confusing train tracks

Navigating the GDPR

*Note: I am not an attorney. This is intended to be an encouragement, but should not take the place of sound legal advice. You are responsible to research the GDPR for yourself!

Let’s start with what the GDPR is.  GDPR stands for General Data Protection Regulation. It is a set of laws and guidelines that were accepted by the European Union and that take full effect on May 25, 2018.

Forget all of the hype you may have heard, and let’s look at this from my usual practical implication approach.

This is about protecting the privacy of people who use our websites. One of the rules simply states that this should be the #1 priority of a website owner when creating a site.

Wow. Okay, so maybe that hasn’t been our first priority in the past, but when you think about it…doesn’t that sound like a good thing? What if all of these big companies that have been slurping up our private data like it was soda pop actually took that concept to heart? The webworld would be a much better place.

The European Union wasn’t being idealistic when they made this a goal. They knew some greedy power-hungry companies wouldn’t do it willingly. So they added a catch. Do it or be fined. And not a small fine, either. Since the worst offenders are BIG companies, they added BIG fines.

And of course those big fines are terrifying small website owners.

Yes, you need to comply with the GDPR even if you are small. But understand: you want to comply not because you are worried about a big fine, you should comply because you are worried about your customers. You want them to feel safe using your site, right?

People are going to get used to the new rights they have under this new legislation and they’re going to want to work with people who value their privacy. You want them to work with you? You want them to feel safe.

It doesn’t matter where you are in the world. If you offer services to any citizen of the European Union, this legislation applies to you.

The bones of the law make good sense. Even if you don’t work with citizens of the EU, you may want to do this just because it is a good idea.

Let’s cut to the central rights that the GDPR grants to people (The GDPR calls them data subjects…but I’m going to call them people. Yes there are some legal technicalities that this is glossing over. See the important Note at the top of this post.):

Breach Notification

People have the right to be notified within 72 hours if their data has been exposed in a breach. Wouldn’t that be nice? Can you name 3 companies who were breached lately who didn’t notify people for more than 72 hours? How did you feel when you found out that your data was out there on the internet? Or did you not know that it was? I’ve had to notify a couple of people that their username and password combination has been flagged by my security software because it was freely available on the internet. That is never a fun conversation to have.

Right to Access

People have the right to know what you’re storing about them and where you are storing it.

Right to be Forgotten

People have the right to request to be removed from your website and have you delete everything you know about them. Everything. This reminds me of a writer who had posted an ill-conceived comment on a website. Years later, her agent had an issue with her public profile because guess what the #1 search result was for her name? Yep…that inappropriate comment was costing her sales! She really wished that could be forgotten. Now it can. It also means that when you ask someone to take you off the mailing list, they’d better do it!

Data Portability

I’ve got to admit that this one has me baffled. If a person asks for the data that you have on file for them, you have to give it to them in a format that they can take elsewhere. This doesn’t apply to any of my clients’ websites, because why would you ask someone for a copy of your email address??? But when I think of it in relation to a big company like Evernote, it begins to make sense. It begins to make a lot of sense. I’m not sure how site owners are complying with this one, but it is interesting.

What this means for website owners:

There are a few key rules for website owners. These must be followed and if possible documented in such a way that your documentation is clear and easily understood.

Privacy by Design

That’s what I started this blog with. You simply must make customer privacy your number 1 priority.

What does this look like? You should immediately look at your website and look at what data you store about people. If you don’t need it, delete it. The goal of the law is not to make it so that you can’t have data. It just says that you need a valid reason to keep that data. If you don’t need it, don’t ask for it.

The law also has some verbiage that makes some subjects more sensitive than others. Things like religion, sexual orientation, and politics are all sensitive subjects. If you’re going to store that sort of data about someone, you’d better have a VERY good reason and you’d better protect it like it could cost someone their life. Why? Because in some parts of the world that information COULD cost someone their life.

