GDPR.. a new term that’s been emerging lately that means General Data Protection Regulation and it’s a big deal. While there have been many avenues talking about this lately, we’re going delve into some much needed insight that you may not be aware of just yet to answer the question: what is GDPR in this plain talk GDPR overview ?
Here's what we know.. EU GDPR or General Data Protection Regulation has been the law of the land for a little over a month now as of the time of writing this post and you may even think it really has nothing to do with you.
Eh, the jury is still out about that one… plenty of debate but the GDPR EU likely does apply to you in some way or another.
With that said, ask yourself one question…
Do you process personal information from any visitors that visit your blog or website ?
Chances are good that you probably have some sort of “list” where you’re collecting email addresses or other user information. And, if that’s you, then GDPR regulation likely applies to you.
Another aspect of GDPR EU is that it originated as more of a European focused concept hence the EU.
GDPR The EU And Websites Like Yours
Your next question is likely to be, well if it’s focus is on Europe and I don’t live there, then what’s it got to do with me ?
Good question and here’s a good response to that question.
If you handle any information that personally identifies a person connected to your website and there’s plenty of information out there that would qualify then you are accountable for that information regardless of whether you live in Europe or not. Data protection within the details of GDPR regulation would suggest that this is not just about Europe.
Trust me.. EU General Data Protection Regulation may have started in Europe, but the law makes sense and you may as well get ahead of it and start being responsible with the user data you’re collecting.
Like any law, if you break the law, there’s the potential for painful penalties reaching into the “hundreds of thousands of dollars and more” if you don’t play by the rules and start being responsible with the data you’re collecting.
We all should care about what happens with our personal information and the reality of this has become more and more staggering, real and frightening for people with each passing day.
There may have been a time where people didn’t care that much or even gave it much thought, but the tide is changing. That reality in connection with a law like EU GDPR (and I’m sure there will be more to come) means that data privacy and data protection is getting to a level of seriousness that it should have always likely been at long before now.
At the core of what GDPR is comes down to for lack of a better way to say it.. “doing the right thing”.
EU GDPR Transparency And Honesty
Let’s be honest for a moment.
We are all people and we are bound by laws. Our lives are set by rules and parameters and we can’t just do whatever we want. We know there is no perfect way to live, but we know there’s a right way and a wrong way too.
We know there’s compliance and non-compliance.
These are all simple concepts that we are all aware of and we know that we don’t have to reside in a specific country to live by such principles either.
Simply put.. right is right and wrong is wrong and the same applies to our responsibility to doing the right thing and that’s what GDPR is about.
When a visitor comes to a blog or a website and provides their information for any specific reason, that blogger or site owner is in charge of that information and decides what to do with it.
Even simple activities like blog commenting fall within the scrutiny of GDPR regulation.
Because even such an extremely common activity (think Wordpress or another CMS) typically require as part of leaving a comment that you leave a name and email address or allow you the opportunity to leave a website address.
With that said, there is a level of trust and transparency that the information provider has given to the owner of that content space.
Collection of information cannot be done so under general terms beyond what is reasonable. Collecting an email for an email list isn’t unusual or out of the ordinary when you’re specifying that you need their email for the email list and indicating what that email list is. If you are interested in asking for more personally identifiable information, then you have to clarify why you need each piece of that identifying information.
Sound like a big deal ?
Sound like a pain in the “you know what” ?
Maybe.. but it’s all in the goal of doing the right thing too and being responsible with the information that people are trusting you with. You’d have the same expectation of responsibility if it were you handing your information over to someone else.
Data Privacy And Protection Issues
If you think about all the trouble that Facebook has gotten into over the years, what has been the core of their issues ?
It’s been privacy and it’s been how they’ve handled user data and how transparent, truthful and trustworthy they have been with "you". Facebook has always had a history on this matter too. From the days of when Zuckerberg gloated about how stupid people were for trusting him with their information to their Facebook messenger which had the capability to send emails to your contact list without you even knowing it to the Cambridge Analytica catastrophe.
While I know this isn’t all about Facebook, I mention them because they may as well be one big rock in the water of what has contributed to the emergence of the general data protection regulation.
It is scary stuff when you consider just how integrated we are to all things we do online. Whether we’re talking about our activities with online retailers or in various content spaces that ask to develop relationships with us through mailing lists, contests, subscriptions, webinars and more and this blog is no exception.
Online spaces need to form relationships and so much of that is about trust, transparency and responsibility. It doesn’t matter whether you are a site that sees 50 people a month or 5 million per month… whether you’re in the EU or the US.. these principles apply to everyone.
GDPR EU and other additions to it or iterations of it are going to come along. Don’t just hand out your data willy nilly and recklessly and trust carelessly. Your personally identifiable information is attached to you and we should all exercise the same care that we take to that information “offline” and apply the same level of care to it in our online activities and relationships with content and other online spaces too.
Thanks for reading this post !