What the General Data Protection Regulation (GDPR) Means to Genealogy Bloggers and Others

A new European law goes into effect on May 25, 2018, that will require changes for almost everyone who publishes information online. In my opinion, this is a very good law. However, if you write a genealogy blog or collect email addresses for those who read your genealogy data online, you need to be aware of the changes that might be required of your web site.

Even though the General Data Protection Regulation (GDPR) is a European law, it affects almost everyone who publishes information online. Just because you live in North America or in Asia doesn’t mean you can ignore this new law. The law covers privacy requirements, and we all live in a digital world where data privacy is of the utmost importance. If you have one or more readers in Europe, you need to comply with the new law. In fact, I would suggest everyone should follow the new guidelines simply as a matter of common sense, regardless of where your readers reside. Compliance should be easy.

The General Data Protection Regulation, otherwise referred to as GDPR, is new legislation that strives to put the control back in the hands of European Union citizens when it comes to their personal information. Since it will require changes to web sites worldwide, the result will be better privacy for all of us, regardless of where we live.

Once the new law goes into effect, an individual can retrieve details on what personal information is being held about him or her, who is using it, how they’re using it, and how it’s being stored. Additionally, information is to be provided on how individuals can request copies of this data, and even more, they can request to be completely deleted from the web site’s database (which goes beyond the simple “Unsubscribe” button).

Will this affect you? The answer is “Yes” if your answer is affirmative for any of these questions:

  • Do you have a newsletter list with at least one person in the European Union?
  • Have you posted at least one Facebook ad to advertise your blog or other information you publish online?
  • Are you maintaining a mailing list to be used on social media?
  • Do you use PayPal or Square or any other type of eCommerce platform to accept credit card payments your readers or customers?

If you answered “Yes” to any of the above questions, you must comply with the new law. That is true with you make money with your web site or not, even nonprofits must comply with the new law. Luckily for you, compliance is easy.

The primary thing to remember is that individuals in the European Union must explicitly opt-in to communications from you. You cannot add anyone in the European Union to your mailing list without that person’s stated permission. You cannot just add someone to your email list because they asked you a question; they must have given explicit permission to be added to the mailing list.

Likewise, when anyone in the European Union asks to be deleted from your mailing list, you must delete that person’s information immediately. That is referred to as “opt-out” of the mailing list. There are to be no exceptions.

With GDPR, you must be able to provide an audit trail of how and when each person opted-in, should you ever be asked to provide substantiation.

Most mailing list software, such as MailChimp or Mailer Lite or FeedBlitz (which is used by the eogn.com web site), already complies with the new GDPR law. The bigger risk is for someone who MANUALLY maintains a mailing list and is unaware of the new law’s requirements. Fines for noncompliance could cost $20 million Euros. And… yes, the European courts have legal methods of collecting those fines from North American violators of the new law.

Purchasing a mailing list online and sending unsolicited emails to the list has always been a poor business practice, but now it will become illegal. Of course, sending spam mail will become illegal, but I suspect the new law won’t impact spam mail very much. Those who send spam mail have always ignored most other laws, and I suspect they will ignore the new law as well.

If you have questions about the General Data Protection Regulation, you should consult your legal counsel for additional information. You can also read more at the new law’s support page at https://www.eugdpr.org/ as well as on hundreds of web sites by starting at https://duckduckgo.com/?q=%22https%3A%2F%2Fwww.eugdpr.org%2F%22&t=hg&ia=web.


You mentioned several of the mailing list companies being in compliance. Would that apply to blogging platforms (WordPress, BlogSpot, Bloggers, etc.) as well? I have a new blog started on WordPress, with a few people simply following, and others following by email. I’m not doing anything else with the email information. If that doesn’t change, do I need to worry about it? Thanks.


Hello Dick. Can you point us toward a source for your statement, “The European courts have legal methods of collecting those fines from North American violators of the new law,” please?


Thank you for the reply, Dick. The discussion points under that thread are helpful. The situation is much as I thought: US individuals and companies doing business with Europeans will not be subject to GDPR (or other European equivalents) if they have no European presence. US courts are most unlikely to enforce European judgments on something like this on a US-based entity or person.


Great article Dick, thank you for that.


What does this mean for a private online family tree, I’ve had a family member request to remove all data relating to them, which could mean I have to remove myself or the whole tree, which seems a shame since the whole thing including dead relatives is not public.


Leave a Reply

Name and email address are required. Your email address will not be published.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <s> <strike> <strong> 

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: