Does your company use free online services like DropBox or Google Docs to store personal data?
I’m not a lawyer, but you’re probably breaking the law now.
The thing with free plans is that they don’t tend to be protected by a GDPR-compliant data processing contract *, and yet there’s nothing to stop businesses using their products for purposes that require one.
* a highly specific contract is required under Article 28.3 if you use another service to process people’s personal data – See earlier post.
Imagine how many small companies are using free services to store customer contact details in spreadsheets and have no idea their agreement with the provider does not protect this data. It’s all very well saying it’s the company’s fault, but what about the obligations of the (much larger and wealthier) service provider?
While I was preparing for GDPR I made some assumptions which I didn’t realise were wrong until almost too late, and frankly I’m still confused about Article 28 paragraph 3. (Yep, I quote regulations now).
If you run any kind of website that stores people’s details, you might want to check this out too.
Some background –
- In plain English: My website stores your email address on my hosting provider’s servers.
- In GDPR speak: I am a Data Controller and the host is a Data Processor.
Under Article 28(3) I must have a specific contract with my hosting provider that extends my GDPR obligations to them. This goes for any service provider that you use to store or process personal data that isn’t your own. In my case it includes Linode, Stripe, AWS and MailChimp. (I also use Google Docs and DropBox, but I’ll come to those later).
No problem, of course I have contracts with these companies. They will just update their terms of service and all will be nice and legal. Unfortunately it’s not that simple, and the next person who tells me “you don’t need lawyers” is going to get an earful. Continue reading…
I got a laugh at the dinner table the other day when I proclaimed that in order to send you a WhatsApp message I have to also be on WhatsApp.
It’s funny because it’s obvious. But the worst part is that it’s normal. Nobody at the table considered it a problem, if they had even considered it all. Continue reading…
WordPress 4.7.2 was released last week. As usual I was aware of it and decided I would upgrade manually at some point very soon.
Call me complacent, but I’ve run WordPress on this site since 2008 and never fallen foul to the many security vulnerabilities that have plagued WordPress’s reputation. (He says, jinxing himself).
I was getting around to upgrading, but was given a stern reminder this morning in the form of this BBC news article. That got me out of bed pretty quickly.
In the Release Notes for 4.7.2 (bullet point 4) you will see that a very serious flaw has been fixed. It should probably read “You WILL be hacked TODAY if you don’t upgrade NOW”, because you will, and I was.
I’m currently in the process of a complete rebuild of my WordPress plugin Loco Translate. Releasing version 1.0 was fairly easy two years ago when it had zero users, but rolling out much needed version 2.0 is proving to be quite a different story. Continue reading…
There’s a growing feeling in the UK that we’re about to vote ourselves out of the EU. I want it on record that I’m voting to stay.
In my last two posts I lamented the ludicrous EU tax laws that digital businesses have to comply with, so you’d think I’d be eager to leave the EU and no longer have to worry about all that. But no. As with so much of the referendum debate, it’s pretty much unknown what will happen to VATMOSS.
Herein lies much of my frustration with the “debate”. We’re not actually voting for anything, we’ve simply been offered to vote against what we already have, and what we have is badly understood by the vast majority of us. With virtually no certainty of what the alternatives will be, voters are in quite a ridiculous situation.
If my social media feeds are anything to go by, people are voting with their hearts far more than with their heads. It’s not a real debate in there, it’s just an argument about facts, and neither side is going to sway the other with their bombardment of infographics. If someone chooses to believe horse shit like this it’s because it fits their pre-existing view. Likewise, the very existence of propaganda shouldn’t harden or narrow one’s own pre-existing views. But it does. I don’t see anyone discussing whether EEA membership might actually be good, it’s more important to vote against the xenophobes. There’s even a petition to cancel the referendum. (to protect democracy?) Perhaps from those too stupid to vote correctly?
A British election sure brings out the worst in everyone, but if you’re undecided try to think through the noise and assess the risk. If you’ve arrived at the “whatever happens, it can’t be worse” position I’d urge you to think about that sentence.
My vote is based on a pretty simple view that leaving seems far riskier than staying. I’ve not heard a good enough argument for leaving, but even if a proposed EU alternative was acceptable we don’t actually get to vote on what it will be – hence I feel Remain is the safest option by far.
We all know the EU is a bureaucratic monster, but it’s more our monster than people seem to think. Leaving means handing over years of negotiations and lawmaking to the government. We won’t get a referendum on every single law that gets changed. Things can always be worse.
This post continues from part 1 where I outlined what I did to prepare Loco for the not-so-new EU regulations. Again – I’m not a lawyer, or an accountant, and this is not a rant :)
Once my system was processing payments from EU customers I was fairly happy I was compliant, but the devil’s in the detail. With real data coming in I had cause to investigate some odd cases and the learning experience continued.
Here are some extra things to consider from the beginning, or at least be prepared to deal with when they crop up. As with most of this legislation, it all boils down to location.
I launched paid plans for Loco last June and I’ve just reached the end of my first quarter. Being a small business I wouldn’t normally pay attention to quarters, but I do now because selling a digital service in the EU means compulsory VAT registration.
This post is not a political rant. Despite the title I’m going to resist the temptation to vent steam over the not-so-new EU regulations. It is what it is, and there’s unlikely to be any change for a while. If you’re planning a to start a SaaS business from the UK you might benefit from some of the things I’ve learned – many of them the hard way.
I’ve been getting more than the usual number of “my translations don’t show up” reports on the Loco plugin support forum recently. After a couple of people mentioned they had recently upgraded to WordPress 4.0, I thought I’d better take a closer look at what might have changed. As it turns out, something pretty major.
It appears that Twitter started rendering custom Emoji icons on twitter.com about a month ago. I took the opportunity to update my Emoji reference table with their icons and it looks like a full set.
They’re not particularly well drawn, and unfortunately will override native Emoji on operating systems that support them, such as Safari on Mac OS X.