GDPR? What Has it Got to Do With you and me?
Over the few days I spent away from my blog, I got bugged occasionally by a frequent mail from Google and the rest with news concerning GDPR Compliance… I avoided reading these emails on occasions but then decided to know what was so important that they had to bug me so much about it. I was more concerned with what GDPR means and why it concerns me.
You’ve probably also heard about or seen the GDPR notice in your mailbox. Hello lazy reader, if you are too tired to read it. Welcome to the club.
Now, before we begin, I’m Onome, not a legal practitioner, so, what you are about to read shouldn’t be termed a piece of legal advice. Rather, call it a simplified version of important information from a good wisher to you. I have left helpful links at the end of this post to websites with details of GDPR in case you require more information. You can also research further.
When I settled down to engulf the mail and figure out what it had got to do with me, I was overwhelmed with the legal requirements therein. I discovered that I understood nothing in all I read, so I had to look up GDPR COMPLIANCE on Google.
What is GDPR?
GDPR simply means GENERAL DATA PROTECTION REGULATIONS. It is scheduled to come into effect on May 25th 2018, just a few days from now. You are not alone, the regulations on the internet are becoming really neck-breaking!
GDPR aims at giving citizens of the EU control over their personal data. Thus, website owners who have and collect user data from EU visitors or customers, must comply with the GDPR before or by May 25, 2018, or get fined €20 million or 4% of the annual global turnover of the preceding financial year (whatever this means!).
GDPR was approved in 2016, by the European Commission as the new General Data Protection Regulation (GDPR). It will replace the old Data Protection Act 1998 in the UK and EU on May 25, 2018. New requirements regarding how websites and blogs should protect individuals’ data have also been added to the new law. In a nutshell, if you are a website owner who collects personal information from users related to an EU citizen, then GDPR applies to you.
Note: If you are wondering what data collection implies, then you should ask yourself if you use any of the following: Comment form, Subscription forms, analytics, checkout forms, plugins, etc. If yes, then say no more.
Having A Hard Time Understanding GDPR?
It took me a while too. If you are having a hard time understanding what the regulation is all about, I have simplified the GDPR regulations a bit. The regulation states that any website that processes personal information should: Inform her users about data collection.
- Allow users to know the person who collects their data.
- Let users know why the data is collected.
- Inform users of the data storage lifespan.
- Ensure that users are able to give consent for data to be collected.
- Ensure that users are able to access and delete data that has been collected.
ICO Registration for Bloggers
Now, before I go further talking about GDPR for Nigerian blogger, I would like to mention a shocking compliance requirement. Website owners in order to comply with GDPR need to go through an ICO registration with $35. Oops. I, in fact, do not have the right information about ICO registration because most sites I’ve been in skipped this part. But you can KNOW MORE ABOUT GDPR ICO REGISTRATION.
This ICO registration is somewhat ridiculous to me, I must say. I can’t tell if this new fee will exempt bloggers, especially penny earning bloggers like myself. Also, I cannot tell if there is a need to be worried. I mean as in this post, it’s not May 25th yet.
Does GDPR apply to Nigerian Bloggers?
Basically, from the information I’ve grabbed, GDPR applies mainly to big websites like Facebook, Twitter, LinkedIn, Instagram, Snapchat, Amazon, PayPal and the lots that process personal data almost every minute of the day.
Will this law apply to bloggers in Nigeria too, even the petty ones like me? Well, I will say yes if you are targeting audiences around the world. We are open to the EU, no matter how small our audience is at the moment.
How (Nigerian) Bloggers Can Comply With GDPR
If you’re currently running a blog or a website, you can comply with GDPR law at the basic level in the following ways;
E-mail Lists Compliance
- If you collect emails as a blogger, you should ensure that your subscribers confirm they want to be added to your list by using the double opt-in feature which allows them to confirm that they want to be added to your mailing list. Alternatively, you can simply include a checkbox on your subscription form so they know that by checking the box, they’ve agreed to receive your newsletter.
- If you already have subscribed members who didn’t go through the process explained above, they should be contacted to confirm their subscription.
- Also do not collect information that you do not need from a user. Any information collected should be relevant to the subscription. A name and an email address are just okay in most cases.
- Allow subscribers the privilege to opt-out of your mailing list whenever they want to. Ensure that your Unsubscribe link is available and usable.
- If you allow users to create an account on your blog for some reason, you should give them the right to delete their account whenever they deem it fit.
- If you are still on HTTP, I think it’s time you moved to HTTPS to encrypt information on your blog. HTTPS has become an important requirement for blogs and websites accepting payments online. Do get yourself an SSL certificate & secure HTTPS connection now. NAMECHEAP offers free HTTPS and SSL certificates for every domain you host on their site for the first year. Renewal is also very inexpensive on NAMECHEAP.
Now that you’ve understood what GDPR means to you as a blogger, whether you are a Nigerian or not, don’t forget to comply with GDPR in whatever little way you can… I do not know much about the yearly ICO registration of $35, but I do know that GDPR is staying, so do what you can do to stay legal.
Lastly, whenever you collect any type of data from people, remember that you have to make sure they agreed and are aware of what’s you intend doing with their information.