Now just a few weeks remain before the deadline for the General Data Protection Regulation (GDPR), so data protection advisor Jon Baines is here to answer your questions.
Today, Jon was asked:
Q: “As a blog owner am I affected by GDPR? If people have registered to receive email notifications, I assume I would be? Don’t think I have although i get notified from my football blog when i post."
A: "This is an interesting question. Unlike its predecessor law (the 1995 European Data Protection Directive, implemented in the UK by the Data Protection Act 1998) GDPR specifically addresses the issue of social networking (given that social networking as a concept didn't exist in 1995, it's hardly surprising the earlier law doesn't mention it!). What GDPR says is that when one processes personal data in the context of a "purely personal or household activity…with no connection to a professional or commercial activity" then that processing is outside its scope. So, for instance, personal data on home computers being held for purely personal reasons is not subject to GDPR.
"It seems to me that a blog could fall either side of this line though. Some people (I am one) run personal blogs which they use to promote their professional activities, even if they're not doing so as part of a business, or for profit – these will definitely be in scope of GDPR if they involve the processing of personal data (which could be as simple as naming individuals, or allowing them to comment or sign up for updates). Others will run blogs which are clearly just related to their personal household activities – these will definitely be outside scope. But in between those, there will be some about which it is not so clear.
"My advice would be that if people are concerned, they should contact the Information Commissioner for advice (www.ico.org.uk). Of course, even if GDPR itself doesn't apply, that doesn't mean that people shouldn't take sensible precautions about the things they might post, and about security, such as using robust passwords and enabling two-factor authentication."