None of us like those cold calls, or spam emails and we wonder how did they get data on us. Well, data is being shared without your knowledge. In the news, we hear of personal data being hacked into or lost, or shared without consent. When your personal data gets into the hands of someone with ill intentions they can do anything even impersonate you, or cold call you..

As of Friday 25th May 2018 – all citzens of the EU and UK (even after brexit) have greater rights on their personal data, and can ask to see what is held about them on your site, who it is shared with and to ask for it to be completed deleted. It is your duty to ensure their personal data is safe (in the same way we would want our personal data to be safe).

What is GDPR?

In 2016, the European Commission approved a new General Data Protection Regulation (GDPR) which came into full effect on Friday 25th May 2018. GDPR gives an EU and UK citizen more rights over the data stored on them. Do not be fooled, with Britian exiting the EU GDPR still applies.

Scope of the Regulation (Snippet)

I have copied this straight from the wiki page on GDPR wiki. Because, I want you to be able to get snippet of what it means. I am NO EXPERT or Lawyer, and therefore I highly recommend you do your own research into this – Learn more about GDPR at GDPR wiki.

“The regulation applies if the data controller (an organisation that collects data from EU residents ), or processor (an organisation that processes data on behalf of a data controller like cloud service providers), or the data subject (person) is based in the EU. Under certain circumstances^[9], the regulation also applies to organisations based outside the EU if they collect or process personal data of individuals located inside the EU.

According to the European Commission, “personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.”^[10]

So In English

You the blogger are the data controller
WordPress your site provider is the data processor.
Your followers are the Data subject.

Failure to comply :

Again copied from the GDPR wiki.

a fine up to €20 million or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater, if there has been an infringement of the following provisions:

Learn more about GDPR at GDPR wiki.

In short, GDPR states that if a website collects or stores data related to an EU citizen, you must comply with the following:

Tell the user(followers) who you are, why you collect the data, and how long it will be stored. That is, you need a privacy policy or something
Get clear consent before collecting any data – Generally this happens on WordPress by default
Let users /followers access/delete their data – ensure they know how to contact you
Let users know if data breaches occur – with 72 hours of a breach of data you must inform all your followers.

Learn more about GDPR at GDPR wiki.

I REPEAT I am not an expert or a lawyer , just a joe blog “blogger ” sharing with other bloggers. This is just my rushed current understanding.

Please do not be fooled that this only applies to EU and UK blogger, it applies to all bloggers, which ever country you blog from. Even if you are on wordpress site that is free, even if you are not making any money from blogging. It is to do with safe guarding personal data of your followers.

BUT, I don’t hold personal data – you Say?

Oh yes you do!. When someone comments or subscibes you take their Name, Email address, and WordPress collects their IP address, so that you receive an email that they subscribed and commented, and that they know when you posted a new blog post.

DO NOT BE SCARED- there is help out there!

Yes, we are just hobbist blogger, and therefore we don’t have that much to worry about. But, we do have to be careful.

As the Data Controller (blogger you, even if your site is free), we have to ensure our site, our emails, our computers/ mobile phones are secure and can’t get hacked. Because, if someone hacks your computer they can easily get into your blog and get the names and emails of your followers and that is a breach.

Equally – WordPress.com as the Data Processor has to be careful as well.

Did you know that WordPress.com is owned by a company called Automattic. Automattic have a:-

GDPR FAQ https://automattic.com/automattic-and-the-general-data-protection-regulation-gdpr/
A privacy policy for visitors: https://automattic.com/privacy-notice/
This is their own privacy policy which they say is legally shareable so we can use it and adapt it to make our own omitting or adding things as necessary https://automattic.com/privacy/

My Wonderful Blogger friend Cat at My Peacock books has written three extremely useful post on this, I link them below and I encourage you to read them.

Actually, Cat is the one who entlightened me about Automattic and provided the 3 links to Automattic.

She has done a great job in demistfying GDPR and I ask you to read her posts. Because, frankily, I am no expert on this and I won’t do as good a job as Cat has done, and frankily I don’t want to reinvent the wheel.

Cat, said in her first post she will do more post on GDPR in the next few days. I list the post in the order she has posted. Clearly, this won’t contain her latest post so visit her blog for that.

Final Note

Learn more about GDPR at GDPR wiki., Read Cat’s blog posts, they are so useful and easy and helpful. Also, make yourself familiar with WordPress policies on data privacy. Create a Privacy policy. Don’t be scared, just take action. Those who are more serious blogger and self hosted may have to do more investigation, but usfree and non business wordpress bloggers just need to a few things (well… still I am no expert).

Again, I am no expert, no lawyer no guru on this. I am sharing my rushed learnings to my fellow bloggers and I hope that you take the time to wise up on your responsibilities to GDPR.

Oh Yeah – Data Security is not only applicable to electronic data it applies to paper copies.

Finally , Finally, in 2016 I wrote a post on blogging legally – have a read of that too (now that data may be a bit old- ), but there is more to meets the when blogging.

But, you can still have Fun Blogging, just be wise and be informed. Ignorance is no excuse.

Again , I am no expert !!! So don’t hold me to anything. Do your own research.

Don’t be scared. It is not so bad. Take the steps to read the links above and take a bit of action – I promise you will feel better. I was being a bit can’t be bothered with this, I am blogger it doesn’t impact me it is all wordpress’s responsibility, but then all my friends who are non wordpress bloggers etc where doing something and then Cat did her post I thought – Laziness is no excuse and frankily I should have done this sooner.

Here are a few quotes to lighten the load.