Sat. April 28, 2018 – GDPR Compliance

I’m getting an early start today. I’ve got one daughter at a special Girls run downtown, and the other has her normal softball game early this am. Currently 59F and damp, but due to get warm and dry later.

RickH, our site admin and all around go to guy has prepared the following about the changes driven by the European privacy act. Much like the ROHS directives, no force of law in the US, but companies are complying anyway as a way to sell into the EU, and because it’s easier to do one version of a product. No one wants to be the test case, so we surrender a bit more of our sovereignty one regulation at a time. Privacy is a good thing, but like most regulations, I expect the unexpected consequences of this rule will be very different from what was desired. In any case, here is Rick’s take on the subject and what it means for us here…. nick

==========================================================================

It’s sunny/cloudy/rainy this morning in my little corner of the Olympic Peninsula across from “Mutiny Bay”. (It depends on when Nick publishes this post. I just wanted to start, as per custom, by a weather report).

I’ve put this in a comment Thursday evening (25 Apr 2018), but thought I would put it here so it is visible to all…and to allow comments.

There is a new ‘data privacy’ law from the ‘nice’ folks in EU, called GDPR, that will apply to everyone on this site. It requires web sites to notify you if any potentially personal information (like your name/email in comments, or for analytics, or cookies) are stored on the site. Compliance is required by 28 May 2018, and has hefty fines that can be levied.

GDPR applies to any site that collects info, even if hosted in non-EU countries. Since this site uses analytics, and collects your name/email if you comment, the site has to comply with the policy. And we do have visitors (and commenters) from EU countries.

So, you might see some changes come up as I try various ways to comply with the policy. There may be a ‘ok’ box before you see (any) content, and the comment and contact forms will have an additional checkbox to acknowledge that it is OK to store your personal information. You’ve probably seen them on other sites; the ‘we use cookies, okie dokie?’ messages.

In addition, there must be a way to allow people to ‘un-allow’ their personal information. Still figuring this out – there’s all sorts of advice on the googles, and some of it is wrong. I think there will be a process to allow you to remove your user profile, and then that will delete your personal information. But you will still need to consent to the use of cookies, since we use those for analytics. And you will have to re-enter user/email on comment forms.

So, changes afoot here. But we have to comply, even though we are not EU-based. We have EU commenters here. And I suspect that there will be “GDPR Trolls’ that will be looking for (and suing) sites that are not compliant.

I’m testing the tools on one of my test sites, but will also be installing the tools here….and on all the other sites I manage. Enabling all required aspects of GDPR compliance will protect the owners (Barbara) – and admins (Nick and me) – of this siteĀ  from massive fines and legal issues.

This needs to be done if you have any web site, especially if you allow comments, or gather ‘analytics’ data, or send visitor data to a third party (like Google Analytics). Even if your site and hosting is US-based. Any visit by a EU

You are welcome to add your comments below, as always. But thought I would alert you to why the changes are being done.

I wrote something on my “SecurityDawg” blog about it here, including how I will be implementing it in a way that will be easy to install on all the sites I own/manage/admin.