I’m sure by now you have all see the emails chattering about GDPR compliance and if you are like me, you’d like nothing more than to stick your head in the sand about it.
Alas, as business owners we are not that lucky and May 25th, 2018 is fast approaching ;(
Now, before I go any further I want to state: Full GDPR compliance is different for each business. Nothing on this page is legal advice, as I’m not a lawyer!
I’m simply sharing what I have learned and a bit of advice to get you started in the right direction.
So what on earth is GDPR?
The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU).
But wait: I don’t market or serve Europeans! Phew then GDPR doesn’t apply to me 😉
Your business is out there on the great world wide web, thus you can collect data from an EU citizen whether you intended to or not. Even if you consider GEO-blocking Europe you are still not protected as the protection travels with the EU citizen. Consider the case of traveling or dual citizenship.
GDPR’s goal is to protect the consumer’s personal information. And if we take a step back, this is actually a good thing. For while it might be a pain to you right now. Think about how it protects your personal information as you use hundreds of other business’ website a year. Food for thought.
As a business owner, your website needs to be able to provide the following answers on personal data collection & usage including:
- Stating who you are, why you need their data, how long you’re keeping it, and who on your team or externally has access to it
- Getting explicit and clear consent to collect data through an opt-ins and/or forms
- Making users aware of any cookies or data tracking
- Giving users access to their own data, the ability to download it, and to delete it from your records completely
- In the event of a hack or security breach, letting your users know about it
Does my website actually capture “personal data”?
Well, if your website:
- Is a WordPress website
- Contains a contact form
- Contains an Opt-in
- Has Google Analytics or other tracking software installed
- Collects payments
… it does and you need to care.
So now what?
Thankfully, there are a few resources that can get you up and running in the right direction.
Now, will these make you 100% compliant? Probably not. (again ask your lawyer) But they will certainly demonstrate your business’ attempt to do the right thing and move in the right direction towards compliance.
4 Simple Tools
- Cookie Notice: Cookie Notice by dFactory
A quick and easy free WordPress plugin to enable compliance with EU cookie law regulations
- GDPR Compliance for Forms: WP GDPR Compliance
A free and easy to use WordPress plugin to add compliance language to the most common forms including comments, Gravity Forms, and Contact Form 7
- WordPress 4.9.6
WordPress is also actively working on GDPR compliance and plans to add personal data export and removal utilities
I hope not. While this is yet another thing to add to the to-do list I’m hoping I’ve provided some simple next steps.
If you need any support just reach out. I’m happy to help.