Kiwi$, GDPR, Coughing with Mimi, and Mom's Noose

My May Sale is still on, and I've been observing the exchange rates. Kiwi $ has been super low against US$, JP¥ and A$, while it's always been worthless against € and £; C$ is the only currency we're nearly on par with. So I've had on my mind Kiwi customers, and once again introduced lower Kiwi prices. I do this sometimes; pricing is hard for me, and while I don't have to worry about undercutting galleries now, (there is just the one piece unlike any in the sale in the one outlet I have,) I also keep in mind what other customers, from galleries or from me, paid for similar pieces. We'll see how it goes.

* * * * *

I read folks moaning about GDPR in a few places, particularly pertaining to small (craft) businesses outside EU. When I first heard about it, I admired EU's progressive outlook and envied citizens being protected thus, followed by being thoroughly annoyed by the gazillion websites asking for consent. Surely, you know I'm down here! Thus so far I've never sold anything up that way, so I started reading pointers more as a tourist.

Goodness me, they want all paper records locked up and devices password-protected when I'm pretty sure the Internet is the biggest threat. The magnitude of things one must do to comply, (granted a whole lot is "just in case"), is eye-watering. I haven't found a good "GDPR for small-scale handweavers selling online occasionally" link, but this is a list I made for myself so far:

GDPR for small timers.

1) I have a blog. I guess I need those annoying concent thing to pop up. How can I do this on Blogger?
2) I have a "business" FB page. Do I need to do something about that?
3) I don't do newsletters, e- or paper.
4) I only occasionally sell online, from my Blogger blog.
  a) I communicate via email but don't keep them after the customer receives the item. But I'm on gmail, so I'm sure they do.
  b) I DO KEEP EMAILS from NZ Post when I buy postage online, so this needs looking into, although so far nothing to EU.
  c) Paypal sales records are kept associated with my Paypal account over yonder; what do I do there? Again, so far no EU.
  d) Before Paypal, I issued invoices; I kept the electronic copies, email communications, and printed form for the last 7 years for tax purposes; my paper stuff needs to be locked, but again, so far no EU. 
  e) I don't save addresses, e- or paper, after the customer receives the item. A good business is supposed to keep communicating with them, but I'm more afraid of hackers getting their info via me so I delete everything.
  f) I don't keep a customer database, e- or on paper.
  g) I don't use the cloud.
  h) My laptop is p/w protected and I don't use a smart phone, though a lot of good that does in this era. I run a regularly-updated virus scan, but again, not confident.
  i) I have a tiny backup hard drive. I suppose that needs locking away, too, but again, no EU thus far.
  j) I don't teach; I've not written books. I think that's good

If you know any solutions to these questions, or can think of anything else to worry about, do please help me. My sincerest commiserations to EU and bigger-timer friends.

* * * * *

On Wednesday, I had the sniffles, so I went to The Met Opera's La Bohème on film armed with decongestant, tissues, water, nice smelling ointment, and throat candies. The first two acts went well, but Act 3, when Mimi starts coughing and begin her slow, musical descent to death, I started coughing, too. First I moved to an inconspicuous seat at the end of the row, but eventually I had to leave. I came home with two bottles of cough syrup and have been, ahem, overdosing on them. I'm furious I haven't been doing all the things I had planned for this week, that I'm under the weather, again. But also find it slightly funny; see, in high school, college and the first years at work, I went by the nickname of Mimi. And I haven't died yet.

So I've done little else but plonk on the couch knitting Mom's noose. She wanted shorter than 120cm but we didn't discuss how short, so I'm going for between 105-110cm, which look a little like a noose with all the "ropes"...
I've done 65cm and it's not going to be symmetrical.

Today would have been a chilly but nice gardening day.


  1. I saw that consent warning when I went to post on my blog yesterday, but the widget didnt come up when I went to the blog proper. Guess I need to google it to see what to do. If you find out, let us know. This is just more regulatory BS for small businesses to have to take on. And then people complain when we raise our prices to cover "unbillable" time spent on administrivia.
    The tax on gas went up in CA earlier in the year...and then the price of everything else, food most glaringly, to cover the now-increased transpo costs. Horrible.

