Whilst walking on the West Highland Way from Milngavie to Fort William in the glorious sunshine of May, I had the sudden realisation that I may not be GDPR compliant on my websites and Android apps. The deadline date was looming. This led to a panic and so I decided to pull all of my apps from the Google Play Store. From my phone I put all my websites in maintenance mode till I could go through all that I needed to do in detail once we were back from the West Highland Way.
Once back, my first task was to collapse all of my sites for Celtic Intuition down to this WordPress one. I’d been feeling my way with social media for a while, trying to find the best way to post both relevant marketing material for my Android apps and also to post interesting things, unrelated to my apps. The amount of effort to maintain this, especially on a regular posting basis was eating far too much into my development time. The additional sites had to go and my channels had to be streamlined. So I made the decision to base everything around this one WordPress site and blog. This made my GDPR task a bit easier as well.
For some reason, the GDPR rules had crept up on me. I hadn’t heard much about it in the press. Back in the seventies, there would have been some public information film on it on BBC 1. I don’t watch much TV, so perhaps the announcements had passed me by.
The next hurdle in ensuring that I was as compliant with the GDPR rules as possible was to find a compliant cookie management solution as a WordPress plugin.
Cookie Consent Plugin Choice
I installed and trialled a few plugins claiming to be GDPR compliant (and the only cookie plugin you’ll ever need), based on the WordPress reviews they had, but they all had something lacking or a complexity I wasn’t willing to work with.
Finally I decided to give CookieBot a go. Their licence terms seemed reasonable and I should not exceed their free tier for a while. The plugin has a nice dialog which you’ll probably have seen if you are reading this and a nice level of control for the site visitor. I can also generate reports (for my consent log), which is anonymised, so I really have no way of knowing who exactly is visiting the site. This is fine by me as I’m not great at marketing and I’m only really interested in overall visitor figures with an indication of which content folk are interested in.
Finally I wanted to say a little about the ICO. I’m all for legislation that makes the Internet a safe place and tackles exploitation of user data and I tend to be a rule follower. However, the cost to a small business such as this one, to implement this legislation is significant. Certainly it has taken significant time for me to complete this work.
I would have no quibble with that if I knew that this effort was recognised by the authorities that make the legislation, by pursuing sites that are flouting the law way after the deadline.
Sadly, so many sites that I go to, either have no cookie consent or if they do, very few have a straightforwards way to set the cookies the way you would like. In the worst case where a consent dialog was implemented, I would have had to manually deselect several hundred advertising providers. Of course this is geared towards the site visitor giving up and continuing to have their data harvested. So that indicated to me that there was little enforcement or at least little fear that even the larger sites would be pursued.
I also thought that actions against sites that were not compliant would be displayed clearly on the ICO’s site to show that they were taking action, but it was with some difficulty that I found the following link.
As of 9th October, 171 cases. This seems a very low number to me and is quite disheartening.
On the one hand, I’m happy that I believe my site to be compliant and future proofed for a while, but on the other I’m saddened that there are probably many more resource constrained small businesses out there that have worried about this and pushed to be compliant in time when the published figures seem to indicate that little is being done to enforce the rules.
The cases on the site certainly identify the entities fined, which is commendable, but it would be nice to see a non-attributable figure of the outstanding case load so we feel that this is being taken seriously enough and of the ICO’s view of the scale of the problem, even if no action has been taken yet.
We all want the World Wide Web and the Internet in general to be a safe place to be without fear of long game exploitation of data. We also wish small businesses to flourish and feel that (marketing budgets aside) the legal playing field is somewhat level.