Saturday, May 26, 2018

GDPR Compliance




I've been distracted all week with the GDPR - the General Data Protection Regulation, which took effect on May 25.  It's supposed to protect the privacy interests of citizens of the European Union (EU), particularly data collected and stored by organizations, groups, and websites.

Since I have this blog, and since I know it has readers from EU countries (particularly Germany and Lithuania, where my ancestors are from), I thought I should pay attention to this, even though I may not have to.

Judy G. Russell, who blogs as the Legal Genealogist (she is a lawyer by training, although she is adamant that she is NOT giving legal advice about GDPR), notes that "genealogists with family websites, individual hobbyists with blogs and even professional genealogists or societies that hope to earn money from their web presence are not the main targets of the EU, and some aren’t covered by this rule at all."

This is followed by a footnote where she cites her source (the reason I love Judy is that she is *always* citing her sources): "See GDPR Recital 18: 'This Regulation does not apply to the processing of personal data by a natural person in the course of a purely personal or household activity and thus with no connection to a professional or commercial activity.'”

My family history blogging is entirely personal; I don't make any money from it.

However, even Judy outlined steps she took with her blog, and I am following them as well.  I do want those in the EU to feel comfortable commenting on my blog or contacting me via e-mail.

I took a look at this blog and removed some of the widgets on the sidebar to the right.  I got rid of feed and e-mail subscription links, because I couldn't find proof that any of the outside sources providing those services (like NetVibes and Atom) were GDPR-compliant.  I also removed the Google/Blogger Followers list, as well as links to some of the blogs I follow.  This was more to protect the privacy of those people, since their Blogger/Google profile photos show in the Followers list.  That may have been overkill and I may be able to bring those features back when I learn more.

I believe if you are subscribing to my blog via e-mail or an RSS, you should still get the feed, but I have not been able to figure out who was subscribing with those tools.  The exception is with Feedburner, which Judy recommended not using as the site has not been updated in years.  I was able to see my subscribers' e-mails there, but I believe most of these are spammers - all but four were outlook.com addresses with nonsensical names.

IF you have an outlook.com e-mail address and want to follow my blog, please send me an e-mail (you can use the link at the bottom of this post or in the sidebar) and let me know.  I will be contacting the four people, all of whose e-mails I recognize, to get documented consent for their e-mail subscriptions.

Google is already providing a cookies notification for EU users, and the more secure Hyper Text Transfer Protocol Secure (HTTPS) web protocol.  I put a very brief privacy policy notification at the top of my side bar, but I am working on a more detailed one that will be a separate page you will be able to access from one of the tabs next to the home tab.  I'll use the top of the sidebar to notify my readers when that is in place.

Finally - because this *is* so time-consuming and I'd rather be researching and writing than messing with this - I made some of my blogs (such as Bookin' It, where I review my reading) private for the time being, and I am removing myself from a non-work-related group blog - as I'm not an administrator and cannot do anything to improve the GDPR compliance of that blog.

© Amanda Pape - 2018 - click here to e-mail me.

No comments:

Post a Comment