Data Protection Officers

Each website must have someone who is responsible for protecting people’s data. That person can’t be a secret. You have to make contacting them easy. In larger companies, it seems like there may be additional requirements, but it seems to me that for small one-person-run websites, the owner needs to take responsibility for this job the same as the owner of a one-person-business takes responsibility for all the other jobs. You can outsource this and hire someone to do it for you. However, that person needs to not have any conflicts of interest related to the job and they need to have the ability to do their job.

This means that if the data protection officer sees you doing something wrong, they need to be able to immediately stop you from doing it. If that means that you need to shut down your website, they need the authority to do it.

Unless I hear otherwise, I’m recommending that all of my small clients take on this role and take it very seriously. Back to: customer privacy has to be your number 1 priority!

I’m sounding like I’m stuck in a loop, but that’s the heart of this legislation.

Consent is Required

You can’t just check a pre-check a box and have people added to your mailing list. That box needs to be unchecked. People need to know what they’re signing up for and they need to check the box themselves.

Be Clear about What you Collect

This is actually the hard part. You have to look at your website and see what data you are collecting. Then you have to review your plugins and make sure that data isn’t being sent away. Use anti-spam technology? That data is being sent away. This doesn’t mean you can’t use anti-spam. It just means that you have to tell people that you are using it and let them know who you are sending what data to. You need to tell people where that data is going to be stored, for how long, and what the people getting that data are going to do about it.

This takes the form of an amazingly detailed Privacy Policy.

But wait — these aren’t just ANY privacy policies. These are special. These are new. These are easy and fun to read.

Seriously? These are legal documents. Legal documents aren’t fun to read. No one reads privacy policies. We just check the box and grimace.

Not any more. Under this law — this legalese riddled HUGE, unreadable law that no one is really 100% sure they fully understand — under this law, those privacy policies must be easy to understand. You will probably already have noticed that major companies are sending out updated privacy policies. Have you read any of them? If you are a website owner (or a human) you should read them. Take notes. Those companies have paid a lot of money to have those policies written for them. They’ve worked hard to meet this requirement. You should read the privacy policies. You’ll notice a difference between modern (GDPR) ones and what you’ve seen in the past.

Delete What you Don’t Need

If you don’t need something, delete it. If you don’t have permission to have something, delete it. Get active permission from your users.

If someone asks you to delete their information: do.

Bottom Line

Treat people’s information like it is the most precious part of your website. Make data privacy your #1 priority. Use SSL and plugins like WordFence to keep that data safe. Do everything in your power to prevent data breaches. Keep only what you need and make sure people know what you have and where you are storing it. Make sure they agree to your having that information. Tell them why you need it. If someone asks questions about their privacy, answer them promptly.

The intent of this law is to start with a warning. If you get a warning, take it seriously. Make visible efforts to comply with the law — not just the minimum compliance, but actively comply with the spirit of the law.

I’ve seen scary things like this on the internet before…and we survived. Commerce did not end. You don’t have to close your website. You don’t have to stop doing business. No one is 100% sure what compliance with the GDPR will mean. I’ve read a lot of reports saying that no one is in 100% compliance yet. Basically, everyone is confused and we’re all trying to figure this thing out. Comply with the law to the very best of your ability. And if you get a warning, take it seriously. Watch out for the scammers that will gravitate to this sort of situation and try to make it scarier than it needs to be so that you will give them money.

You don’t have to panic.

You just have to make data privacy your #1 priority.

confused squirrel

Joomla 3 Helper File Instructions

For my friends who don’t care about tech, just ignore this post.

If you are a Joomla developer, maybe you’ll find these notes helpful. I’m writing them down at the end of another week of circling through Joomla tutorials trying to get something to work the way I want. As is all too common, the instructions were contradictory and it seemed that every one left out some crucial piece of information. Hopefully I haven’t missed including any of the steps, because I’ve tried more variations than I can remember right now.

My goal: create a function that could be used anywhere in my component.

This was a true “helper” function and I needed it everywhere.

