What Do You Need To Know About GDPR?
How you heard of GDPR? Do you know what GDPR is? GDPR is the short form of General Data Protection Regulation. It is a European Union law about personal data protection. Recently, I have been receiving many emails regarding GDPR from service providers. This triggered my curiosity to find out more about GDPR. So, what do you need to know about GDPR?
I did a quick research from the emails I received and also from the internet. In this post, I am going to share with you my finding. I have summarized few important points I think every WordPress website owner should take note.
Before I start, please take note that I am not a lawyer. All information I share here is solely my personal opinion and you should not considere it as legal advice.
What is GDPR?
The General Data Protection Regulation (GDPR) is a European Union (EU) data privacy regulation that give EU citizens control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy. This regulation was taking effect on May 25, 2018.
Who Does GDPR Apply To?
You may wonder if GDPR apply to your business or website. The answer is likely yes. If your website has visitors from European Union countries, then this regulation applies to you.
This means that even if you don’t have a physical presence in the EU, if you provide goods or services to EU citizens, you must comply to GDPR.
The Penalties
GDPR create panic among businesses around the world because of its large monetary penalties. After May 25, 2018, any businesses that are not in compliance with GDPR’s requirement can face large fine of €20 million or 4% of worldwide revenue.
Important Pillars You Need To Know About GDPR
So, now you have some rough idea what GDPR is. The next thing you would need to know the requirements under GDPR. First thing first, let’s understand what personal data is under GDPR. Basically, any data that can potentially identify a specify individual is under GDPR’s coverage. These data include name, address, email address, IP address, cookies identifiers, GPSS locations and more.
Next, let’s see the important pillars you need to know about GDPR.
Explicit Consent and Transparency
This requirement is very clear and straightforward. When you are collecting personal data from an EU resident, you must obtain explicit consent from them. It must be specific and unambiguous.
Sending unsolicited email to people who filled out your website contact form or commenting on blog post is strictly not allowed. This is because they did not opt-in for your marketing newsletter.
When we say explicit consent meaning that it is a specific action takes by the user to agree and consent you to obtain their personal data. In this case, pre-ticked checkbox is not considered consent.
Right to be Forgotten
An individual has the right to be forgotten. In other word, an individual has the right to request website owner to delete their personal data if they no longer want their personal data processed. Thus, as a business and website owner, you must make sure that you delete the data when an individual requested you to do.
Breach Notification
Organizations has the duty to report certain types of data breaches which involve unauthorized access to or loss of personal data to the relevant authorities. For high-risk breach, organization must inform individual affected by the breach. Organizations must report the breach to the relevant authorities within 72 hours of the organization first becoming aware of it.
WordPress is GDPR Compliant
If you have updated your WordPress to version 4.9.6, you would notice that WordPress add some enhancement to make sure that WordPress is GDPR compliant. Please take note that I am talking about self-hosted WordPress.org not WordPress.com.
Comments Consent
Prior to version 4.9.6, WordPress stores your name, email and website as a cookie on browser when you leave a comment on a website. This made it easy for you to comment when you return to the website again because it will pre-populate your information into those fields.
Due to GDPRs’ requirement that you must get explicit consent from your visitors, WordPress has added the comment consent checkbox. By default, this checkbox is not checked. This means that users must enter their name, email and website every time they leave a comment.
Simply update your WordPress to the latest 4.9.6 release so that the comment consent checkbox can add into your website. Make sure you update your WordPress theme to the latest release as well.
Data Export and Erase Feature
As GDPR’s requirements that an individual should have the “right to be forgotten”, WordPress has also added the feature to export and delete user’s personal data. You can find the export and erase features under the Tool menu.
Privacy Policy Generator
You should create a privacy policy on your website, so that you can be more transparent with your visitors on what data you store and how you handle the data. In the 4.9.6 release, WordPress comes with a built-in privacy policy generator. If offers you a privacy policy template and you can use it as a guidance create your own privacy policy.
IP Addresses Anonymization in Google Analytics
Google Analytics is a free analytic service offered by Google. It offers you free web analytic service that help you track and reports website traffic. You need an analytic tool to help you to analyse your website’s performance and gain customer insights.
If you have not done so, you may want to check out my blogs on how to set up Google Analytics for your WordPress website.
However, if you have done so, it also means that it is possible that you’re collecting or tracking personal data like IP addresses, user IDs, cookies and other data for behavior profiling.
For IP addresses, you can easily anonymize it by changing the Global Site Tag (gtag.js) codes for GDPR compliance. You may learn more about IP anonymization from Google support page too.
You may check out my blog post on how to add Global Site Tag codes into your WordPress website.
Conclusion
Whether you are big organization, online business owner or blogger, the implementation of GDPR will certainly affect you in some level. However, if you take it positively, GDPR is not out there to get you but to protect user’s data. As the world goes digital, we need a standard regulation like this to adapt globally.
Lastly, thank you for stopping by and I hope this article help you learn about GDPR compliance. If you like this article, please share it with your friend. You are most welcome to leave me a comment below here if you have any question.
To Your Success,
Kwah Choon Hiong