GDPR and your blog

On May 25th, a new set of rules and regulations comes into law for UK and EU online data. This is GDPR … the General Data Protection Regulation.

  • This isn’t going to be an all-out or in-depth analysis of GDPR or what you need to do, but it hopefully will get you thinking and acting on your own blog in time for the May 25, 2018, deadline.

In short the new GDPR regulation will “give citizens of the EU control over their personal data and change the approach of organizations across the world towards data privacy.” ( This may be just a European initiative but it has a global reach, as it is all about the data collected that makes the user identifiable, whether the data is within or outside of the EU zone.

“The GDPR applies to data collected about EU citizens from anywhere in the world. As a consequence, a website with any EU visitors or customers must comply with the GDPR, which means virtually all businesses that want to sell products or services to the European market.”

In reference to the ‘data’ that is captured, it is split into two distinct types of data .. personal data or processing of personal data. The difference, in terms of my blog, or your own blog is this, taken again from the website:

  • Personal data – “any information relating to an identified or identifiable natural person” – like name, email, address or even an IP address; it is better to think that any piece of data can be considered personal data.
  • Processing of personal data – “any operation or set of operations which is performed on personal data”. Therefore, a simple operation of storing an IP address on your web server logs constitutes processing of personal data of a user.

Regarding your WordPress blog, there are a number of plugins available that are supposed to check (and fix?) your installation and let you know if you are compliant or ‘needs attention’. 

As I run Disqus commenting system on this blog (of which I’m questioning it’s merit, more later) I have to check that this too is compliant. Whilst I am not capturing nor storing the data on my blog, users who make and leave comments are clearly identifiable, therefore I need to demonstrate GDPR compliance as a processor of data. Disqus themselves are working on the implications of May 25, and are publishing their findings and actions as we get closer to the date (this from May 9 – Update on privacy and GDPR compliance).

It is a big worry to those running a self-hosted blog, and it should also be for those running any kind of blog or website. If in doubt, find out more about GDPR and how you think it will affect you.

Further reading on GDPR and blogging, bloggers, microblogging, etc.

Image source: Dennis van der Heijden (CC BY 2.0)