Here’s what I had to do to make it work:

  • start with a component com_mycomponent
  • in administrator/com_mycomponent/mycomponent.php add this line:
    JLoader::register(‘MycomponentHelpersMycomponent’, JPATH_COMPONENT . ‘/helpers/mycomponent.php’);
  • in administrator/com_mycomponent/helpers/ add mycomponent.php
  • in that file include these lines:
    abstract class MycomponentHelpersMycomponent
    {
          public static function mycustomfunction($params)
           { code your function here
            }
    }
  • when you want to use the function, just use this line:
    $result = MycomponentHelpersMycomponent::mycustomfunction($params);

Simple, right? Each bit of camel case is critical. You can use whatever $params you need (or none at all).

When I figure out how to make it work on the front end, too, I’ll update this post.

Maybe next time I can get this to work before 1AM.

Deleyna’s Dynamic Designs is Back!

With the internet shift to SSL, I’ve been helping folks get their sites updated and encrypted.

The problem with me and web design is that I enjoy it too much. With returning health and a taste of my addiction of choice, I’ve decided to resurrect Deleyna’s Dynamic Designs, my web design business.

But what about writing?

I’m still at it! “Dominion of Darkness” just came back from the editor and I’m busy with rewrites.

So now we see if I can balance my writing passion with my web design addiction.

Why I Changed Hosting Companies

Note: I’m now an affiliate for SiteGround.

I’d been with my hosting company for over 10 years. I’d recommended them more times than I could count, and for most of those years I was happy. My friends and clients were happy. Life was good and my internet presence was stable.

I knew I could count on that hosting company. They had my back. I felt safe.

And then they got bought out by a mega corporation.

Change was slow, but ugly. My favorite tech support gurus were gone, replaced with new people who really didn’t know what to make of technical questions.

Prices went up. Those wonderful automated backups suddenly weren’t wonderful. More than once they didn’t exist when I needed them, or they were corrupted.

There’s nothing like a corrupted backup to really ruin your month.

Now understand: I may not be actively doing web development any more, but I still have a lot of friends that I help out. I spend more time than the average person chatting with my hosting company. I have them on speed dial on my phone.

Wait times increased. Bizarre errors started occurring. I was lucky not to be hacked (I’m a fanatic about updates), but many of my friends were not so lucky. When I’d call technical support, I began to hear a very common line: a site on the server was hacked and compromised the entire server. And let’s face it, if you’re going to have wait times longer than 30 minutes, PLEASE have good hold music. Please don’t play the same odd song over and over and over.

I may never get that song out of my head.

I tried to find it on the internet. All I found were a lot of other techies begging to know the name of the song they’d just listened to over and over on their web host’s tech support queue.

See, that’s the problem. All of these big, really good companies got bought by one giant corporation who centralized everything into one facility. Then they seem to have painted a big target on the roof. Every hacker from the kid next door to the nation-state internet armies sees that facility as a fun thing to attack.

Servers slowed down.

Way down.

Outages increased.

Sometimes email just went…away.

When I started looking for a new hosting company, what I discovered was that almost every highly rated company was now owned by the same mega-corp.

A few years ago, I met some folks from SiteGround at a tech conference. They were nice, smart, friendly and WOW — was that hosting plan expensive! My geek lust was quickly stifled.

Fast forward a few years and SiteGround has moved forward with their service and they have some good deals on hosting plans. The other site has continued to raise prices. SiteGround suddenly was affordable. When I found them on the list of top 10 hosting companies, I was surprised.

I remembered them.

A little research showed they were only one of two on the list not owned by the big corporation. They were the only one on the list that could handle the particular site I wanted to move.

The last straw with my old host was when they refused to offer the free automated Let’s Encrypt SSL certificates, choosing instead to charge a lot of money for more traditional certificates. (What these are is all techie and likely to become an ugly issue next year as sites suddenly discover that Google wants the internet encrypted and they’re willing to force the issue.) I needed that SSL certificate. And there was no way I could afford one. But with SiteGround I could.

And so I’m now the proud owner of a SiteGround hosted website.

(Highly astute individuals may notice that the site isn’t encrypted yet. It’s coming!)

