Random photo taken in Europe (Orvieto, Italy) illustrating the type of beverage you may want to be consuming when you tackle the subject of GDPR compliance.
At a recent blogger conference, I foolishly responsibly attended a session about complying with the GDPR. This acronym stands for General Data Protection Regulation. Personally, I remember it by using it as a mnemonic for G-d Damn Privacy Regulation. If you find that mnemonic blasphemous, you could remember it as Gosh Darn Privacy Regulation. In any case, before setting a foot in that room, I should have remembered that a little knowledge is a dangerous thing, and ignorance is bliss.
Very, very basically, the GDPR sets forth the European Union (EU) legal requirements for websites gathering personal data, storing it, and disclosing to website visitors what the website does with the collected data, and how users can opt in or opt out of sharing any information with the website. The potential penalty for non-compliance with the regulation is 20 million euros or 4% of your annual income, whichever is higher. Note to EU GDPR Enforcers: I’ll save you some time, in Boomeresque’s case, 20 million eros is higher.
Aha, you might be thinking. You call yourself a travel blogger? Don’t you know the United States is not part of the European Union yet? The problem is that some of those pesky Europeans ride the Internet right into my little, tiny, miniscule website. Some of them might even subscribe to it. I like Europe. I even lived in England one year. (Oh, right, Brexit.)
I’m an almost recovered lawyer, but in law school, I was derisively dubbed the “Code Queen” because I seemed to enjoy complex statutory and regulatory schemes. (And I wasn’t even Mrs. Excitement yet.)
Consistent with my misguided appreciation of really fine print, paragraphs, subparagraphs, subsubparagraphs, etc., my area of law practice concentration was claims arising under the Social Security Act, a piece of legislation with its own entire volume of enabling regulations. (Volume 20, Code of Federal Regulations). In addition to that, there are Social Security Rulings and a robust body of federal court case law interpreting the statute and regulations because, for some reason, words don’t mean what regular people think they mean. They are “legal terms of art” which is why lawyers still have a job.
This is all by way of saying that EVEN I had a panic attack when I accessed the actual 88 page, tiny small font, single spaced General Data Protection Regulation. It has lots of Internet tech terms alien to my Luddite Baby Boomer brain. Then my eyes glazed over.
The GDPR goes into effect on May 25, 2018. I am writing this very sentence at 11:57 p.m. on May 24, 2018, but that’s Eastern Daylight Savings time (EDT). I’m not sure what time the GDPR is on. Did I mention my tendency to sometimes not see the forest for the trees?
Where I was a month before I ever heard of the GDPR. Villa San Filippo, near Barberino di Val d’Elsa, Tuscany, Italy.
Wishful Thinking Assumption I am Making About the GDPR
I assume fervently hope that EU regulators have bigger fish to make an example of than moi. On April 29, 2018, the webzine, insideBigData reported:
Less than half (46 percent) of the global organizations surveyed reported that they expect to be compliant when GDPR goes into effect May 25. Among surveyed U.S.-based organizations just 30 percent expect to meet the deadline. The EU is slightly more prepared, with 53 percent of the EU organizations surveyed expect meet the deadline.
So, I’m hoping that by the time all the Big Players figure it out, I will too — or that I will have succumbed to old age and sold retired Boomeresque.
I read somewhere that regulators will issue a warning before dropping the big hammer. I’m hoping that’s true even though every lawyer cell in my brain is screaming to me that no one should ever count on this.
The Fairmount Hotel Chateau Frontenac in Quebec City, Canada, where I was first introduced to the GDPR.
Boomeresque’s Good Faith Attempt to be at Least a Tiny Little Bit Compliant with the GDPR
7 Things You Need to Know About Boomeresque’s Privacy Policy
1) Boomeresque has actually had a disclosure and privacy policy from the beginning of its existence. If you ever looked at it, raise your digital hand. Seeing none, I’ll proceed.
2) I respect your privacy, but you do know that anything you put anywhere on the internet might as well be sky writing. Right?
3) Apparently, every time you visit Boomeresque, you get a cookie on your browser. This cookie is a little bit of computer code with your IP address and something about what you looked at. Personally, I prefer chocolate chip cookies.
In actual fact, I have no idea where your cookies are or what they even look like IRL (in real life). However, I know you can opt out of leaving them by changing your browser setting to “incognito” or by telling it not to leave cookies. You can even find old, stale cookies (blech) and delete them from your browser.
