WHAT IS GDPR?

GDPR stands for “General Data Protection Regulation”. This regulation is a law passed by the EU in 2016. The basic premise is that it gives the right to manage personal data to the person to whom it belongs. Beginning on May 25, 2018, countries in the EU will enforce this law.

HOW DOES THIS AFFECT ME?

So many have asked why this matters to people in the United States since this is an EU law. Here is the catch, even if you are an American and you capture information about an EU citizen, you are bound by the law. The World Wide Web is just that… it is worldwide. While it is likely that many sites do not have users from the EU submitting information on the site, many website owners are choosing to come into compliance just to be safe.

CAN I JUST IGNORE THIS?

If you are certain that you will never have a user from the EU complete a form and give personal information, then you do not need to worry about GDPR.

WHAT IS WORDPRESS DOING ABOUT THIS?

WordPress is including new features in a core update that will be available shortly before the deadline. This update will have tools that will allow you to easily comply with the data access requirement of GDPR. The new WordPress release will also have an easy to use template that will assist you in creating a Privacy Policy that meets the needs of GDPR.

THERE ARE 3 MAJOR SECTIONS TO GDPR.

  1. Consent & Privacy – Website users must give consent to use personal information and a privacy policy must show how you use their personal information.
  2. Data Access & Portability – Website users must have the ability to view, make changes, and take personal data with them.
  3. Right to be Forgotten – Website users have the right to request the removal of all personal information from a site.

*WHAT ACTIONS SHOULD I TAKE IF I WANT TO COME INTO COMPLIANCE?(CHECKLIST)

  1. ____ Review and accept the updated data processing terms in your Analytics account(s). Google Analytics has provided some support instructions here.
  2. ____Provide your legal entity and contact details to Google in case they need to send notifications under the GDPR. There were instructions in an email sent to the Google Analytics contact person. The subject line of the email is “[Important Notice] Data processing terms for the General Data Protection Regulation (GDPR) available for review/acceptance”.
  3. ____Verify your data retention settings with Google Analytics. IMPORTANT – Google has changed the data retention settings to delete Analytics data after 26 months by default. If you want to keep historical analytics data on your website, you must go in and change that back to “no expiration”. An email was sent from Google with the subject line “[Important Reminder] Review your data retention settings before they take effect on May 25, 2018” with specific instructions.
  4. ____Create a Privacy Policy that is easily accessed from the footer of your website. The next update of WordPress will have a Privacy Policy template that you can use. Until then, you can use the Privacy Policy Tool that RadiateWP has created.
  5. ____Add a checkbox to your forms (including contact us forms) that serves as an opt-in field saying that the user gives permission to process information for the purpose of X according to the site’s privacy policy. The checkbox must initially be empty so that the user must check the box to opt-in.
  6. ____Install a Cookie warning plugin. Note – You may install this in such a manner that it only shows for users who visit your site from the EU.

OTHER IMPORTANT THINGS TO KNOW.

  • The elements of GDPR that cover Data Access and Portability and the Right to be Forget require that a website user has access to be able to see where on your website you store their personal information and the ability to delete that information at any time. WordPress and many of the plugins and third-party services are working on systems that will allow you as a website owner to comply with this request.
  • In the event that someone hacks your website, you must report this to every person that you have collected personal data from within 72 hours.

IMPORTANT – There are many services impacted by GDPR. This article mentions Google Analytics because it is on almost every website. Google has additional services (Adwords, Tag Manager, etc.) that have additional implications for GDPR. In addition, if you use a third-party email service such as Constant Contact or MailChimp, this is also greatly impacted.  The possible services affected are far too numerous to mention here in one page. In general, please do not ignore any emails from these services when it comes to GDPR. Read them and understand what you need to do to be in compliance with GDPR.

RadiateWP and our staff are here to assist you with all of your website needs. However, we are unable to accept the Google consent form on your behalf (#1 above). This is a step that you must complete on your own. If you would like our assistance, please email our support team at [email protected].

*These recommendations based on a site that uses Google Analytics. There are many additional third party services and plugins that will impact the steps necessary for GDPR compliance. This page does not constitute legal advice. We recommend that you consult an attorney for information that is specific to your site.