GDPR Rules

GDPR Compliance

In 2015, the Federal Trade Commission released its new rules for Disclosure Compliance

These rules are set in place to ensure that readers or viewers of web media (blogs, YouTube videos, etc.) know if the blogger/presenter is sponsored, endorsed, or partnered with a different company. In blog terms, the readers need to know if the blogger is making money by sharing a link or product.

In compliance with the FTC guidelines, please assume the following about links and posts on this site: Any/all of the links are affiliate links of which I receive a small compensation from sales of certain items.

What are affiliate links?

Purchases are made on external affiliate company websites: When a reader clicks on an affiliate link located on .com to purchase an item, the reader buys the item from the seller directly (not from ). Amazon and/or other companies pay a small commission or other compensation for promoting their website or products through their affiliate program.

Prices are exactly the same for you if your purchase is through an affiliate link or a non-affiliate link. You will not pay more by clicking through the link. 

Further Information:

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). Since the Regulation applies regardless of where websites are based, it must be heeded by all sites that attract European visitors, even if they don’t specifically market goods or services to EU residents.

The GDPR mandates that EU visitors be given a number of data disclosures. The site must also take steps to facilitate such EU consumer rights as a timely notification in the event of personal data being breached. Adopted in April 2016, the Regulation came into full effect in May 2018, after a two-year transition period.

Customer-Service Requirements of the GDPR:

Under the rules, visitors must be notified of data the site collects from them and explicitly consent to that information-gathering, by clicking on an Agree button or other action. (This requirement largely explains the ubiquitous presence of disclosures that sites collect “cookies”—small files that hold personal information such as site settings and preferences.)

Sites must also notify visitors in a timely way if any of their personal data held by the site is breached. These EU requirements may be more stringent than those required in the jurisdiction in which the site is located.

Also mandated is an assessment of the site’s data security, and whether a dedicated data protection officer (DPO) needs to be hired or an existing staffer can carry out this function.

Information on how to contact the DPO and other relevant staffers must be accessible so that visitors may exercise their EU data rights, which also includes the ability to have their presence on the site erased, among other measures. (Naturally, the site must also add staff and other resources to be capable of carrying out such requests.)

Other Rules and Mandates of the General Data Protection Regulation (GDPR):

As further protection for consumers, the GDPR also calls for any personally identifiable information (PII) that sites collect to be either anonymized (rendered anonymous, as the term implies) or pseudonymized (with the consumer’s identity replaced with a pseudonym). The pseudonymization of data allows firms to do some more extensive data analysis, such as assessing the average debt ratios of their customers in a particular region—a calculation that might otherwise be beyond the original purposes of data collected for assessing creditworthiness for a loan.

The GDPR affects data beyond that collected from customers. Most notably, perhaps, the regulation applies to the human resources records of employees.

Controversies Associated With the GDPR:

The GDPR has attracted criticism in some quarters. The requirement to appoint DPOs, or simply to assess the need for them, some say, imposes an undue administrative burden on some companies. Some also complain that the guidelines are too vague on how best to deal with employee data.

In addition, data cannot be transferred to another country outside the EU, unless the receiving company guarantees the same degree of protection as the EU requires. This has led to complaints about costly disruption to business practices.

There’s further concern that the costs associated with GDPR will increase over time, in part because of the escalating need to educate customers and employees alike about data protection threats and remedies. There’s also skepticism over how feasibly data protection agencies across the EU and beyond can align their enforcement and interpretation of the regulations, and so assure a level playing field as the GDPR goes into fuller effect.

Canadian Flag

United States Flag

United Kingdom Flag

Australian Flag

European Nation's Flag

Thank you,


Comments are welcome.

Follow by Email