alt text
alt text

Login as existing user

Get started free
  • Blog
  • What does GDPR compliance mean for personal websites?
Categories

What does GDPR compliance mean for personal websites?

Simon Coulthard March 01, 2022

3-minute read
GDPR & Data Privacy Regulations

GDPR compliance for websites is kind of a big thing.
 
The data privacy law has had a seismic impact on companies around the world, who are now forced to increase security around the digital information held on EU citizens and residents.
 
No doubt, you have felt these tremors or heard about the huge fines imposed on companies for the misuse of personal data and are wondering what GDPR compliance means for your own personal website or blog.

Ultimately, if you run a personal website in your spare time and you’re not making any money from it, then you have nothing to worry about.
 
Beyond this however, there are issues that can mean that your website falls under the scope of GDPR.

Let’s break this down.

GDPR and Personal Data

GDPR exists to protect the personal data of people living in the European Union. As such, if you’re not processing personal data, then it is not worth a second thought.
 
Under GDPR however, personal data is a much wider category than you might think. It includes any information that can be used to identify someone – something that is explained in more detail in another one of our blogs.
 
Practically, this means that you may need to consider GDPR compliance if your personal website contains a comment section or newsletter subscription option. 

It also applies to any website that allows users to register, input their personal details, or request notifications via email, for instance.

What is a Personal Website?

Websites don’t have to be all business, and many people create websites so that they can explore passions, share feelings, or just talk about what’s going on in their private lives. 
 
These things are sometimes called “personal websites”, but they’re also known as blogs and online diaries – it’s all the same thing.
 
But as far as GDPR is concerned, it’s important not to confuse these with social media like Facebook and Twitter or blogging sites, like Medium and Substack.
 
If you’re using these sites, then you don’t have to worry about privacy laws, since GDPR considers them to be the “data controller”. This means that they are accountable for any personal information posted there – not you. 

However, this still assumes that any personal data you process through these platforms is done only for personal activities.

What Does GDPR Say About Personal Websites?

This is covered in Recital 18, which states:
 
“This Regulation does not apply to the processing of personal data by a natural person in the course of a purely personal or household activity and thus with no connection to a professional or commercial activity. Personal or household activities could include correspondence and the holding of addresses, or social networking and online activity undertaken within the context of such activities. However, this Regulation applies to controllers or processors which provide the means for processing personal data for such personal or household activities”.
 
This part of GDPR – otherwise known as the “domestic purposes” exemption – means that, if your website collects personal data (including IP addresses), then it is exempt from GDPR if you are running it for personal reasons.
 
However, if you’re selling merchandise for instance, then GDPR would classify you as a business and you need to get your data ducks in line.

chart.svg

Maximize Your Website's Potential with Privacy in Mind

No cookies for tracking data. 100% GDPR & CCPA compliant tracking. No data passed on to third parties. 
Start today with our free forever plan!

Let’s get startedcircle-arrow-right.svg

What about Sole Traders and Micro Businesses?

Unfortunately, GDPR compliance is not only limited to big companies.
 
It affects any business that collects information about EU citizens, regardless of whether it’s only your grandma selling her homespun knitwear.
 
However – and this is rare in the internet age – you don’t need to worry about GDPR if you’re not using your website to bring in money. 

So, if it’s not set up to take orders, doesn’t have a contact form or collect any personal data, then hooray you’re free from the all-seeing eye of GDPR.

What About Personal Websites and Analytics Software?

Website analytics – such as Google Analytics, Spring Metrics, and our very own TWIPLA – is software that monitors how visitors interact with a website.
 
These are fun tools to integrate into personal websites because they tell you how many people are reading what you post. We all like to stroke our egos from time to time.
 
However, if you’re using this software, you need to ensure that it’s not collecting data behind the scenes – if so, you’ll need to tinker with the settings.

The Bottom Line

If you’re both making money from your personal website and holding personal data on people living in the EU, then you’ve chosen the wrong year to go digital!
 
If so, then you’ll need to investigate GDPR’s compliance guidelines and take steps to ensure that you don’t fall foul of data privacy enforcement and the fines that come with it.

Our GDPR handbook for marketers is a great place to start, while our website contains a wealth of information about GDPR compliance for sole traders – feel free to visit our portal and find out more.

Get Started for Free

Gain World-Class Insights & Offer Innovative Privacy & Security

Categories
You might also like
Why You Don't Actually Need a Cookie Banner
Why cookie banners aren't necessary
05 April 2024 - by Simon Coulthard
Why You Don't Actually Need a Cookie Banner
What is GDPR. Implications of GDPR on Marketers
what-is-gdpr-implications-of-gdpr-on-marketers.jpg
09 February 2022
What is GDPR. Implications of GDPR on Marketers
Cookieless Tracking - the Privacy-First Solution to Website Analytics
cookieless-tracking-the-privacy-first-solution-to-website-analytics.jpg
17 March 2023
Cookieless Tracking - the Privacy-First Solution to Website Analytics
mail-insigh.svg

Insights to Your Inbox

Receive a monthly summary of website intelligence news, advice, and also product updates. And don't worry, we won't tell sales!

SUBSCRIBE

Read next

SCHUFA: ECJ Rules Credit Agency Processes Violate GDPR
SCHUFA - GDPR - Court Decisionn
11 December 2023 - by Simon Coulthard
SCHUFA: ECJ Rules Credit Agency Processes Violate GDPR
Meta's 2024 Twist: Facebook Subscription with Opt-Out Tracking Charges
Facebook Subscription - Meta Charging Users Who Want Their Privacy Rights - TWIPLA Website Intelligence
23 October 2023 - by Simon Coulthard
Meta's 2024 Twist: Facebook Subscription with Opt-Out Tracking Charges
23andMe Privacy Mess: Hacker Steals Millions of Profiles
23andMe privacy - customer profiles available on Dark Web - TWIPLA Website Intelligence blog
16 October 2023 - by Simon Coulthard
23andMe Privacy Mess: Hacker Steals Millions of Profiles
German Data Privacy Laws: Why They’re So Uncompromising
German data privacy laws - why privacy matters in Germany - TWIPLA website intelligence
05 October 2023 - by Simon Coulthard
German Data Privacy Laws: Why They’re So Uncompromising
up-arrow.svg