
Oh GDPR, what have you done - SyneRyder
http://alastairjohnston.co.uk/oh-gdpr-what-have-you-done/
======
SyneRyder
This was the second example I've seen today of a smaller website deciding it
is easier to shut down parts of their website, rather than attempt compliance
with GDPR. (The other was StreetLend, see
[https://news.ycombinator.com/item?id=16954306](https://news.ycombinator.com/item?id=16954306)
)

In this case, it affects me directly as a regular reader of Alastair's blog. I
got notifications of new posts via his email list, but he is deleting the
MailChimp mailing list because GDPR requires him to delete everyone anyway and
re-opt-in under new GDPR consent (even though the list was already
double/confirmed opt-in).

He's also deleting the entire Wordpress blog comment history, because it is
easier to delete everything than to individually contact all the commenters
and ask them to provide new explicit GDPR consent for previously posted
comments.

~~~
alastairj
There is also some greyness around Mailchimp hosting data in the US. In my
work environment we have been advised not to use them because of this and
choose providers with UK or EU hosting.

------
DanBC
Was he running the blog as a business? If not it's a personal thing, and GDPR
doesn't apply.

~~~
alastairj
But if it's a personal blog and I decide to sell products, it's then 'not'
personal and a business and therefore GDPR will then apply. Too many things
for me to be bothered with at this stage, so the easiest solution is to limit
exposure to it.

~~~
DanBC
But that's not new under GDPR.

If you were handling personal data in your blog and it wasn't recreational you
already needed to register with ICO (in the UK).

[https://informationrightsandwrongs.com/2014/08/17/ico-
indica...](https://informationrightsandwrongs.com/2014/08/17/ico-indicates-
that-non-recreational-bloggers-must-register-with-
them/amp/?__twitter_impression=true)

> However, I asked them for clarification on this point. I noted that I
> couldn’t see any exemption from the obligation to register, unless it was
> the general exemption (at section 36) from the Data Protection Act 1998
> (DPA) where the processing is only for “domestic purposes”, which include
> “recreational purposes”. I noted that, as someone writing a semi-
> professional blog, I could hardly rely on the fact I do this only for
> recreational purposes. The ICO’s reply is illuminating

> > _if you were blogging only for your own recreational purposes, it would be
> unlikely that you would need to register as a data controller. However, you
> have explained that your blogging is not just for recreational purposes. If
> you are sharing your views in order to further some other purpose, and this
> is likely to impact on third parties, then you should consider registering._

People keep saying GDPR is imposing new restrictions. Mostly it isn't - we
were just ignoring the restrictions that already existed.

------
qz3
Well, it's his fault, because he apparently doesn't understand how the GDPR
works.

~~~
alastairj
I do understand how GDPR works @qz3 as in my work I'm heavily involved in it.

What you misunderstood is that although I know there are ways I can make
things compliant, I don't have the time or inclination to do so as an
individual blogger.

