Now that GDPR has come in to force, it suddenly dawned on me that I may have to comply with GDPR regulations as I operate my blogging site allowing comments from the public and subscriptions to my blog. In order to find out if I needed to comply or not, I called the ICO office to gain some advice.
This is what they told me
- If I recommend a product that is mine or promote a product of someone else’s on my blog site, I must register and comply with GDPR. Honest and independent (i.e. you have not been paid in money or goods to review) product reviews without recommendation are exempt. Meaning your review must not steer your readers to use this product over a competing one.
- If my posts contain the name of a person or any data that can identify them I must register and comply with GDPR, this includes mentioning names of public figureheads.
- If commenters ask me directly for support / assistance and I engage in that transaction, I must register and comply with GDPR. However, if I respond publicly with ambiguous advice, I do not
- If I gather data for mail shots, newsletters no matter what the content is, I must register and comply with GDPR
- I do not need to register or comply with GDPR if a reader simply posts a comment publicly and I make no money out of that transaction
- AD revenue made on page visit alone means I do not need to register or comply with GDPR. If I used targeted Ads then I would need to register and comply with GDPR
Hope this helps fellow bloggers out there determine their GDPR status.