The EU now wants me to insist that you affirmatively notify me of your desire to leave and receive cookies and other information from Boomeresque. Once if I figure out how to do that, I’ll let you know.
4) Some of you receive an email each time a new post is published on Boomeresque. This is because you are a friend or relative you subscribed to Boomeresque via email through an application called Feedburner. I suspect few of you have any independent recollection of subscribing, but thank you anyway. (This is temporarily disabled until I figure out why Feedburner is incompatible with my website security certificate.)
The European Union now requires me to remind that you don’t have to stay subscribed. There is an “unsubscribe” link both at the top and bottom of each email that informs you about a new post. I probably won’t hold it against you forever if you unsubscribe.
If I ever get around to starting the Boomeresque newsletter (perhaps during this decade), you will also be able to subscribe to and unsubscribe from it.
5) Boomeresque solicits comments on blog posts. In fact, we (who is really me, myself and I) absolutely adore when people who are obviously not busy enough are motivated to leave a comment. We adore it even more when people respond to each others’ comments — of course, in the polite and respectful manner for which United Staters are world renowned.
When you leave a comment, the comment form prompts you to leave a name, e-mail and the URL to your own website. You are not required to leave a URL to your website because if you actually have a real life maybe you don’t even have a website.
You are required to leave a name and an email address. You didn’t hear it from me, but you are not required to leave your real name or email address. Have you ever wondered why Mr. Excitement never leaves any comments on his wife’s blog posts?
For example you could say your name is InTheWitness ProtectionProgram and your email address is thisisnotmyrealemail@gmail.com. Of course, that might mean your comment gets caught in Boomeresque’s comment spam filter where it will languish with all the other spam comments, like those received from Russian bots.
I just checked Boomeresque’s comment spam filter. It currently has 1,454 suspected spam comments in it. I used to comb my spam blog comments looking for real comments to approve, but I have to go to the store, wash my hair, walk the dog, visit my aged mother, make dinner, watch cable news, Zentangle (to calm down from watching cable news), etc., so, yeah — no, your spammed comment will probably be added to the spam pile. Then, one day, when I am inexplicably imbued with a strong desire to practice good website maintenance, it will end up in the cyber trash bin—with the Russians. (Don’t worry, someone told me you didn’t collude with them and I absolutely believe that.)
6) Sometimes data about your visit to Boomeresque ends up with third party websites. (Trust me, they’re not very fun parties). For example, anonymous data will go to Google Analytics, so I’ll be able to see if anybody is actually reading my tortured prose.
Then, there’s our good friend, Amazon. Occasionally, but not often enough, you might stumble across an “affiliate link” to Amazon on Boomeresque. If you click on that link, you are whisked to the Amazon website listing for the product (probably a travel book) I was extolling. But then, let’s say, beatus miraculo, while you’re on Amazon anyway, you decide to purchase that smart TV you’ve been thinking about. Amazon will know you came from Boomeresque (probably something to do with cookies or something like cookies) and will pay me a well deserved but negligible commission (but if you buy the TV, it adds up). This is no way affects your price – except, I suppose, in a global, macro, advertising budget, kind of way.
I’m supposed to represent to you that any third party website that ends up with any of your personal data via Boomeresque complies with the GDPR. I have calls into Jeff Bezos, CEO of Amazon, and Sundar Pichai a/k/a Pichai Sundararajan, CEO of Google, (I googled it; that’s his real name), to make sure their websites are GDPR compliant. Rudely, neither elitist, really rich snob has returned my call. Despite being typically rather risk averse, I’m willing to go out on a limb here and assume they are GDPR compliant because 4% of their revenue (their potential GDPR non-compliance fine) is some serious change.
7) Words to live by: Just because you’re paranoid, does not mean they are not out to get you.
Important thing: I’ve referred several times to the fact that as of May 25, 2018, I’m still a licensed lawyer. However, I’m almost all the way recovered from 30 years of law practice. So, I’m not anyone in particular’s lawyer, especially yours. Consequently, none of my witty, but baseless ramblings about the GDPR should be construed as legal advice — or any other type of advice for that matter.
GDPR Resources:
The Beast: The General Data Protection Regulation in its original ridiculously complicated form .
An extensive article about the GDPR aimed at US corporations by the New York University School of Law, Program on Corporate Compliance and Enforcement. The General Data Protection Regulation: A Primer for U.S.-Based Organizations That Handle EU Personal Data.
