GDPR: a breakdown and what we’re doing about it
The GDPR (General Data Protection Regulation) compliance deadline of 5/25/2018 is swiftly approaching. If you’re not familiar with GDPR, it’s basically a new/updated set of privacy protection guidelines the EU is requiring for anyone that obtains, stores, or processes personal information about an EU resident. This includes name, email, city, favorite color, hair color, shoe size, type of car they drive, or even their height. Yes, all of this information is considered personal information. Additional information about GDPR can be found at these official resources:
https://www.eugdpr.org/ (the main site to find information regarding this regulation)
How Does GDPR Affect Me?
If you collect any information about your visitors/users and think they might be EU or UK residents, please continue to follow along.
We will be starting to perform periodic checks of all sites for EU country references (and potentially other information) to identify if you have EU resident data saved in your database/site. If you do have EU resident data, it ultimately comes down to you as a site owner contacting them if you have any information at all. This includes email address, phone number, postal address, anything that could be used to contact them. Let them know specifically what information of theirs that you have and ask the EU resident what they would like you to do with their information. Or, you can simply choose to delete all associated data of EU and UK visitors. We actually recommend this if you have no further use of such data.
Through our research, bloggers and site owners should also plan to do the following:
- Displaying a privacy notice anytime they collect personal information classified under GDPR,
- Have a data processing and security policy, and
- Have robust security anywhere data is processed.
The following should also be reviewed on your site(s) to make sure they comply with GDPR requirements:
- Remove auto opt ins. Opt ins on newsletters need to have a “tickable” option, not something that is pre-ticked, or “assumed” to be accepted by the end user.
- Do not use opt in freebies to get email addresses for one purpose then use them for another. If you gained email addresses this way you should go out to gain consent or you may be in breach of GDPR. You may use opt in freebies if you explicitly state what other purposes their contact information may be used for.
- Discontinue sharing data with anyone else who wasn’t named at the point where data was provided, for example, a brand who asks for the email addresses of giveaway entrants.
- Stop collecting data where not necessary, for example, contact forms and comments.
- Do not share named brand PR contacts without explicit permission from end users.
Overall, it seems a privacy page and making sure mailing lists are compliant are the big tasks. There are a plethora of resources for bloggers and site owners regarding GDPR and getting your site ready. Just take to Google!
As most of you are using WordPress, we found that they are adding some tools to WordPress itself to help make things easier for website owners. They have already started adding some of these, but the rest should be out by the end of April or beginning of May. Information on this can be found at:
We will keep you apprised of any additional information/requirements we come across as the deadline approaches and as requirements develop. Again, this would only impact you and your site if you are storing personal information of EU residents.
We have been asked by several of our clients if we can just straight up block EU/UK resident IP addresses from accessing their site(s). Yes, there are a few ways we might go about that, however you would still either have to delete or notify EU/UK resident personal information from your site/databases. Just something to keep in mind! If you are interested in blocking the EU/UK from visiting your site(s), please open a support ticket so that we might discuss your options.
If you do not collect user data on your site, GDPR shouldn’t apply to you. If you do require GDPR compliance or just aren’t sure, please feel free to open a ticket with us (preferred method of communication) or send us a message through our Facebook page https://www.facebook.com/blackchickenhost/ .
What Black Chicken Host Has Done
We’ve always been about your rights to privacy here at Black Chicken Host, and already had processes in place in our system to allow you to alter or remove any personal data from your account. To make sure we explicitly comply with these new GDPR requirements, we have made changes to our Terms of Service and Privacy Policies, which can be found on our website:
We did review our own system for EU residents and sent messages to get in contact about their rights under GDPR as our clients. If you are an EU resident with an incorrect Country selection or we otherwise somehow missed contacting you outside of this message, please contact us as soon as possible!
If any of this sounds alarming or daunting, please do not worry. We are always here to help to the best of our ability!