The General Data Protection Regulation (EU 2016/679)

Heard about this/are you interested? Well you should have and need to be!

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. It was adopted on 14 April 2016 and after a two-year transition period, becomes enforceable on 25 May 2018. The GDPR replaces the 1995 Data Protection Directive. Because the GDPR is a 25 May 2018 regulation, not a directive, it does not require national governments to pass any enabling legislation and is directly binding and applicable. (as an aside it was mentioned to me that the United Kingdom had been offered an opt-out from this regulation; as reported, it was thought, by the Daily Telegraph); if anything that newspaper reports can be believed, but perhaps I digress?

Before we hear the cries about ‘another EU law’ perhaps one should bear in mind the the EU is a law taker and not a law maker. In this context one but needs to refer to the United Nations Development Group and this document in which it states: this Guidance Note is not a legal document. It provides only a minimum basis for self-regulation, and therefore may be expanded and elaborated on by the implementing organizations. For those interested, another document worth reading as background to this latest Data Regulation is this from the United Nations Statistical Commission; which involves substantial input from UNECE, one of 32 members (plus 16 ‘observers’) of the United Nations Development Group.

The foregoing rather makes a mockery of the likes of May, Redwood and their ilk who insist that we must withdraw from the European Union in order to ‘make our own laws’, does it  not? But then perhaps I digress once again?

So what is the General Data Protection Regulation and what ramifications does it have for bloggers? Bloggers hold personal information on those who comment on their blogs; be that email addresses, ‘real’ names as against ‘user’ names and possibly telephone numbers. When processing personal data, explicit consent from individuals is a requirement under GDPR. This means that after May 25 you can only email users who have actively, freely and willingly opted in to receive messages from you; be it replies on their comments.

This also applies retroactively to any subscriber in your current mailing/comment list. Even if you’ve followed best practices for mailing/list sign-up, you may find that you don’t have the level of consent required under GDPR to continue sending marketing emails/comments to your list. Don’t ignore this aspect as you may be asked at any time to provide this information. So it’s best to act now to ‘repermission’ your list and collect affirmative consent so you can send/reply confidently after May 25.

Suffice it say this latest EU regulation is a minefield of compliance, however SfS does not have to overly concern himself as he uses PDPS to ‘manage’ his blog where ‘technical’ matters are concerned.

I would, without hesitation, recommend any blogger unsure of what he/she needs to do in order to comply with this latest EU regulation to contact PDPS where, for a small/smallish, fee (depending on the work requested) they can then sit back in comfort knowing ‘things have been taken care of’. There is a ‘contact’ facility on the aforementioned link, or one can telephone 029 2000 6906.

Off you all go……………