GDPR for Bloggers / What to Know & Do by Julie Cohen of the Cork, Fork and Passport blog. Julie is the person who presented about the GDPR at the conference I attended. Caution: Do not read without wine.
The GDPR inspired Privacy Policy by Kris and Tom Bartel of the TravelPast50 blog. I’m sharing this one because I can almost understand it.
{ 20 comments… read them below or add one }
Thanks Suzanne. Loved your humorous explanation of a very confusing tangled web of legalese. This is by far the clearest writing I’ve read yet of the GDPR and I can see why zentangle might become a welcome refuge. When I get set to apply for my SS benefits later this year, I’ll be sure to drop a line … HAHA! Really, just kidding!! 😀
Ha! A glass of whine (I mean wine), isn’t nearly enough! I’m heading for the tequila!
What changes did you make to your existing privacy policy? I’ve had one too and wondering if I can just edit it.
I just told them to refer to this blog post. Check out the one Tom and Kris Bartel have. I linked to it at the end of my post.
Thanks for this! The humour makes it a bit more palatable. ☺ Just what we need – NOT! More ways to annoy our visitors. 😛 I downloaded the GDPR framework plug-in. It seems pretty thorough. Also, for those who use Jetpack, there’s a customizable cookie policy banner available as part of their suite of services.
Hi Suzanne! And thank you for make GDPR a (little) humorous! I LOVE the idea that it is G-Damn Protection Regulation. As a relatively small blogger, it is just crazy to me. I get that they want to make the big boys responsible for the data–and think that is admirable…but us little guys???? Oh well, I did what I could and have my fingers crossed that it is enough. Thanks for making me laugh (a little) about it! ~Kathy
I too prefer chocolate chip cookies.
I’m sorry. I glazed over (hee hee). Just kidding. I laughed. A LOT. My blog’s email marketing blah-blah, AWeber, sent a very concise explanation and a 10-point checklist to me. It actually cut through the bull crap and explained everything in layman’s terms. Or laywoman – which Alpha Hubby does, quite enthusiastically! Sorry. Naughty Nan, bad toad. You, however, have taken the explanation up to an Art Form that I thoroughly enjoyed. Thank you for sharing your cookies with me!! Oh, you know what I mean.
I have no plan other than to ask you to come out of retirement and respresent me if the EU comes knockin’. If that plan fails I’ll take a cue from Mark Zuckerberg and go on an apology tour.
LoL! I think I’ve gotten through all the gdpr crap and spent the last week doing updates on all my sites and clients. That, along with ssl, authorship (now null) and everytime Google gets an idea up its arse, no one probably cares but, oh well. Now my list is about 80% diminished trying to be a good girl while most people have ignored it altogether.
Authorship null? What’s up with that???
Thanks for writing this, Suzanne!
Good on idea on grabbing some wine to process all this better. Certainly how I also like to roll when dealing with legalese 🙂
Happy complying, and traveling!
We complied. I’m still waiting for warm chocolate chip cookies as a reward.
What a headache!! I appreciate you explaining it so clearly, but I still feel a little lost…I have been reading messages from every website I ever clicked on…alright, already, I get it — but well, I don’t really. Sigh. Did someone say warm chocolate chip cookies?
Your explanation is at least humorous. I am lost and waiting for a tech person to HELP. HostGator wants to charge me annually. Not really sure why I’m worried as I don’t make any money off the blog anyway. Even Amazon doesn’t make me enough to get paid in years. I have a privacy policy that is old yet seems to say what’s needed. I’ll settle with a chocolate chip cookie.
Tom and I got a bit of a chuckle out of the fact we completed compliance on time, but our access (from Europe) to the LA Times indicated they hadn’t: site temporarily unavailable while they try to figure it out:)
Oh, this GDPR thing is confusing, so thanks for the fun and informative post. For the record, I think I’ve done I what need to do. Let’s say it’s been a “good faith attempt” anyway.
Good faith works for me. 🙂
Oh dear! I’ve just started blogging & was researching other female bloggers websites.
I don’t understand any of the jargon & lm getting very confused. But yr article was very humorous. And l feel l have a long way to go. (In miles & learning(
Baby steps. 🙂 Every time I think I understand something,they change it and/or the next “thing” comes along.
Yup! Ignorance is bliss!