    1. I've been told Blogger takes care of itself, and here is the info, but I haven't read it yet. https://support.google.com/blogger/answer/6253244?hl=en

  2. Summary of what I learned as of Tuesday May 29:

    1) Public platforms like blog/photo hosts, mail hosts, social media platforms, selling platforms and others like Paypal are supposed to do their part. Which is a convenient way of saying, if you lean on the skeptical side, we have no control over it. However, a friend opened my blog in France, and sent me a screen shot which inclueded a blue band at the top asking for consent, so there's that re. Blogger.
    2) Our responsibilities/abilities, therefore, are mainly over our own devices and physical premises, although contents may overlap what sit on public platforms.
    3) Main points appear to be, and this is for those us residing/operating outside Europe:
    a) Lock up. Encrupt/password-protect files and physiically lock up paper records.
    b) Tell what data you collect, (how you save them?), (and how long you intend to keep them?).
    c) Tell how you intend to use the collected data, e.g. newsletter emails.
    d) Get consent.
    The rest of what I've read appear to be paraphrasing one or more of the above, unless you have a large operation.

    Best practice among us would have to be Cally's website/blog, https://callybooker.co.uk/privacy-policy/, although be warned, her Cookies specific page is eye-watering. She also makes an excellent point of letting your customers know your policies by perhaps linking to your privacy page when you communicate with them.

    There is also a very good chance arts council/collectives and/or Internet resources for arts/crafts or even helpful government ministeries, if they still exist, has a skelton declaration which you may be able to modify.

    I have a few more links left to study so I'll either add or amend if I find anything.

  3. "Personal data may relate to a person’s private, professional, or public life. It can be anything from a name, a photo, an email address, employment details, interactions on social media, medical records, or an IP address. Even a dynamic IP address can be personal data (C-582/14 2016 Breyer v Federal Republic of Germany)." https://www.lawsociety.org.nz/practice-resources/practice-areas/privacy/gdpr-compliance-in-four-steps

  4. Most thorough and readable example, (an IT firm??): https://automattic.com/privacy-notice/

  5. And my draft privacy policy page: (Yikes!!)

    With the activation of GDPR and my belief any protection of personal data is a good thing, I have attempted to clarify how I operate here. This goes for everybody who comes into contact with me regardless of location at the time, place/s of usual residence, nationality/citizenship/ethnicity, etc.

    1) I have no newsletter nor customer database, and to that end I do not actively collect reader/customer data.

    2) On the occasion I sell my work online from my Blogger blog:
    a) I communicate via Gmail, (occasionall from Orcon.net.nz as backup,) until I have confirmation the customer has receiveed the goods. All correspondences are then deleted.
    b) I keep email notifications from NZ Post when I buy postage online, for seven years for tax purposes, on my password-protected computer.
    c) If payment is made by Paypal, sales records are kept attached to my Paypal account.
    d) If invoices are issued for payments by other means, I keep:
    i) electronic copies of invoices, encrupted and password-protected;
    ii) email to the customer containing the invoice, on a password-protected device; and
    III) printed invoice, in a locked file cabinet,
    for seven years required by New Zealand tax laws.

    3) In communicating on any matter, I delete emails/addresses when the matter is resolved, unless our communication become semi-regular. (As in, we become friends, which happens.) Ask me any time what data of yours I saved, and/or you would like it deleted.

    4) I use only one device, a laptop, which is password-protected and is regularly scanned using the regularly-updated virus scanes. I have a portable backup drive in a locked drawer.

    5) I do not store data on the cloud.

    6) Under no circumstances I sell or impart with your private data. I do, however, liberally and cheerfully distribute your publicly available links if asked.

    7) I use these public platforms:
    * My blog is on Blogger.
    * My email is with Gmail, and my backup is on Orcon.net.nz.
    * I have a weaving-specific page on Facebobok. (I have a Flickr account for now, which may be deleted.)
    * I use Paypal.
    * I use Ben's NZ Post account.

  6. In learning all this, (and "business"-wise I have nothing I have to do now and very little in case I do have a European customer,) but one perpetual source of confusion is in the fact I can't separate my private self from the weaver, or my life from "the business", and I started to wonder about such matters as keeping email address or lovely cards and letters from friends, weavers, in Europe; linking to other's blogs, (perfectly public;) or even mentioning friends and what we talk about/do together around here, because for that last one, I don't get consent beforehand and I am a little reckless, I know.


I love comments. Thank you for taking the time to leave one. But do be sure to leave your real or blog name.