Are you GDPR Ready?

May 17, 2018

Disclaimer: The information I provide below is meant to point blogger's, site owners, and writer's towards sites that provide clarity on GDPR. It is a list of sites that I visited, and is in no way an indication that I have vetted the information on the sites or that I claim these sites to provide legal advice. I am not a lawyer and I take no responsibility for the advice provided. It is entirely your responsibility to make yourself knowledgeable and fully compliant with regulations.

If you are a blogger or have built your online platform with a website, you may have seen recent coverage on something called GDPR, or GDPR Compliance. GDPR stands for - General Data Protection Regulation. This regulation, created by the EU, places serious and complicated requirements on anyone requesting, using or storing electronic data from people. Here's where you start thinking, "oh, phew that's not for me, that's for corporations like Facebook," or "phew that's for the EU, not here where I live." *making an annoying buzzer sound* WRONG!

 

First, let me quash the idea that this regulation doesn't apply to a little old blogger. If you're like me, and have been building your Author Platform, or if you're a blogger working on expanding your audience, it definitely applies to you. You know that email subscription list that you covet so much? Yup, that's part of this data protection act. The GDPR's efforts on protecting the identities of citizens, reach far and wide. If your site uses cookies, which most servers do, then you need to concern yourself with the GDPR and related Cookie Laws, because these changes are not just about collecting and storing data. Whether you launched your site via Wordpress, Wix, GoDaddy, or any other site creating service, the GDPR places responsibilities on you and not just on the company you used to create your page.

 

Second, if you blew out a long hard breath because you said to yourself, "I don't live in the European Union, I don't have to worry about this," then hold your breath again. Every site, that I provide links to below, explains that this regulation is beginning with the EU as of May 25, 2018, but within a very short period of time we should be expecting the same regulations to be applied here. When you consider the insane number of data breaches in very recent history, it's no wonder. It is actually more surprising that this change hasn't come into effect prior to this year. As a matter of fact, take a look at the website building organizations I mentioned above. Most of them have taken the necessary steps to become GDPR compliant, and have sent out notifications to their users to help them adapt to the requirements. Another thought that came to mind, when I wondered if this EU regulation was applicable to my site, I remembered that my site is not secluded to the States. Anyone in the EU can access my site, be subjected to the cookies and they have the ability to subscribe to my emails.  While I am not sure if I could be held liable for not having a GDPR ready site, if and when an EU citizen visits it, I am not taking any chances. Why wait to find out?

 

The actual GDPR legal info is too complicated for me to deign to elaborate on further. What I have done for you here, is link every site that I visited that clarified the GDPR for me and helped me prepare my website. I felt compelled to share this info in order to stress how very serious this regulation is, and how very soon everyone that runs some form of website, will be required to comply.

Sites that offered me clarity:

  1. The Bloggers Guide to GDPR (Retweeted by my editor. If not for her retweet, I wouldn't have been able to get the jump on preparing my site)

  2. Iubenda

  3. Preparing Your Wix Site for the GDPR  (Despite this being geared towards Wix.com users, it has detailed info about the GDPR)

  4. Five Final Checks to Ensure GDPR Compliance

 

Q&A I received via email from Iubenda:

 

So, how does the GDPR govern cookies?
Well, the short answer is that it doesn't — cookie usage and it’s related requirements are not governed by the GDPR, they are instead governed by the ePrivacy Directive (or Cookie Law).
You can think of the ePrivacy Directive as currently “working alongside” the GDPR in a sense, rather than being replaced by it. With that said, the ePrivacy Directive is, in fact, going to be repealed soon by the ePrivacy Regulation which is still expected to work alongside the GDPR to regulate the requirements for the use of cookies. The regulation is expected to maintain values similar to the directive with much of the same guidelines applying.


Do I need to list the name of each cookie (including third-party cookies) used on our website or app?
No, the cookie law does not require that you list and name individual cookies. However, you are required to clearly state their categories and purpose. This decision by the legislative authority is likely deliberate as to require this would mean that individual website/app owners would have to constantly monitor every single third-party cookie, looking for changes that are outside of their control. This would be both unreasonable and likely unhelpful to the average user.

Must I provide the mechanism for users to manage their cookies preferences (including withdrawal of consent) directly on my website or app?
No, the cookie law does not require that you provide users with the means to toggle cookie preferences directly on your site/app, only that you visibly provide the option for obtaining informed, active consent, provide a means for the withdrawal of consent and guarantee via prior blocking that no tracking is performed before consent is obtained. This means the opt-out mechanism does not have to be hosted directly by you. In most cases under member state law, browser settings are considered to be an acceptable means of managing and withdrawing consent.
Our solution goes a bit further than this by pointing to the browser options, third-party tools and by linking to the third party providers, who are ultimately responsible for managing the opt-out for their own tracking tools.

Do I need to keep records of consent to cookies for each user?
The Cookie Law does not require that records of consent be kept but instead indicates that you should be able to prove that consent occurred — even if that consent has been withdrawn. The simple way to do this would be to use a cookie solution that employs a prior blocking mechanism as under such circumstances, cookie installing scripts will only be run after consent is attained. In this way, the very fact that scripts were run may be used as sufficient proof of consent. 

Changes I've made to my site thus far:

You should have noticed, upon entering my site, that a Cookie Policy Pop-Up appeared. Wix.com, my website creator, provided this helpful add-on to assist with the GDPR. I also added a Privacy Policy page to my website, where I pasted the privacy and cookie policies generated from Iubenda. I made some changes to my email list subscription form, adding a disclaimer and radio button, in order to receive explicit consent for email shoutouts.

 

I hope the info I provided will be of valuable use to you. To my current subscribers, please note that you can read my cookie and privacy policy at any time and Wix has made it simple for me to provide you with, or remove, your data easily after May 25, 2018.

 

Happy blogging!

Please reload

Our Recent Posts

Please reload

Archive

Please reload

Twitter Feed

Related Posts

Please reload

©2018 BY INES LOZANO. PROUDLY CREATED WITH WIX.COM