Did you know the purpose of countless “Privacy Policy” emails from all the companies several months ago? Well, it was due to the introduction of the GDPR Regulation. Don’t worry if you have no idea about it as I am going to brief you about GDPR, why it is important and how you can make your WordPress site compliant with GDPR.
What is GDPR?
The General Data Protection Regulation is a European Union law to protect user data and privacy across all EU countries.
GDPR has basically put control back to the users over their data and how they want to manage it. As a result, under GDPR law, any company is punishable if they do anything with user data without their consent.
Even if your company is from outside of European Union but as long as you have visitors from EU, your company falls under this GDPR privacy law.
Key Notes:
- Data Protection & Privacy
- Notify users of any Data Breach
- Individual rights to data access, restriction or removal
- Applies to every company having Visitors from EU
- Effective since May 25, 2018
Why is GDPR compliance Important?
If your company falls under the GDPR law and you still haven’t made your site compliance with GDPR, then your company will be in serious trouble sooner or later.
Under the GDPR law, you are obliged to let your users know how you are using their data, why do you need them, what is going to be stored and with providing the right to users so that they can ask for removal of their data.
As per eugdpr.org, if Data Processors fail to notify the Data Collectors and the users after a data breach in 72 hours, it will lead to 2% or more of the company’s yearly revenue. The fine depends on the seriousness of the breach.
Company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment.
Using and processing customer’s data without their consent will lead to a 4% of yearly company’s revenue or even 20 million Euro depending on which one is greater.
Infringements:
- Using User data without their consent
- Violation of User data privacy
- Unlawful processing
- Transferring Personal data to a third party
This is why it is absolutely crucial for your website to comply with GDPR. Don’t sweat too much if you haven’t yet! Cause I am going to now brief you on how you can make your WordPress site compliance with GDPR.
Update WordPress Core:
First thing you must make sure is that you have the latest version of WordPress core (4.9.8) or at least 4.9.6. WordPress has added GDPR compliance in its core from its 4.9.6 release.
- WordPress has added the “Comment Privacy” checkbox in the Comment section asking for user’s permission whether they want their data to be stored or not.
- WordPress now has the built in feature to “Generate Privacy Policy Page” to make its core be compliance with GDPR. You can find this option by navigating to wp-admin -> Settings -> Privacy. You can now set up a Privacy Policy Page through this generator. Privacy Policy page is very crucial so make sure to do this very carefully.
- WordPress has come up with the “Export Personal Data” and “Erase Personal Data” features in the Tools section to comply with GDPR.
There are also many other ways user data can be collected through your WordPress site. For example: Themes, Contact Forms, Subscriptions, Email Marketing, Newsletters, Shopping Carts and more.
So, you should be very careful before using any other Themes or Plugins and make sure that they are compliant with GDPR.
Add a Cookie Notice:
As per GDPR policy, you must inform your users that you are using Cookies in your site. So that, users can be assured that you are not tracking any data without their consent.
WordPress has many plugins to take care of this situation. You can use popular “Cookie Notice” plugins such as:
For instance, you can easily create a Cookie Notice using the GDPR Cookie Consent Plugin. You can also change the Cookie Law Settings and Customize the Cookie Bar as per your requirements while maintaining GDPR policy.
Use GDPR Compliant Forms:
Almost every websites in the world require Forms for different purposes. So, if you have a plan of using Forms in your site, make your that they are compliant with GDPR policy.
Developers of the respective Plugins have already made their Contact Forms Plugins compliant with the GDPR law. Many of the popular Contact Forms Plugins such as Contact Form 7, Ninja Forms, WPForms, Gravity Forms are already compliant with GDPR.
All you have to do is add a consent checkbox in your forms. For example, You can simply just add the “acceptance” tag in your “Contact Form 7” form and add a condition. This way it would be compliant with GDPR.
Use GDPR Compliant Plugins:
GDPR Compliant Plugins have come up with many features and settings which meet the requirements of GDPR policy.
Key Features:
- User Data access and erase requests
- Data breach notifications
- Cookies and Data consent options
- Compatible with many popular WordPress Plugins
- Privacy Policy
You can use one of these following GDPR Compliant Plugins to make your a life a little bit easier:
- Complianz GDPR
- GDPR
- The GDPR Framework By Data443
- WordPress GDPR
- WP GDPR Compliance Suite WordPress Plugin
Using one of these Plugins would come very handy for your site and make your site compliant with GDPR.
Summary:
Overall, GDPR policy is a great step in the right direction for transparency in handling user data. This is going to help gaining users trust in the companies.
To wrap this up, GDPR compliance with your site is an absolute must. It’s not something to be taken lightly at all. If your site is not yet compliant with GDPR, start doing it by following the steps I have mentioned above. This is gonna be a good way to start.
Disclaimer: Following these steps might not 100% compliant with GDPR depending on your policies and use-cases. So, I would highly recommend you to consult a Lawyer to make sure your site is fully compliant with GDPR.
