As it’s the one year anniversary of GDPR when I wrote my GDPR for bloggers blog post (which was read by over 30,000 people, wow). I thought I would check in with a few things you should be doing to maintain GDPR compliance now 12 months has passed.
6 simple steps of actions you can take this May to ensure you maintain GDPR compliance:
1. You need to pay your renewal registration fee to ICO. Yes, this is super annoying but you will be fined if you are late or if you don’t do it. I suggest you do it by direct debit and then you don’t have to worry about it again and you get a £5 reduction. Unfortunately, they only let you do this by a postal form and you need to have paid by 20th so you need to get a hurry on to do this if you want to.
2. You should go back through your processing logs from a year ago and check that it is all up to date. (If you don’t know what processing logs are then be sure to read my GDPR for bloggers post where I talk about them in depth.) Are you doing anything new that might be processing data in a different way? Once you have updated then save a new version of the file so you have it for your records should ICO ever make an investigation. If there are any changes to your processing logs you may then need to update your Privacy Policy and Cookies Policy. It’s worth a quick check in to make sure you are complying still as ICO requires you to be checking regularly. I wouldn’t push it past a year without demonstrating you have had an internal audit.
3. It’s a good point to have a clear out of any personal data you might have somewhere that you no longer need. Prize winner addresses, email addresses etc. Is there anywhere that you can minimise your risks.
4. Is your security as up to date as possible? Lots of bloggers were on Pipdig – has that affected your security at all? Is your host secure? Is there anything you could do to increase your security. Are there plug ins that you no longer need? It’s a great time to check in. If someone hacks you then you still have to report to ICO and you are still held responsible.
5. Respond to the new Data protection and Journalism code of Practice survey. ICO are seeking views from those in journalism or the media as they develop the code of practice. They have specifically welcomed input from bloggers. The deadline for submissions is 27 May 2019. Given that bloggers are shoehorned in under this category it would be prudent for as many of us as possible respond to it and tell them what kind of guidance we need.
6. Register for the ICO’s news updates. Their emails are really informative and keep you up to date with all things data protection. They don’t bombard you and you can read all about the organisations who have been fined and why.
I know these might seem like a pain in the bum and you might be thinking why should I bother, they’ll never prosecute a small fry like me but it’s worth it for the peace of mind alone. Also, prosecution aside, it’s worth it for your readers and followers. You owe it to them to be doing everything you can to protect their data. It’s the least we can do in exchange for their support. I’ll be doing these 6 steps, will you? If there is anything you think I have missed then let me know in the comments.
I’m new to blogging and needed to update my private policy badly. Your post gave me the kick up the bum to do that so I’m not compliant. Thanks!
ICO, I presume that’s only applicable to UK bloggers.