I presume I have been living under a rock for the last two years, or maybe I was just busy with everything else I do, but about a week or so ago, I heard about the new data protection regulation coming into effect on 25th May (cue a moment of full-blown panic as I’ve done nothing for it). I’ve taken some time to read up on it, and am going to write my findings here, more as a checklist for me to work through, though it may help other editors in my position.
The GDPR relates to data collected and held within the EU but I’ll be tweaking a few things for all clients as it’s easier that way.
Step one is to do an assessment of what data I hold.
- Newsletter subscriptions
- Manuscripts that I have edited or am yet to edit.
- Email addresses – via email accounts and WordPress (if anyone signed up to follow the blog via email).
- Client Paypal addresses.
- Data stored in my accounting software for the purposes of reporting my earnings to HMRC.
In addition to this, WordPress (and by default, this website) collects data via:
- user registrations
- comments
- contact form entries
- analytics and traffic log solutions
- any other logging tools and plugins
- security tools and plugins
From what I have read about the GDPR, it gives EU citizens more control over their personal details and how it is stored and used. It also gives them the right to withdraw their consent.
I believe I am compliant (mostly), but I still need to assess the above and do some tweaking here and there.
Step two will be to check that all websites, software and/or plugins I use for the daily management of my business (email/host/plugins etc) are GDPR compliant.
Step three will be to ensure that every element of my business is compliant. Once I have everything in place I will update my privacy policy, terms & conditions, and contracts.