How To Make Your Websites Gdpr Compliant

Many changes are coming for WordPress in 2018, and not least is the General Data Protection Regulation (GDPR) that the European Union is enacting, starting from May 25, 2018. The TL version; DR is the GDPR says that users have full control over their data, and you have to tell them why you need it. At which point, they can give the green light or not. Practically, though, it's a little more complicated than that.


WordPress and the GDPR

Since WordPress accounts for 30% of the Internet now, we have a lot of cleaning to do. Data flows between our sites and our users, and GDPR indicates that it is our responsibility to manage our sites so that users can manage their data. Even if it is a regulation adopted by the EU, it affects almost the whole world. Because if you collect a bit or a byte of data from a person in the EU (regardless of your own location), you are subject to this law because you then have information belonging to a citizen of l & # 39; EU. And if you are in non-compliance, you can be fined 20 million euros.

It's scary for a lot of people.

The good news is that there is a dedicated team of WordPress Core contributors working on GDPR-proofing the basic code before May 25th. They have a website (and associated Slack channel) set up where administrators and developers can track progress and see what you need to do to get yourself (and your customers) in compliance. Here is the breakdown of what you are responsible for:

Explain who you are, how long you keep the data, why you need it and who in your team or outside it has access
Obtain explicit and clear consent to collect data via opt-i
Give users access to their own data, the ability to download and delete them completely from your folders
In case of hacking or security breach, inform your users about it

For more detailed explanations on GDPR, you can view our Overview of Data Regulation in 2018 the Official Computer Graphics of the European Commission on GDPR, and the Official Support Automattic Regarding WordPress and the GDPR

All that said, you need to know what you can do to comply with the GDPR. Here are some specific steps you can take to protect yourself (and protect your user's data).

The GDPR opt-in

The most important aspect of all this is the opt-in GDPR. Let me be clear about this. An opt-in is by no means the same as an opt-out. The EU said you must "get their clear consent to process the data." This means that users of must explicitly say yes, not only be able to say no .

Here is an example: you have a dropshipping business online, and maybe you are using WooCommerce . When users access your payment page, you have a check box that says "[x] Yes, I want to register for your amazing email list!"

No problem, right? If you checked the default box, you are at fault. This gives them the opportunity to withdraw. This is not what the GDPR opt-in rule says. They must explicitly say they choose to share their information with you.

The same applies to comment sections that automatically include people in the discussion, or any type of automated contact that is not directly initiated by the user. (Pop-up dialogs like Intercom may be appropriate because they do not reach their data, but could be affected by the pseudonymization clause of the GDPR .)

But your number 1 goal is to take nothing away. And honestly, take as little as possible when you get explicit permission.

Ask for the minimum information

Many websites, forms and plugins and stores ask for information that they do not really need. In general, a good rule is to ask as little information as possible to your users. If you do not need their names, even, do not take it. Or maybe only their first. Sometimes all you need is their email to do your work.

This does not mean that you can not ask for other information. The GDPR simply says you have to tell people why you need it. If you ask for their name and surname, tell them why. If you ask for their birthdays, make sure you send coupons as birthday gifts for example. Due to GDPR, there is no more information request "just in case" or "for indeterminate future projects."

Many form plugins allow you to include a note under / next to the primary label. phone numbers, you can have a text that says, "We are asking for your phone number so our customer service representatives can speed up the setup process for your custom orders."

Also, when you request information, the EU says you have to disclose "who you are […] how long it will be stored, and who gets it." As to how and when you have to disclose this stuff, this may differ. is that you have to tell who you are at the same time as you are requesting their data.

This is actually no different from the required footers that each mail service requires you to provide. or blurb explaining who you are, a single line stating that "The data on this site is processed by BJ Keeton, the DSI of Awesomesauce International and its affiliates." Or even something like "The data submitted This form will be used by Awesomesauce International and no one else will work.

This means, your contact form, registration form, payment pages, wherever users can give you their necessary information to clearly identify you and yours

. Regarding the other parts of the GDPR information retention clauses, you can include details about the data why how and that in be your requirements of use or your privacy policy. And it's a good idea because they are part of the explicit option of GDPR.

The achievable step here is twofold: First, make sure your ToS and your privacy policy are themselves compliant with the GDPR. And second, create explicit mandatory fields on each form indicating the acceptance of both documents before processing anything. The checkboxes are correct, and the text fields in which users can type "I agree" are even better (but are really unpleasant).

We also have more in-depth resources for you on this topic. You can check how add the required chords to your forms here . And if you do not know where to start your privacy policy, we can also guide you through .

I would suggest adding a paragraph in your Terms of Use to accept the Privacy Policy a term and a link directly from the ToS. Then, in the privacy policy, add a paragraph that discusses its role in the information management system, as well as exactly how your site manages the data according to the GDPR. Specifically, you will need to provide detailed instructions in your privacy policy explaining each of the following:

How to access and download a complete record of the data you have on them
Process by which users can completely delete their data from your records (and not just unsubscribe, etc.) as part of the "right to forget" laws previously enacted in the EU
Exactly how will you inform users of data breaches if they happen
Detailed explanation of who you are, what data you use, who has access to it, and how long you keep it

It is now more important than ever to have a privacy policy in place. That was pretty important before because Google wanted you to have one. And this importance has just skyrocketed.

Sounds like a spell, is not it?

And that's the case. Fortunately, you probably use WordPress. Because of our fantastic community, developers are already working on many ways to help with GDPR opt-in and compliance. There are still a lot of details that you will have to work on your business, but in the coming months, I would expect options to pop up in your favorite plugins – or GDPR extensions made by third parties – that insert everything I've mentioned a few boxes and filling a few fields.

Basically, to make your GDPR site compliant, it boils down to making sure you are transparent with people. Tell them what you are doing, do not ask for superfluous information, and let them opt to give it to you, rather than take it by default.

What measures did you take for GDPR? compliance up to now? Any advice you can share in the comments would be great!

Feature Article image by Pe3k /

The Post How to Make Your Websites Compliant GDPR first appeared on ] Stylish Themes Blog .


Please enter your comment!
Please enter your name here