GDPR which stand for General Data Protection Regulation. It's data protection law in the EU, which comes into force from May 2018.

In short, GDPR states if a website collects or stores personal data related to an EU (europe) citizen, we must comply with the following:
  • Tell the user who you are, why you collect the data, and how long it will be stored.
  • Get clear consent before collecting any data.
  • Let users access/delete their data.
  • Let users know if data breaches occur.
The penalty for non compliance can be up to € 20 million, or in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher. There are various slabs of penalties according to the seriousness of the data breach, which have been described in the FAQ section of the GDPR website.

What is the definition of "personal data"?

Under GDPR, personal data is any information relating to an "identifiable person". Identifiable information includes such things as a name, ID number, location, ethnicity or political standing. Data doesn't have to be confidential or sensitive to qualify as "personal".

When looking at most normal blogs, personal data will include:
  • Blog post comments data (name, email, IP).
  • Traffic stats plugins/tools such as Google Analytics.
  • 3rd party hosted services such as Disqus, Jetpack, Bloglovin.
  • Email signup forms such as FeedBurner
  • Contact forms
  • Issues relating to the location of your web host. E.g. data is transferred to servers outside the EU

How to make my blog GDPR compliant?

Blogger automatically added the EU Cookie Notification on our blogs to help meet these regulations. The notice explains how Blogger Cookies, as well as the use of Google Analytics and Adwords Cookies. And if we are using 3rd party plugin into our blog, we must look that service have GDPR notice, if not we must included in our notices.

The main core to make blog GDPR Comliant is:
  • Create a Privacy Policy. Link the Privacy Policy in your main menu, it can be in a dropdown. Do not copy and paste a Privacy Policy from another site.
  • Check 3rd party services for information about their compliance (e.g. Disqus). You will need to list any information about 3rd party services in your Privacy Policy.
  • If you gather email addresses as part of a newsletter or subscription service, you must provide the ability for people to opt-out or unsubscribe. You should also ensure that any signup forms inform users of what data you gather and how it is stored/used.
  • Ensure that your site is installed on https rather than http.
Reference:

Share This

No comments:
Post a Comment

About
BloggerBasics101 is licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.
Misc