Once I receive a GDPR request I will comply with it promptly, but bear in mind I'm a human being with a day job, and this blog is a peripheral pursuit. If your requests become an irritant (e.g. if you request multiple fiddly comment deletions or edits across multiple threads) I may just erase all your content and ban you from the blog in future. (GDPR gives you a right to be forgotten; it does not impose an obligation to be remembered.)
I hope to get Charlie Stross’s permission to use his text as a staring point for my own GDPR compliance notice.
Due to concerns about my legal responsibilities around compliance the European Union General Data Protection Regulations, I configured my Wordfence web application firewall (WAF) to block all traffic origination in EU member countries. While some people think this was an extreme move, a lack of clarity around what is expected of small website operators and that I operate an information technology related consultancy, left me feeling vulnerable. Until I could understand what/if I needed to do to comply with GDPR's "right to be forgotten", I simply did not want the risk.
Today, I have removed the WAF rules that restrict traffic originating in the EU. Automattic, the company behind WordPress.com and the supporters of WordPress.org, have updated/are updating JetPack and other properties to comply with the GDPR. Currently, my self-hosted WordPress uses the Jetpack plug-in to handle things like comments and website traffic analysis. This moves some of the risks off to Automattic. They will be the data controller for information collected via comments and website analytics.
I have added "Do Not Track" code to my WordPress config via JetPack. According to Automattic.
Any piece of data explicitly identifying a specific user (IP address, WordPress.com ID, WordPress.com username, etc.) is not visible to the site owner when using this feature. For example, a site owner can see that a specific post has 285 views, but he/she cannot see which specific users/accounts viewed that post.
Stats logs — containing visitor IP addresses and WordPress.com usernames (if available) — are retained by Automattic for 28 days and are used only for the purpose of powering this feature.
Comments on my blog will be restricted to what JetPack and Webmentions provide. I expect that JetPack comments will soon have the ability for commenters to delete comments, allowing compliance with GDPR requirements. I expect that people using Webmentions understand how they work and understand that they can delete a comment by sending another Webmention to do so.
I do not intend to collect any information on visitors or commenters to this website other than what JetPacks collects.
I am basing my decision to remove the WAF rules based on the changes that Automattic is making and also on guidance in this codeinwp.blog post. Also, Wordfence has applied "for the Privacy Shield certification program for both EU-US and Swiss-US and will soon have available a Data Processing Agreement" for EU customers who need one.
I guess what's really pissing me off is that although I live in the United States of American, some fucking European law can reach across the ocean and potentially affect me. That, that pisses me off!!
6:15-7:15 GDPR - Will We Make the Finish Line? Mike Money, Protiviti - Global Data Privacy Regulations becomes fully enforceable on May 25, 2018. Have you implemented the right to be forgotten? Should you?
7:15-8:15 PCI's New Guidance on Cloud Security, Protiviti - Details to folow
PCI DSS & GDPR Compliance Event with (ISC)2 New Jersey Chapter
6:15-7:15 GDPR - Will We Make the Finish Line? Mike Money, Protiviti - Global Data Privacy Regulations becomes fully enforceable on May 25, 2018. Have you implemented the right to be forgotten? Should you?
7:15-8:15 PCI's New Guidance on Cloud Security, Protiviti - Details to folow
I would love to catch up with the folks in the New Jersey Chapter of the ISC2 and I have a special interest in the GDPR. I'm not sure if I'll be working in Manhattan or New Jersey that week. My attendance at the event is dependent on that.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to using ALL the cookies. However, this website has no interest in selling your information. It does not explicitly use social media cookies from Facebook, Google, Twitter, Threads, Instagram etc. Read More
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie
Duration
Description
cookielawinfo-checkbox-analytics
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional
11 months
The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance
11 months
This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy
11 months
The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.