GDPR compliance for websites is kind of a big thing.
The data privacy law has had a seismic impact on companies around the world, who are now forced to increase security around the digital information held on EU citizens and residents.
No doubt, you have felt these tremors or heard about the huge fines imposed on companies for the misuse of personal data and are wondering what GDPR compliance means for your own personal website or blog.
Ultimately, if you run a personal website in your spare time and you’re not making any money from it, then you have nothing to worry about.
Beyond this however, there are issues that can mean that your website falls under the scope of GDPR.
Let’s break this down.
GDPR and Personal Data
GDPR exists to protect the personal data of people living in the European Union. As such, if you’re not processing personal data, then it is not worth a second thought.
Under GDPR however, personal data is a much wider category than you might think. It includes any information that can be used to identify someone – something that is explained in more detail in another one of our blogs.
Practically, this means that you may need to consider GDPR compliance if your personal website contains a comment section or newsletter subscription option.
It also applies to any website that allows users to register, input their personal details, or request notifications via email, for instance.
What is a Personal Website?
Websites don’t have to be all business, and many people create websites so that they can explore passions, share feelings, or just talk about what’s going on in their private lives.
These things are sometimes called “personal websites”, but they’re also known as blogs and online diaries – it’s all the same thing.
But as far as GDPR is concerned, it’s important not to confuse these with social media like Facebook and Twitter or blogging sites, like Medium and Substack.
If you’re using these sites, then you don’t have to worry about privacy laws, since GDPR considers them to be the “data controller”. This means that they are accountable for any personal information posted there – not you.
However, this still assumes that any personal data you process through these platforms is done only for personal activities.
What Does GDPR Say About Personal Websites?
This is covered in Recital 18, which states:
“This Regulation does not apply to the processing of personal data by a natural person in the course of a purely personal or household activity and thus with no connection to a professional or commercial activity. Personal or household activities could include correspondence and the holding of addresses, or social networking and online activity undertaken within the context of such activities. However, this Regulation applies to controllers or processors which provide the means for processing personal data for such personal or household activities”.
This part of GDPR – otherwise known as the “domestic purposes” exemption – means that, if your website collects personal data (including IP addresses), then it is exempt from GDPR if you are running it for personal reasons.
However, if you’re selling merchandise for instance, then GDPR would classify you as a business and you need to get your data ducks in line.
What about Sole Traders and Micro Businesses?
Unfortunately, GDPR compliance is not only limited to big companies.
It affects any business that collects information about EU citizens, regardless of whether it’s only your grandma selling her homespun knitwear.
However – and this is rare in the internet age – you don’t need to worry about GDPR if you’re not using your website to bring in money.
So, if it’s not set up to take orders, doesn’t have a contact form or collect any personal data, then hooray you’re free from the all-seeing eye of GDPR.
What About Personal Websites and Analytics Software?
Website analytics – such as Google Analytics, Spring Metrics, and our very own Visitor Analytics – is software that monitors how visitors interact with a website.
These are fun tools to integrate into personal websites because they tell you how many people are reading what you post. We all like to stroke our egos from time to time.
However, if you’re using this software, you need to ensure that it’s not collecting data behind the scenes – if so, you’ll need to tinker with the settings.
The Bottom Line
If you’re both making money from your personal website and holding personal data on people living in the EU, then you’ve chosen the wrong year to go digital!
If so, then you’ll need to investigate GDPR’s compliance guidelines and take steps to ensure that you don’t fall foul of data privacy enforcement and the fines that come with it.
Our GDPR handbook for marketers is a great place to start, while our website contains a wealth of information about GDPR compliance for sole traders – feel free to visit our portal and find out more.