To comply with GDPR we need
Can you implement this?
We’re using source template.
You can link from within that box. There should be a popup menu when you select some text.
I am thinking the data collected running a Ghost site doesn’t qualify as collecting personal data according to GDPR. But you can always link up a privacy policy on your website via the menu options.
Depends on using member functionality or not:
Collecting names and emails for a newsletter is considered “processing of personal data” and therefore falls within the scope of the GDPR.
Article 4(1) – Definition of personal data:
Confirms that email addresses and names can be personal data if they relate to an identifiable individual.
Recital 26 – Identifiability:
Explains that a person is considered “identifiable” if they can be identified, directly or indirectly, by reference to an identifier such as a name or an online identifier (which can include email addresses).
Firstname.lastname@company.com is personal identifiable data, info@company.com is not
exactly. so as soon as you have enabled the member functionality you allow/ask real humans to provide their personal identifiable data (to store, process, disclose it). The possibility of providing a company address doesn’t change that: I could create a facebook account with only my company data, this doesn’t mean facebook can ignore GDPR, right?
There are plenty of potential improvements that can be done. As a reminder, anything that is sent to the user device requires consent. Certain communications are allowed prior consent, where as the majority of them are not. Loading external content requires consent for example. That is why the core Ghost scripts in themselves violates EU law. Thankfully the great team that develops Ghost has added a work-around for these specific files. It’s in the configuration file of Ghost.
And GDPR is just one of multiple regulations in the European Union that describes what is allowed and during which circumstances.
Run a network analysis of any website. Check if there are external content being loaded prior any consent. If that is the case, I’d say that site is violating the regulations with 99% certainty.
Final detail I forgot to add. Anything that alone or in combination with other information that can point to a specific individual is considered Personal Identifiable Information or PII in short. And there is no limitation in scope for these potential combinations of information. If a single piece of information combined from three different sources can point to a specific individual, then all three sources violate the EU law if that content requires consent and it’s not given…
