I did a quick research from the emails I received and also from the internet. In this post, I am going to share with you my finding. I have summarized few important points I think every WordPress website owner should take note.
Before I start, please take note that I am not a lawyer. All information I share here is solely my personal opinion and you should not considere it as legal advice.
You may wonder if GDPR apply to your business or website. The answer is likely yes. If your website has visitors from European Union countries, then this regulation applies to you.
This means that even if you don’t have a physical presence in the EU, if you provide goods or services to EU citizens, you must comply to GDPR.
GDPR create panic among businesses around the world because of its large monetary penalties. After May 25, 2018, any businesses that are not in compliance with GDPR’s requirement can face large fine of €20 million or 4% of worldwide revenue.
So, now you have some rough idea what GDPR is. The next thing you would need to know the requirements under GDPR. First thing first, let’s understand what personal data is under GDPR. Basically, any data that can potentially identify a specify individual is under GDPR’s coverage. These data include name, address, email address, IP address, cookies identifiers, GPSS locations and more.
Next, let’s see the important pillars you need to know about GDPR.
This requirement is very clear and straightforward. When you are collecting personal data from an EU resident, you must obtain explicit consent from them. It must be specific and unambiguous.
Sending unsolicited email to people who filled out your website contact form or commenting on blog post is strictly not allowed. This is because they did not opt-in for your marketing newsletter.
When we say explicit consent meaning that it is a specific action takes by the user to agree and consent you to obtain their personal data. In this case, pre-ticked checkbox is not considered consent.
An individual has the right to be forgotten. In other word, an individual has the right to request website owner to delete their personal data if they no longer want their personal data processed. Thus, as a business and website owner, you must make sure that you delete the data when an individual requested you to do.
Organizations has the duty to report certain types of data breaches which involve unauthorized access to or loss of personal data to the relevant authorities. For high-risk breach, organization must inform individual affected by the breach. Organizations must report the breach to the relevant authorities within 72 hours of the organization first becoming aware of it.
Prior to version 4.9.6, WordPress stores your name, email and website as a cookie on browser when you leave a comment on a website. This made it easy for you to comment when you return to the website again because it will pre-populate your information into those fields.
Due to GDPRs’ requirement that you must get explicit consent from your visitors, WordPress has added the comment consent checkbox. By default, this checkbox is not checked. This means that users must enter their name, email and website every time they leave a comment.
Simply update your WordPress to the latest 4.9.6 release so that the comment consent checkbox can add into your website. Make sure you update your WordPress theme to the latest release as well.
As GDPR’s requirements that an individual should have the “right to be forgotten”, WordPress has also added the feature to export and delete user’s personal data. You can find the export and erase features under the Tool menu.
You should create a privacy policy on your website, so that you can be more transparent with your visitors on what data you store and how you handle the data. In the 4.9.6 release, WordPress comes with a built-in privacy policy generator. If offers you a privacy policy template and you can use it as a guidance create your own privacy policy.
Google Analytics is a free analytic service offered by Google. It offers you free web analytic service that help you track and reports website traffic. You need an analytic tool to help you to analyse your website’s performance and gain customer insights.
If you have not done so, you may want to check out my blogs on how to set up Google Analytics for your WordPress website.
However, if you have done so, it also means that it is possible that you’re collecting or tracking personal data like IP addresses, user IDs, cookies and other data for behavior profiling.
For IP addresses, you can easily anonymize it by changing the Global Site Tag (gtag.js) codes for GDPR compliance. You may learn more about IP anonymization from Google support page too.
You may check out my blog post on how to add Global Site Tag codes into your WordPress website.
Whether you are big organization, online business owner or blogger, the implementation of GDPR will certainly affect you in some level. However, if you take it positively, GDPR is not out there to get you but to protect user’s data. As the world goes digital, we need a standard regulation like this to adapt globally.
Lastly, thank you for stopping by and I hope this article help you learn about GDPR compliance. If you like this article, please share it with your friend. You are most welcome to leave me a comment below here if you have any question.
To Your Success,
Kwah Choon Hiong
Do you know that you can use your mobile phone to scan documents? Of course,…
Today, I want to show you how to cast your mobile phone to your PC.…
In this article, I will show you how to install and configure Fail2ban service on…
Have you ever want to bulk delete to your WordPress posts records and you have…
Perhaps you hear about the terms “Landing Page”. Sometimes, we also call it as “Lead…
In this article, you will be learning how to embed Google Forms in WordPress. Google…