How the GDPR affects you (and yes, it definitely affects you)

Executive Summary

Standard disclaimer: We are not lawyers, even though sometimes it sounds like it from the arguments around the dinner table. We are providing this information to the best of our knowledge, but it does not constitute legal advice. We also do not possess “the Force,” no matter how much Dan insists he moved the salt shaker.

The General Data Protection Regulation, or GDPR, is an updated law from the European Union governing data control, and it affects the internet in a big way. We’re going to try to keep this as short as possible (and it’s still pretty freaking long), so we’re going to skip the legislative history. However, because there’s no legal precedent to tell us exactly what’s changing, it’s best to look at it from base principles. We urge you to read this introduction, because it really helps to understand why the suggestions may seem so drastic.

Details, Tips, Recommendations & Takeaways

The largest change in the GDPR comes from a philosophical standpoint.

Many of the internet’s largest revenue streams stem from the idea of websites owning all the data they can collect on their users. The view is that when you visit a site, you are essentially telling the site you’re visiting that its owners can do whatever they want with your data.

It’s not even necessarily restricted to the internet — anyone who’s bought a car or gone to the bank in the last 10 years has probably received some page-length legal document about what that organization can do with your information in regard to marketing. And you, as the consumer, typically have the choice of letting them do whatever they want with your data, or not having the service provided to you.

The GDPR flips that idea on its head. Its base propositions include:

• Users own their own data;
• Websites (as it relates to us, but it’s really business in general) can only ask for information required to perform the service requested;
• Websites must get affirmative consent for all that data to be stored and what will be done with that data;
• Websites/companies are required to let users know what data the companies have stored about them, and to provide that data upon request;
• Websites/companies are required to erase the data if requested by the user;
• Websites/companies can only store data for certain lengths of time;
• Websites/companies are responsible for the data that they have collected (including notifying users and regulatory bodies of breaches VERY QUICKLY)

Funnily enough, most of us probably agree with those things as users, but are terrified of them as business owners/operators.

On the face of it, all of that sounds really hard to do for people who are just interested in blogging or opening a mini-store. And that’s true: In order to comply with these regulations, a lot of self-hosted or self-managed bloggers/business owners are going to have to learn more about what their website/store is actually doing.

However, in the long run this isn’t really a bad thing. Knowing what tools you have, what they’re doing and how they operate should actually increase your skill and enhance your business. We can’t tell you the number of times people told us they have installed plugins or started tracking things (analytics, sales, etc.) without actually having a plan for what they’re going to do with that information.

Plus, getting your site more secure and protecting the privacy of your users is pretty important even if it weren’t legally required.

Get more great advice

* Free setup only includes the setup of the new tools and services. If you need to migrate information from an existing tool or service (e.g., from a different membership plugin/program), that would incur an additional cost for the work at our (discounted!) hourly rate.