A bit of a diversion from my normal content today – today’s post is just for bloggers. If you aren’t a blogger you might want to skip this one. If you are, then today’s post is all about GDPR for bloggers. In my ‘proper job’ I’m part of the team responsible for ensuring our organisation complies with GDPR so I’ve a little understanding about it. Most organisations are very much finding their feet with this – even the multi-million pound ones. No one really knows how it’s all going to work once it goes live but based on what I’ve learned at work and what I’ve read online, this is how I think GDPR will be for bloggers.
What is GDPR and why is it important?
GDPR is the General Data Protection Regulations that come into force 25 May 2018. This is a big update to the Data Protection Act 1998.
Anyone processing personal information must register with the Information Commissioners Office and comply by law.
If you are found to have breached GDPR then the fines are EPIC. We are talking fines of an upper limit of €20 million or 4% of annual global turnover – whichever is higher! Fines are also stackable per offence.
Separate to these fines and penalties, individuals will have the right to claim compensation for any damage suffered as a result of violating the GDPR.
Does GDPR apply to me?
It applies to you if you process personal information AND are processing it as part of an enterprise. Article 4(18) defines enterprise as ‘a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity’. So basically, it seems that if you aren’t making any money through your blog you are ok. If you are making any money, then you need to read on…
Processing means: obtaining it, recording it, storing it, updating it or sharing it.
Personal information means any detail about a living individual that can be used on its own or with other data to identify them. For bloggers, this is likely to be named email addresses (brands, PRs and email list subscribers), prize winner addresses and IP addresses.
This site advises that, ‘a simple operation of storing an IP address on your web server logs constitutes processing of personal data of a user. Some usual ways in which a standard WordPress site might collect user data:
contact form entries,
analytics and traffic log solutions,
any other logging tools and plugins,
security tools and plugins.
Any plugins that you use will also need to comply with the GDPR rules. As a site owner, it is still your responsibility, though, to make sure that every plugin can export/provide/erase user data it collects in compliance with the GDPR rules.’