GDPR is coming soon and websites need to be ready for it. In this article we’ll take a look at what it is, how it will affect your website, and how to prepare your website for compliance.
Disclaimer – We’re not lawyers. This article is for information sharing only and isn’t meant to replace legal advice.
What is GDPR
General Data Protection Regulation (GDPR) is a set of laws for Europe that deal with privacy of consumers. It specifically focuses on citizens of the European Union and how businesses are to handle data for them.
It includes consent for collecting data, how companies should handle a data breach, and allowing consumers to delete their data. The purpose is to give the consumer the power to decide how and when their data is used.
The entire Internet will be affected by this because the EU wants the law to apply to any website where a citizen of the UE can visit. This specifically applies to any website that stores data about their visitors.
Data is any information that pertains to a person. This includes a name, photo, email address, bank details, medical information, location, an IP address, and even posts on social media. Sensitive data includes race, health status, religious beliefs, political beliefs, and sexual orientation.
There are three elements to be concerned with:
- Right to Access– shows the user what data points are being collected, where are it’s being processed and stored, and the purpose, processing, and storage of the data. Websites must provide this information free of cost within 40 days.
- Right to be Forgotten– allows users opt-out of the data-collection process.
- Data Portability– allows users to download their personal data they’ve consented to and transmit it to a different controller.
What’s good about GDPR is it protects data and gives the consumer power over their information. It’s meant to be a global standard for data protection. It will change the way the Internet works with consumer data. The advantage to consumers is they get to see what they’re interested in. Advertising pertains to them instead of being random.
What’s bad about GDPR is it causes extra steps and precautions that might not be needed in the first place. It will cost companies as they work to become compliant, which will result in raised prices in order to recuperate the cost.
How to Prepare
Steps you can take include:
Audit Your Website – Audit of all the data your website and plugins collect. This applies to every way data is collected on your website including user registrations, contact forms, comments, analytics, logging tools, security tools, etc.
Publish a Policy – This will inform the users that you’re collecting data, what the data is, and how you’re using it.
Notify – Create a notification when you’re collecting data. Many plugins will include this.
Allow Users to Opt-Out – Once users have given consent they must be able to opt-out at any time.
Get Permission – Every time a user submits information, for newsletters, etc., you have to get permission to collect their data.
Provide Users with a Copy of their Data – This can be done through plugins.
Notification of Breach – If there is a breach, notification must be sent within 72 hours of becoming aware of the breach.
Make Sure Plugins are Compliant – The larger companies are working on updates so their plugins will be compliant. If you’re using a plugin that doesn’t update consider replacing it.
What GDPR Means for Your Business
GDPR will be enforced May 18, 2020 so it’s important to start preparing as soon as possible. The fine for non-compliance is up to 4% of annual global turnover or €20 Million (whichever is greater). The EU can even block your website.
Businesses that are public authorities, engage in large scale systematic monitoring, or engage in large scale processing of sensitive personal data will need a Data Protection Officer (DPO).
You’ll need to assess the risk of your data and take extra precautions to protect it. If you don’t need the data it would be best to avoid data storage when possible. Delete data you don’t need to ensure it isn’t as risk.
Even with the extra cost this data is still good to have because you can target your audience better. You can advertise to your actual audience without having to make costly guesses about who they are and what they’re interested in.
There are several plugins that will help ensure compliance:
- Delete Me
- WP GDPR Compliance
- WP GDPR
For links and more information visit:
- Divi Chat episode 69 – GDPR Compliance and What It Means For You
- WP The Podcast episode 184 – What is GDPR and Why You Should Care?
- The official EUGDPR website