy for me to be stupidly unaware of something isn’t working right.
If anyone needs a copy of the tiny amount of data I keep for each of you, or needs to be “forgotten”, just contact me and we’ll get that done.
Does anyone have a GDPR story to tell? What to vent about vexatious nitwits who have made your own GDPR preparations way more of an adventure than they should have been? Jump in the comments and let us know what’s on your mind.