This was the second example I've seen today of a smaller website deciding it is easier to shut down parts of their website, rather than attempt compliance with GDPR. (The other was StreetLend, see https://news.ycombinator.com/item?id=16954306 )
In this case, it affects me directly as a regular reader of Alastair's blog. I got notifications of new posts via his email list, but he is deleting the MailChimp mailing list because GDPR requires him to delete everyone anyway and re-opt-in under new GDPR consent (even though the list was already double/confirmed opt-in).
He's also deleting the entire Wordpress blog comment history, because it is easier to delete everything than to individually contact all the commenters and ask them to provide new explicit GDPR consent for previously posted comments.
There is also some greyness around Mailchimp hosting data in the US. In my work environment we have been advised not to use them because of this and choose providers with UK or EU hosting.
But if it's a personal blog and I decide to sell products, it's then 'not' personal and a business and therefore GDPR will then apply. Too many things for me to be bothered with at this stage, so the easiest solution is to limit exposure to it.
> However, I asked them for clarification on this point. I noted that I couldn’t see any exemption from the obligation to register, unless it was the general exemption (at section 36) from the Data Protection Act 1998 (DPA) where the processing is only for “domestic purposes”, which include “recreational purposes”. I noted that, as someone writing a semi-professional blog, I could hardly rely on the fact I do this only for recreational purposes. The ICO’s reply is illuminating
> > if you were blogging only for your own recreational purposes, it would be unlikely that you would need to register as a data controller. However, you have explained that your blogging is not just for recreational purposes. If you are sharing your views in order to further some other purpose, and this is likely to impact on third parties, then you should consider registering.
People keep saying GDPR is imposing new restrictions. Mostly it isn't - we were just ignoring the restrictions that already existed.
I do understand how GDPR works @qz3 as in my work I'm heavily involved in it.
What you misunderstood is that although I know there are ways I can make things compliant, I don't have the time or inclination to do so as an individual blogger.
8 comments
[ 3.5 ms ] story [ 35.3 ms ] threadIn this case, it affects me directly as a regular reader of Alastair's blog. I got notifications of new posts via his email list, but he is deleting the MailChimp mailing list because GDPR requires him to delete everyone anyway and re-opt-in under new GDPR consent (even though the list was already double/confirmed opt-in).
He's also deleting the entire Wordpress blog comment history, because it is easier to delete everything than to individually contact all the commenters and ask them to provide new explicit GDPR consent for previously posted comments.
If you were handling personal data in your blog and it wasn't recreational you already needed to register with ICO (in the UK).
https://informationrightsandwrongs.com/2014/08/17/ico-indica...
> However, I asked them for clarification on this point. I noted that I couldn’t see any exemption from the obligation to register, unless it was the general exemption (at section 36) from the Data Protection Act 1998 (DPA) where the processing is only for “domestic purposes”, which include “recreational purposes”. I noted that, as someone writing a semi-professional blog, I could hardly rely on the fact I do this only for recreational purposes. The ICO’s reply is illuminating
> > if you were blogging only for your own recreational purposes, it would be unlikely that you would need to register as a data controller. However, you have explained that your blogging is not just for recreational purposes. If you are sharing your views in order to further some other purpose, and this is likely to impact on third parties, then you should consider registering.
People keep saying GDPR is imposing new restrictions. Mostly it isn't - we were just ignoring the restrictions that already existed.
What you misunderstood is that although I know there are ways I can make things compliant, I don't have the time or inclination to do so as an individual blogger.