GDPR Awareness

We got 2 years to adapt to GDPR (General Data Protection Regulation), the new EU Privacy law. But most of us are excellent in procrastination and sometimes it is easier simply to panic.

In my understanding GDPR is about personal data, operations with it and consent of data owner. I have very simple wordpress blog/website. I do not collect any information about my readers, I never force somebody to read my blog post or any other pages of my website, I have no special plugins or cookies to track you, I do not send any emails. So why should I bother about GDPR?

If I do not collect any personal data, am I sure that the platform I use for my blog (WordPress) does not do it as well? To answer that question, I checked first what GDPR understands with “personal data”. Answer is simple – anything what helps you to identify physical person. Some examples: name, postal address, bank account, email address, IP address.

Yes, you can identify somebody by his email address and IP address, and both are pretty necessary to do anything on internet.

WordPress is no exception – it collects personal data of users – readers and spammers. Here you can see site stats and link in admin panel to akismet stats – both default features which I cannot deactivate. If you want to leave a comment than 1) you have to log in and 2) your IP will be saved, which is another default feature, which I cannot deactivate.

Second bunch or potential danger are all kind of embedded social networks – g+, FB, twitter … you name it. They are present in our digital lives, but I have no idea what exactly they do.

What i did?

  1. reduce the waste! I removed everything what I do not find necessary. e.g. I have no liking or sharing options anymore, because I do not use it myself and I do not know what the third parties do with my readers data.
  2. started to rework privacy policy page and consider to look for another blogging platform
  3. WordPress created webpage for all GDPR related issues. I expected to find there answers to all my questions, but unfortunately it did not happen. One of the issues (please notice that this is less then 24h before regulation takes effect):
>> How do I opt out of being tracked when I use Automattic’s services?

We’ll offer an opt-out from our first party analytics tool for WordPress.com users. We are still working to finalize this process for our products. We will update the information here, and in our documentation, with more details about how these processes work once they are ready.

 

what should you do?

  1. first of all you should know that I do not collect any data on you
  2. if you do not want to be identified –
    • do not spam (in this case WP saves your IP address to protect my website)
    • do not leave a comment on my website (in this case you have to log in on the platform) — UPDATE: until WP updates the platform, I am closing commenting feature.
    • do not follow my blog (login on WP)
  3. if you want to contact me – do it via email: kris [at] corbus dot digital  or twitter

Some links, I found useful

Definitions what GDPR understands with personal data, operations with it and consent of data owner

GDPR compliance checklist

DSGVO Selbsthilfegruppe on FB (German)

Privacy policy of others (German)

Privacy policy generator (German)