
Ask HN: Impact of GDPR on personal blogs / web sites / Google Analytics? - vram22
Hi HN, does anyone who has a personal blog or personal web site (maybe used to show bio and content related to professional work, but not a company), and who may or not use Google Analytics on their site or blog, have any knowledge of the impact of GDPR on such activities? 
Do such people need to take any GDPR-related action?<p>Thanks in advance.
======
idoh
This is not legal advice, talk to a GDPR lawyer if you want actual advice,
etc.

Google Analytics has tools in place where you can anonymize the IP address and
shorten the time data is retained. I'm guessing if you run a personal blog
that does not monetize via ads, then running up GA to max GDPR plus having a
disclosure on the page should probably do the trick. The main thing that you
are looking to do is to avoid collecting any personal data and to disclose
what you are doing.

Any cookies that are set should also be disclosed, I am sure that you see
those banners all the time.

~~~
vram22
Thanks. I do know that one should not take legal advice from random strangers
on the Internet, but thought of putting the question out anyway to see what
kind of replies I get, and so that I can think about them, as I am new to the
area of GDPR, as many people are. I appreciate your commenting.

I am not collecting any personal data myself - except if a signup form for
getting updates from me about my products is considered as that. It is a
Gumroad follow form, but I do have access via my Gumroad account to the email
ids of the people who sign up.

>plus having a disclosure on the page

What sort of disclosure do you mean? Would putting a message that the signup
form collects email addresses, be one such that I should do?

Anyway, I will read the official GDPR law's content.

~~~
idoh
Email addresses are considered personal data, and you need to explain what you
are going to do with them at the time that you collect them. Ideally, because
gum road is collecting them then you need to vet gum road too to make sure
that they comply with the GDPR.

So you would need to have some text on the form submission page to satisfy
their right to be informed, e.g. explaining that you are collecting the email
address in order to send product updates, and that you use gum road to manage
that.

In addition, check gum road to make sure that they comply with the GDPR,
because in this case they are holding personal data and you are liable for
whatever noncompliance that they have. They should have some type of page on
their site that take about what they are doing for the GDPR, and you would
want to check that over.

It is possible that someone that put in an email address would use their right
of erasure, in which case you as the controller would be responsible for
making sure that the email address is erased from everywhere including backups
in 30 days, so you would also want to check gum road as to how they handle
that, and also make sure that any email addresses you do collect do not wind
up in any backups that you cannot easily purge if you need to.

~~~
vram22
Thanks again. Will look into those aspects.

------
ecesena
Yesterday I've received an email from Google Analytics: [Action Required]
Important updates on Google Analytics Data Retention and the General Data
Protection Regulation (GDPR)

This is the summary:
[https://support.google.com/analytics/answer/7667196](https://support.google.com/analytics/answer/7667196)

~~~
vram22
Good info, thanks.

------
A_No_Name_Mouse
Article 2 of the GDPR says: 2\. This Regulation does not apply to the
processing of personal data: (c) by a natural person in the course of a purely
personal or household activity. I'd say this fits your personal blog; no
action is needed.

~~~
vram22
Thanks.

