GDPR Compliance Notice

Published 3 weeks, 4 days ago

Hi there!  This is a statement regarding this web site and the data associated with it as compared to the GDPR.  You might think this is ridiculous, but as my site is at least somewhat business-related—it promotes my work, invites people to contact me for consulting or speaking engagements, and the like—here we are.

So:

  • Meyerweb does not set any cookies in your browser, nor does it track you.  This has always been the case, except for a brief period in which I enabled Jetpack to do something or other and then later discovered it was pulling in… other things.  I disabled it immediately, and have no intention of ever enabling it again.
  • Meyerweb’s web host keeps copies of the server’s access logs, which contain the IP address of the device you use to access meyerweb.  It does not, to the best of my knowledge, record any other personally identifying information, unless you hacked your browser’s UA string to contain such information.  Then it will be in the server access logs, and probably next to impossible to get out.
  • As an anti-spam measure, commenters have always been required to supply an email address in order to comment.  Optionally, they may supply a name and URL.  If you have commented in the past, whatever information you provided is still stored in a local database, associated with that comment.  If you wish to have that information removed, contact me and I’ll do my best to remove it.  This may also end up with me removing your comment(s), though I will always try to preserve them.
  • If you have enabled the “email me about followup comments” or “email me about new posts” features of the site, those are managed by WordPress.com.  I do not store that information locally, nor do I have access to it in any way.
  • If you wish to have any personal information about you removed from meyerweb, you can always contact me, and I’ll do my best to handle the request as soon as possible.  If you haven’t heard back from me within ten days, please assume the first attempt got spam-canned or buried in the ongoing avalanche that is my inbox, and ping me on Twitter about the silence.  Please don’t use Twitter as a method of first contact about this, since we’ll have to take any conversation about personally identifying information off Twitter and into email anyway.

And I believe that’s it.  If I missed anything, let me know and I’ll update as needed.


  1. The one thing missing is how long you store personal data. Storing the IP in the access log is fine, but should be removed after some time – IIRC 3 weeks max. Same for emails if they are only for anti-spam.

    Apart from that you are doing really good from my point of view.

  2. Thanks, Nico! As I understand it, personal data has to be dumped within three weeks unless there’s a specific reason not to. In the case of commenting here, the data is retained to indicate who’s commented in the past, and therefore who has automatic posting rights in the future. (Someone who posts with a never-before-seen email has the comment held for moderation first, as yours was.) It’s something like setting up a user account, though no password is involved. Wouldn’t that qualify as a reason to hold on to that specific data longer than the default three weeks?

  3. I had to be involved in the Big Ass GDPR Project™ at work, so it’s nice to see a really simple example of how to communicate this information that fits the bill.

Leave a Comment

Management reserves the right to edit or remove any comment, especially when abusive or irrelevant to the topic at hand. HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <em> <i> <q cite=""> <s> <strong> <pre class=""> <kbd>


Comment Preview

If you're satisfied with what you've written, then go ahead...