DATA PROTECTION
How Many Medium Writers Are Breaking The Law?
The most successful people on Medium build big email lists, but is what they’re doing legal?
NOTE: This article refers mainly to data protection and the GDPR in the UK and Europe, whilst certain aspects apply to the US and beyond.
Managing your personal data and understanding data protection laws are crucial, whether you’re a business owner or a consumer.
Contrary to the belief that using established platforms like Mailchimp or Substack automatically makes your data handling practices legal, there are myriad ways you could be unintentionally breaking the law. The law doesn’t just apply to businesses but also to individuals collecting Personally Identifiable Information (PII), which is any piece of data that could potentially identify a person.
Key Questions to Consider:
- Have you ever exported your mailing list for any reason?
- Do you leave your computer unlocked when stepping away, especially when sensitive data is displayed?
- Is your privacy policy GDPR-compliant, informing subscribers how their data will be handled?
- Are you aware of the data-sharing implications if using a U.S.-based service while in the EU?
- Is the process of unsubscribing from your list fully automated?
- Could you satisfactorily explain your data protection measures if challenged by a subscriber?
Even if you think you’re doing everything right, the concept of ‘unconscious incompetence’ comes into play — many people mishandle personal data without even realising it. Ignorance of the law does not exempt you from it, much like other legal obligations in daily life.
The legal landscape has evolved with regulations like the GDPR in the EU and UK, aimed at protecting an individual’s personal data. The problem is, most people are uninformed about these laws, and their complexities make them difficult for small businesses to implement. Businesses of all sizes must understand their responsibilities concerning PII.
Understanding PII is also essential. Pre-GDPR, not all personal data was considered PII. Now, any single piece of information that could potentially identify a person is categorised as PII. This includes your email address, phone number, and more.
Why should you care? Well, consider that when you buy something online, you’re not just sharing your data with the company but also with various third parties involved in the transaction process. Are you sure they are handling your data securely?
In conclusion, data protection is a shared responsibility. Ignorance is not an excuse for mishandling personal data, and understanding your obligations can help protect not only yourself but also those whose data you handle.
The above is a summary of the article, How Many Medium Writers Are Breaking The Law?, the full version of which is available to read at The Marketing Alliance: https://themarketingalliance.co.uk
About the author: Clive Wilson
