GDPR, blogging and DefinIT
So…this is a frustrated sort of post. As you are most likely to already know, the new data protection laws (GDPR) are coming into effect on the 25th May 2018. I must emphasise that I am not an expert on GDPR, this post is my layman’s conclusion for my specific circumstances. I run this blog as an exercise to help others, provide information and as a hobby. There is a lot of speculation around how this will affect bloggers, and a lot of panic and mis-information too. I’ve seen a few people this week simply shut down and delete their blogs – which is both upsetting and sad.
Once again, here is my disclaimer: I’m not a lawyer and I’m not providing you legal advice. Contact your legal council for help interpreting and implementing the GDPR. This article is provided for entertainment purposes, and amounts to nothing but my interpretation of the GDPR.
My general approach to GDPR is one of avoidance – I will avoid collecting any Personally Identifiable Information (PII).
Please feel free to get in touch via twitter (@sammcgeown) with any suggestions or updates and I’ll gladly share them (at least, the non-personally identifiable parts :))
Some general privacy best practices, which help towards GDPR compliance
- I already use SSL to secure the site through LetsEncrypt, and HTTP redirects to HTTPS, so that’s good.
- I already back up the site regularly, and encrypt my backups
- My web server is patched and updated regularly
- My WordPress and all Plugins are updated regularly
All comments on DefinIT.co.uk have been disabled, and any existing comments have been deleted. I’ve done this because it seems to be the most efficient way for me to remove the risk that Personally Identifiable Information is collected and stored on the site.
Also, managing comment spam is a pain in the a***
To disable the comments site wide, I used the Disable Comments plugin, which allowed me to disable comments site wide and delete all existing comments. So here it is, 1498 legitimate, productive, helpful comments removed from the site to protect me from GDPR. I’m sorry to all those who put effort into discussions and helpful input.
I use the Google Analytics Dashboard for WP (GADWP) plugin and ensure IP addresses are anonymised. That’s the only PII collected by Google Analytics, but we also enable user opt-out, and compliance with Do Not Track.
For now, I’ve disabled social media links – the reason for this is that they tend to be trackers for the social media platforms that they link back to. I may revise this at a later date when I understand the implications better for each platform.