Data Collection and your Role as a Data Controller
Under the GDPR as a blogger your take on the role of “Data Controller” and one of the first actions you need to take is to know exactly what Data you are collecting about the users and readers of your site.
Role of Data Controller
A controller determines the purposes and means of processing personal data.
As the blogger in control of your site, you are the person that chooses what data is collected and decides how it is processed or you partner with companies that do this. In which case you need to make sure you understand what is going on there too.
What Data is Collected
The most basic data that is collected is via the Logs on the server – these are part of your cpanel or cloud hosting. They are there for usage data and you don’t do anything with them unless there is an issue. If there is a problem then an error log on the server will show more details of it.
BUT…. you need to let your readers know that this is collected.
If you use Google Analytics then you are collecting more data they are a Third Party
- IP Address but it is not shown to you
- Time spent on site
- Pages visited
If you have enabled Demographics and in market analysis then a little more is collected by Google but you CAN NOT identify a user from this data
Commenting on WordPress
By default comments on WordPress require a name and an email address. Although an email address will never be shown in the settings it is personal data and you as a blogger control this it’s required so there is no option for people to leave a comment without putting in this data.
You can continue to collect this – although as Data Controller you need to think is there a purpose to it that makes it essential.
It’s a legacy system where once upon a time everyone that made a comment was automatically subscribed to your RSS feed. That doesn’t exist anymore. So ask yourself is this data on someone that comments essential, necessary and why you need it.
TO NOTE – If you have gravatars on your site then when an email address is left the person’s image if the email is connected with a gravtar account will appear. Where details of a person would have been only a name it personalises the commenter.
Here on The Blog Surgery and over on my main site Rainy Day Mum I have made adding an email address and name an option as well as disabled gravatars which has the added bonus of speeding up my site slightly -> More information about Site Speed and Gravatars over on Beauty Through Imperfection.
Another third party and depending on what affiliates you have you will need to include them and refer people to their privacy policies. In terms of what you need to know – they place cookies on the readers computer and then this tracks whatever.
YOU have access to none personalised data in the majority of cases which details products brought but no way to id who brought the product and use this data to work with brands and recommend similar products to your readers.
If you have a newsletter then you likely collect Name and Email address and this data is passed onto a Third Party which then is the data processor. At that point you control what data you extract still and what data is entered.
Some things to consider – do you track and tag how people are clicking through in the newsletters – if you do then this needs to be made clear to your readers and subscribers…
As different advertisers, networks etc… collect different data you need to speak directly them.
There is other data that you may collect – sit down look at your plugins, if you have a store that only sells digital products do you need a shipping address, billing address etc…
Sit down and write it out.You are writing your site, you should know what information you are collecting about the people on your site, it is your responsibility.
Once you have all of this data you need to take the next step in your actions to get ready for GDPR.