You write a blog and someone reads your blog and comments, or maybe they read your newsletter.
Or you sell something online – a pen, a book, a woolly hat, an iPhone case – and you get paid. You have the name, address, email address, and maybe some other information such as a birthday (and the customer’s liking for woolly hats).
Surely, none of it is the kind of stuff that the framers of GDPR (the General Data Protection Regulations) are really worried about.
Well, yes, the credit card data – but that wouldn’t require all the rest of the GDPR requirements.
Surely, what the framers of GDPR are worried about is people who have other people’s ‘sensitive personal information’ – racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health, or data concerning a natural person’s sex life or sexual orientation – as it is described.
What happens in reality is that we all get swept up in the dust storm and have to comply. In the pre-digital age, whenever governments brought out these kinds of regulations, businesses went to see their lawyers. Of course, there were far, far fewer businesses.
And the printers rubbed their hands with glee at the thought of all those reprints they would be asked to do – of brochures and leaflets and notices – all the stuff that would be necessary.
But in the digital age where we do it all ourselves, I just see a pain in the behind for thousands and thousands and thousands of bloggers and small businesses when it is surely blindingly obvious that 99.9% of what is intended to be protected has nothing at all to do with those bloggers or those small businesses.