The GDPR headache | Pinnacle Newsletter #14
#14 The GDPR headache
On the 25th of May 2018, General Data Protection Regulation (GDPR) comes into effect. And, oh boy, it’s causing some headaches for freelancers like me.
GDPR covers data protection and the export of personal data outside the EU. It was actually adopted more than two years ago, but everyone is scrambling to make the necessary changes in the last few weeks before the deadline.
I handle only limited personal data – client names, contact details, manuscripts, and invoices – and have always complied with existing data protection legislation. But when I sat down this week and tried to piece together how GDPR would affect me, it soon became clear that I’d have to make some changes.
Ever since my original Pinnacle Editorial email address became too flaky to rely on (it was hosted by GoDaddy – enough said), I’ve used the same Gmail account for everything, personal and business. My interpretation of GDPR is that this will no longer be legal, although I’ve been able to find no definitive answer. Google mines data from personal Gmail accounts to sell to advertisers. It isn’t like a private, paid-for email service where everything is encrypted and security is a priority.
My website is minimal as far as information collection goes: there’s no longer any membership function, and I do not collect newsletter signups on the website directly. I’ve long since disabled analytics and comments.
What about the places where I actually store client data? I use Dropbox and Trello for that, plus a variety of local drives. While I’m satisfied that my local data-handling processes will be compliant, I have to trust that Dropbox and Trello will be up to speed by the 25th, as they’ve promised, because I rely heavily on both services.
I’ve already put my action plan into place. I have a new work email address (alex@pinnacleeditorial.co.uk, courtesy of Microsoft’s Office 365 Business Premium), and I’m in the process of crafting new T&Cs and a new privacy policy. I’ll also be conducting an audit of all the old client data and backups I have on site to make sure I’m only retaining data I can justify keeping. In due course, I will be publishing a formal notice on my website to explain how I have made my business comply with GDPR.
In an era when tech companies play fast and loose with our data, I support the privacy goals of GDPR. But if you run a small business then it will almost certainly affect you, and you may have to change the way you do some things. There isn’t much time left. If you haven’t looked into GDPR already, I suggest you do so now. A good starting point can be found here.
Recently published
This week, I was interviewed by Cathy at the Business of Adventure about what an outdoor editor actually does. You can read the interview here. You should also consider signing up to the Business of Adventure newsletter – I've found it consistently interesting, as it features a variety of people who, broadly speaking, make their living from adventure and the outdoors.
One-minute mountain: Helvellyn – the latest in my series of one-minute mountains for UKH.
I'm still focusing on the big website upgrade, so have published no new content this week, but you should check out the shiny new Scotland page. Much of the older backpacking and gear material will be getting updates this year to keep it 'evergreen'.
Links of interest
Behind the Scenes of Intrepid Magazine – this post from Emily Woodhouse, editor of Intrepid, is well worth reading for some real talk about the facts of outdoor publishing.
The revised edition of The Manaslu Adventure by Mark Horrell, which I worked on last year, is available now.
A polar medicine course in Arctic Norway – an insight into the world of polar medicine from Philippa Hardy, a new writer for TGO.
Carrot Quinn argues that wilderness is not an apolitical space.
How to win at GDPR for small business marketing – some useful pointers here.
From my commonplace book
In general, “your” inbox is not under your control at all; it’s other peoples’ ideas of what you should do – a task manager compiled by other people. Not looking at email is good.
– Charles Arthur
Until next time,
Alex
www.alexroddie.com