So far, my new hosting experience has been interesting. I’m still adapting to their technical support. It feels so weird. They don’t want me to listen to hold music. Do they even have any? Usually they just offer a screen chat if I’m stuck. They’d really rather fix things for me than have me try to sort it out on my own.

THAT is going to take some getting used to.

They don’t start contacts with “domain name and last four of the password” followed by a sigh. The last few contacts I’ve had have started with, “How are you doing tonight?” “Welcome to our company! How can I help?”

And y’know what is even weirder? They fix things.

I’m not 100% sure that I trust this yet. Their technical support DID tell me off the other day. (Okay, so I started it…) They told me to just go do something else and let them fix it for me. THAT is going to take some serious adjustment on my part. (Apparently my searching and trying to be helpful was messing up the timer on my technical support ticket…and they are REALLY serious about that timer.)

So as of now, I’m recommending SiteGround. I’m an affiliate. I get a commission if you sign up through that link.

But mostly I’m hoping my friends will switch not for the money, but just so I won’t have to listen to that song again!

  • The Latest Deal from SiteGround:

    Web Hosting

Politics #PoweredByIndie

Happy Indie Author Day!

While thinking about this “why I love being an indie author” post, I made the horrific mistake of glancing at my social media feed. For posterity or anyone who lives under a SEP (somebody else’s problem) field, the short version is that the US elections are fast approaching and we are forced to choose between two horrible candidates. I’m sorry if someone out there truly supports either of these people based solely on their worth, but I’m not seeing it. I’m seeing a lot of intelligent people being forced to choose their candidate based on the other choice being worse.

You support A? How could you? Don’t you know s/he has done xyz? Yes. They know. But they’re afraid because candidate B has done fgh. Our friendships are being decimated by mud slinging and personal attacks.

Let’s face it. We are powerless to get a decent human being into the White House this term. Thankfully, “The king’s (or queen’s) heart is like a stream of water directed by the Lord; he guides it wherever he pleases.”(Proverbs 21:1)

Which brings me back to why I love being an indie author. As an indie, I can tackle any topic that touches my heart. While I do not expect either candidate to end modern slavery, I can fight for understanding in my stories.

Neither of the candidates will do much to fight GMO proliferation, but Michael R. Hicks does with his Harvest Trilogy.

Want to make a difference in LGBTQ rights? Consider reading and sharing the Shards books by Peter Prellwitz. Peter was indie before it was cool.

Or maybe you’re troubled by the state of racism in the US? Support librarian Alicia McCalla who writes books her students can relate to.

Worried about artificial intelligence? Fall in love with Ma in Joseph Lallo’s Big Sigma Series. (His books are available on his website or from major retailers.) While you’re there, check out his approach to strong female characters in the Free Wrench series.

Want more strong female characters? Check out the writing of Jefferson Smith. He’ll also make you think long and hard about corruption and children’s rights.

Want to shine a light on the problems of the homeless or injustice? Check out Geoffrey Neil’s work.

Indie authors aren’t wasting their time or power on politics, they’re actively fighting for the causes they believe in, changing hearts and minds with the power of story.

This is why I’m an indie, because I want to focus on telling the stories I have to tell in the way I want to, even if they aren’t politically correct.

Want to make a real difference this election season? Instead of contributing to a political campaign, consider buying a book from one of the authors I’ve mentioned here. Write a review—not just on the book sellers’ websites and Goodreads (which are amazing and helpful), but also on your social media networks. Consider sharing the find with a librarian in your area. (You may meet with resistance because of the perceived low value of indie books caused by scammers. Take the time to educate people that indie authors are turning out quality, well edited, professional, thought provoking works.)

Don’t waste your time promoting one bad political candidate over another bad one. Actively support indie authors as they fight corruption.

When you buy an indie author’s book, your money doesn’t go to a big corporation or a political movement. Your money goes straight to an individual working to make the world a better place. Your purchase, your recommendations, your encouragement actively empowers these brave individuals to change the world.

In four years, we’ll have another election and this year’s winning candidate will be history. The work of these brilliant, thoughtful indie authors will last much longer.