(Yes, You Have a Website So You Will Need To)
The GDPR General Data Privacy law is set to go into effect on May 25, 2018.
WordPress.org recently shared an update on the European General Data Protection Regulation (GDPR) and how we can use our websites and new tools to comply.
The GDPR requires companies and site owners to be transparent about how they collect, use, and share personal data. It also gives individuals more access and choice when it comes to how their own personal data is collected, used, and shared. It’s important to understand that while the GDPR is a European regulation, its requirements apply to all sites and online businesses that collect, store, and process personal data about EU residents no matter where the business is located. You can learn more about the GDPR from the European Commission’s Data Protection page.
As business owners with a website on the world wide web, we are affected by these changes to data privacy (which is good thing, in my opinion) and need to pay attention and take action to comply with these new rules.
Watch this video for a quick overview of the GDPR.
Are you Exempt from GDPR? No
Your business is on the web, therefore you are NOT exempt from this law.
As part of GDPR, a Data Protection Officer is a formal role required by the GDPR. If you’re a one-person business, this will be your new role, so you’ll want to take the time to stay on top of compliance.
Do you collect private data?
How might you be capturing data that would cause you to be exempt from GDPR?
- Your website statistics are tracked through an online tool like Google Analytics.
- Your website has a contact form.
- You use an email marketing opt-in on your website.
- You have an online shopping cart and sell products or services, collecting the information of your buyer.
- You use your WordPress website as a CMS and allow visitors, members, course students, etc. to create an account through your WordPress website.
- Your website allows visitors to sign up for an event, class, webinar, etc.
- You use 3rd party software for marketing and automation such as HubSpot, Constant Contact, ActiveCampaign, etc.
What should you do to comply?
Contact your lawyer! We certainly are not lawyers and do not know the ins and outs of your business. We’re here to help provide suggestions on the tools you can use on your website to comply. Your lawyer should advise you on the steps you should take to comply.
Your WordPress Website Has New Tools for GDPR
Our Care Plan clients are always updated to the latest version of WordPress.
GDPR compliance means European residents will be able to:
- Demand a copy of all the data you have about them.
- Demand any errors in the data be corrected.
- Request the removal of all personal data.
This includes information like name, address, and phone number, along with less obvious things like shipment tracking numbers or IP addresses.
There are some helpful new personal data export tools coming to WordPress and WooCommerce online shopping cart software as well.
Depending on your business, you may need a different solution. Again, consult with your lawyer! If you need help with creating a form on your website, let us know.
To find your guide, when you are logged into your WordPress dashboard, visit: www.YOURDOMAIN.com/wp-admin/tools.php?wp-privacy-policy-guide=1
This service is a paid service at $27 per year. Get a 10% discount with our link: http://iubenda.refr.cc/PVPZR6N
If you need assistance in choosing what plugins, tools and software is used on your website, we’re here to help!
GDPR Compliance for Your WordPress Website
The beauty of having a WordPress built website is the amazing amount of resources available from the WordPress community, including software updates and the number of plugins for GDPR compliance.
Here are a few plugins options for GDPR and specific areas of your website:
WP GDPR Compliance (for forms)
Depending on your business and the suggestions or your lawyer, you may need a Cookie Solution that allows visitors refuse third party non-functional cookies.
As a note, many of the plugins we currently use are making updates to the plugin itself to ensure GDPR compliance right within the plugin.
An Important Step You Can’t Miss!
Keeping Your Website Secure and Up To Date
Along with GDPR responsibilities comes the security and safety of your website for your visitors. If you’re a Care Plan client at RV Tech Solutions, we work with you to keep your website up-to-date and secure. Of course you have a responsibility to care for your website and data, passwords and general web security as well. This list of important steps to keep your WordPress website secure and compliant from WooCommerce offers a great checklist.
One of the continuing responsibilities of your “designated Data Protection Officer” is to ensure that your site is as secure as possible, which includes:
- Ensuring that your site is always using the latest version of WordPress.
- Ensuring that your site is always using the latest versions of WooCommerce and any other plugins.
- Deactivating and removing unneeded plugins or themes.
- Making regular, secure backups of your website data, especially WooCommerce data.
- Exporting and archiving completed orders to secure storage. The less data stored on your website, the less exposure you have — and the fewer customers you need to notify in the event of a breach.
- Requiring strong, unique passwords on all WordPress accounts.
- Limiting the number of people with access to wp-admin.
- Making sure each employee has a separate login. No shared accounts!
- Removing accounts immediately when employees or contractors leave your company.
Should your website encounter a security breach, learn more about the steps that need to be taken to comply.
Remember that privacy isn’t a one time effort. It’s part of the ongoing maintenance for your business.
If you’re a Care Plan member and would like assistance is adding these tools to your website? Send us a request through your support portal!
If you’re not part of our Website Care Plan, now is a great time to join! We’ll work with you (and your lawyer’s recommendations) to get your website up to speed with GDPR compliance and security.
Takeaway: Our Suggested Action Items
- Create a form for visitors to request their data, update their data or remove their data and information.
- Add plugins for compliance with web forms and shopping carts as well as a cookie notification options.
- Ensure your website is secure and updated on a regular basis.
If you need assistance with your website and GDPR, complete the form below and we’ll make a plan to get your website GDPR ready!