Skip to content

GDPR. GDPR Everywhere …

    The GDPR scare afforded us the opportunity to clean house

    On May 27 the GDPR/DSGVO took complete effect and our websites will never be the same. The law came into effect all the way back in 2016, but we were given a two-year grace period to bring our websites up to standard. For many people the law came from nowhere and compliance was left to the last minute – which was sort of like leaving a homework assignment from 10th grade until the bus ride into school the morning you are going to graduate from high school. :o)

    What a Month

    Social media went sort of berserk, at least here in Germany – according to #DSGVO was 9th in the top ten hashtags used in May and almost doubled in popularity between March and June. In English #GDPR was however not nearly popular enough to make the top ten … which might say something about German efficiency.

    Amidst the stress many of us were thankful for the many moments of brevity. We should all be thankful the tracking data websites all use is called a cookie for instance. Something we owe Lou Montulli who coined the phrase while working at Netscape.  Thanks Lou!

    Among the good times were also frowny moments as we saw many over-priced and unnecessary offers of assistance. This was not a time to prey on especially small businesses and people who needed realistic and sensible advice rather than hundreds of euros of over billing. Thanks go out to the many free checks and offers that were available by good companies and good consultants.

    When we talk of personal data protection we were this month still thinking in terms of emails, websites, and perhaps personal assistants like Alexa.  Very soon, however, we may need to be thinking of protection in other terms – the Internet of Things will not only mean refrigerators, coffee machines, and cars, but also other items made for our personal convenience. Such as sex robots. “Safe sex” with devices connected to the internet will take protection to the next level:

    Shenzhen Atall Intelligent Robot Technology is one of China’s leading companies for robots equipped with AI (artificial intelligence). Among the company’s various AI robot products, its best-selling is an AI sex robot named Emma. The multi-functional machine is linked to the internet and Android operating system and features high stimulation capabilities. (

    The Silver Lining

    In all “GDPR-geddon” was an opportunity to do that which we might normally not do – keep our websites up to date, and compliant – not only legally but compliant with and serving the user stories needs of our websites. Does our site need this plugin? Does it really need Google fonts? Is a contact formula so much more necessary than an activated email address? Does this social media feed need to be here considering we don’t post more than once a month? Why is our website dropping crumbs from 56 cookies and where do they come from? At the very least we can review the frameworks and toolchains that make our site (possibly, probably) load like a walrus.

    The GDPR scare afforded us the opportunity to clean house – tidy our websites, remove old users, clarify content, remove unwanted functionality, and in some cases even give us pause to review the entire CMS (which in one case even gained us a new client). This process is something that should be done monthly rather than bi-annually, so I hope that for many website owners this was a real wakeup call. I also hope that website owners will now start to understand and appreciate what goes on under the hood of their site every day. If you drive a car, I must assume you have some experience maintaining your car. So why not your website? Sometimes getting your fingers dirty will make you appreciate something that much more.

    Ask for May, Settle for June

    Miss the May 27th deadline? These things happen. Important is showing you tried and you care, and, it’s only the first week of June. If you have a small website, like most of us, you can make all the necessary compliance updates within, probably, a maximum of two hours. Let’s get started!

    What did I do for my clients? What should you do if you were on an Antarctic expedition and just got back to your site … ?

    • +SSL – secure https: vs just http: (provided free in most hosting packages) website. A must have.

    • +Cookies Notice – as all websites use cookies this is like your car asking if you are sure you want to brake … but anyway. Good chance to see what cookies your site is producing anyway. Should say “I accept” not “Got it”.

    • +Update your Data Protection and Imprint pages. Also always a good idea, especially if you don’t have one or the other. Best ot have both.

    • +Do you use a Contact form or in any other way allow people to submit data on your site? You will need to have them confirm again that this is ok. You will also need a process in place to allow them to opt out and delete any data they have previously submitted. So … do you really need a Contact form or Newsletter form?

    • +Google analytics? – put it right up front in the cookie acceptance and include an opt-out cookie. Ironic but …

    • +Google fonts – do we need google fonts? This is a good example of how things were always free but at some point, nothing is for free. Things like external fonts need to be stored and called locally, from your own server.

    • +Social Media. Yes, we take it for granted but … better to make people aware that there is tracking both from and to your site …

    Going Forward – We Have Short Memories

    Will GDPR change anything? Probably not for the websites of we little people. Most laws are there to make us feel safer, rather than actually making us safer. I doubt that facebook, google etc are much worried nor that it will change their data collection and distribution. In Germany the Impressum (Imprint) page has been necessary (in its current form) since 2006. I remember the hysteria that caused as companies began receiving invoices from unscrupulous firms charging them with non-compliance. However, the Impressum law has been around in Germany since 1530! (Predating many of our favourite websites.) The penalty for non-compliance with the Impressum law is 50 000 euro, but this does not seem to bother most website owners. Many still do not have the telephone number of the person responsible for the website; and … it should be there.

    Bigger questions than the website of the local bakery or sports club noting our visit to their sites, or how safe we may now feel about facebook (cough cough), are the fodder for wine and garden parties. As I wrote earlier this year, access to information was seemingly always “free”. The Washington Post’s answer to GDPR compliance is a new EU Premium Subscription of about 100 US$ a year … and that will be the bell opening the gates.

    As Larry Downes wrote in his recent article (April 9, 2018 Harvard Business review) : As information collection and use become more expensive through GDPR … consumers will pay the price, directly and otherwise. The transition will be chaotic and even traumatic for users weaned on free stuff, many of whom will be unable to pay for services that are no longer ad-supported and are less personalized. Our great global conversation may become both quieter and more insular. For those who can afford it, the EU’s new deal for data will make interactions feel more private and less, well, creepy. … however, What about the rest of us?

    We must always give something to get something, even when that something is out of sight out of mind – there is no free lunch. While we may feel that the tracking pixel and personalised ads were a subtle intrusion into our lives, we should keep in mind that our digital culture did not jump into being the moment computers went online. Our digital habits, especially our habits as consumers, have their roots in both the online and offline world with links far predating the world wide web. These components are both persuasive and historical. We should therefore be prepared for what business (and government) have in store for us as we begin to feel that our data “is safe”. Safety is often just a trade-off for performance – or worse, for control.

    A Good Article About Website Upkeep:

    Is Your Site Secure?:

    Interesting Articles on Data Collection and our Digital Culture

    My Posts on Our Digital Culture