Why GDPR is important and how it’s going to affect your online business

Why GDPR is important and how it’s going to affect your online business

For some group of people, the right to have privacy is a very sensitive matter. For websites owner in this matter, personal data might be some things that get overlooked by them. Take notice that personal data that you generated from your customers must be used very carefully and based on regulation. So how do we use these data properly? And what kind of law that protect personal data?

What is GDPR

General Data Protection Regulation (GDPR) is a law applies in European Union (EU) that regulates on data protection. It’s a sets of guideline for the collecting and processing individual’s personal information. The regulations focus is to give individuals more control over their personal data and force business to provide transparent data processing. To make it easier we summarize what you should expect from your customers towards their data.

  • Right to access : Access for individual to their personal data and how its being used

  • Right to be forgotten : Individual’s right to have their data deleted

  • Right to be informed : Individuals must be informed how their data being gathered and used

  • Right to object : Individual’s right to stop their data being processed and used

  • Right to be notified : Right to be informed within 72 hours after data breached

For more information you can visit here.

 

When we talk about personal data, people naturally think of the obvious one such as demographic. But customer’s data that you possibly generated from your website is more than that. Here are few data you might have including the obvious one.

  • Name
  • Email Address
  • Physical address
  • Telephone number
  • Order history
  • Adword cookies
  • Remarketing cookies
  • Analytics cookies
  • IP Addresses

If your website is directly impacted by this regulation, meaning that you currently stored and process individual’s personal data based on EU, the law requires you to employ a Data Protection Officer (DPO). How ever this is not obligatory. You can consult with your attorney if you’re in doubt.

So who will be affected by this regulation? Online retailers? E-commerce? Does WordPress GDPR compliance? In this article we will explain everything in the simplest way everything you need to know and what you need to do about GDPR on websites powered  by WordPress.

My website is outside of the European Union, Does this really affect me?

Even though this regulation protects data of individuals within the EU, it applies to all enterprises, regardless of the location and business sizes, that are doing business within the European Economic Area. From business perspective, it could affect online business with website such as online retailers and e-commerce platform.

For website owners such as online retailers and e-commerce, a potential European customer should make you take GDPR seriously. To put it plainly, if your website have visitor from EU, then this law applies to you. Regardless of whether you are likely to be affected, there are some measures you should take to avoid the penalties.

Fines and Benefit of GDPR

Basically if there’s a regulation, we need to obey it. If we didn’t obey it, there will be cost and penalties. Same thing applies for GDPR. The maximum fines they could give you is € 20 million or 4% of  global annual turnover. However, they would not directly fined you. First you will get a warning. Then you’ll be given a reprimand. Third would be suspend processing of data about EU citizen. Finally, if you manage to still not obeying the regulation the fines will hit you.

So if i’m obeying this law, is there any benefit that i can get except for avoiding the fines? Well first, by being a GDPR compliance website it helps you improved customer confidence.  It shows your business values the customer and allows them to manage how their data being processed. Having greater customer confidence means they trust you and it reinforce your bond with them. When they trust you, confidence becomes loyalty.

 Then you can use GDPR to increase marketing effectiveness. For example, you are using email marketing for your customer. GDPR requires you to get consent from your customer before sending email to them. It means you’re sending it to people that actually interested. Therefore, you can focus on improving customer relationship and customer satisfaction to people who actually care.

How to make your website GDPR Compliant

Now we manage to the part of how you actually can make your website compliant. But you may have a question in mind, does WordPress GDPR compliant? The answer is yes. The WordPress 4.9.6 Version is GDPR compliant. The WordPress team has added several addition to make sure that WordPress is GDPR compliant. For this section, we will explain everything you need to know, what kind of actions needed and what tools that can assist you for your website to be GDPR compliant.

  • Website Compliant
First would be a simple measurement you can do to your website such as:
  1. Avoid pre-ticked boxes on your website. For example, a pre-ticked box to invite users to subscribe company newsletter
Pre-tick form

2. Granting consent must be simple and specific. For example below, asking a specific permission how to contact the user

GDPR consent

3. Users must be easily remove their consent, for example, unsubscribe company newsletter

withdraw consent

4. Privacy Notice and Term and Conditions must be updated and based on GDPR regulation. It need to be transparent on how you process and use the data. This is a sample privacy notice you can use.

consent gdpr

5. If you’re an e-commerce business, then most likely you will be using payment gateway as your transaction service. Usually some of the user’s data is stored in your website before it passed to payment gateway. Thus, what you need to do is modify the web process to remove any personal data after a reasonable period. E.g. after 60 days.

  • Plugin to assist you become GDPR compliance

Plugins is piece of software that add features or functions into WordPress websites. And these are some plugins that you may added into your website in order to assist you with GDPR compliance.

Privacy Policy Plugin

Well if you own a website, one of the most important thing is Privacy Policy. One of the regulation from GDPR is to make your Privacy Policy transparent which cover the right to be informed. These are some Privacy Policy and Terms of Service generator.

Contact Form

If you’re using a contact form in your website, you may want to make transparent or Privacy Policy Consent. It ask users to give consent for storing and using their personal information. Acceptance checkbox can be put next to “Submit” button.

gdpr field settings

These are some plugins you may used to create contact form:

User’s Access to Delete their Data

One of the GDPR regulation explained on right to access. Basically you must allow your users to access, download and delete their data completely. Delete Me is a free plugin that allow users delete their profile from your website.

Other Plugin to assist you

There are other plugins that may help and assist you over GDPR compliance.

Basically these two will assist you with GDPR compliance.

Give an assistance if you’re using Google analytics (EU compliance addon)

Free plugin to add EU cookie notice. Inform users that your site uses cookies and comply with GDPR regulation.

  • Popular Plugins, are they GDPR compliant?
Previously we’re discussing about plugins that assist you with GDPR compliance. So what about popular plugins that we use to optimize our website. Are they GDPR compliant? Heres are the popular plugins in wordpress that comply on GDPR regulation and their Policy towards GDPR regulation.
  • WooCommerce – WooCommerce is a free ecommerce plugin that help you sells anything on website using WordPress. Read Policy

 

  • Yoast SEO –  Yoast SEO is a WordPress plugins that can assist you in your Search Engine Optimization. Read Policy

 

  • Jetpack – Jetpack plugin provide you service for design, marketing and security in one place. Read Policy

 

  • OptinMonster – OptinMonster is a lead generation software that offer clever targeting features to boost conversion. OptinMonster help grow your email list and subscriber. Read Policy

 

 

 

If you know or use any other plugins that are not mentioned above, it doesn’t mean it’s not GDPR compliant. The list above just mentioned the popular ones. If you want to know more about any plugins that you use currently or in the future and their commitment towards GDPR, you should ask them directly by customer or support service.

Google Analytics

For most website owners, you probably heard about Google Analytics and mosts likely using it. It means you’re taking user data and using cookies without consent. When you generated data from Google Analytics, it means Google is the your Data Processor, while your organization is the Data Controller.

But according to Google, they have been committed towards the GDPR regulation. Read Google commitment towards GDPR. Google said that they will introduced data retention controls that allows you how long your user’s data is being held at Google’s server. Google analytics will automatically delete the user’s data when the data is older than the period you set.

 Google Analytics will also introduced a user deletion tool that allows you to delete all data associated with an individual user. Google Analytics also committed to provide GDPR compliance features such as customizable cookie settings, privacy settings, data sharing control, and IP anonymization.

google analytics

As you can see Google already take some actions in order to comply with GDPR regulation even though some measurements are still in process. Therefore, there are other alternatives and feature you can make use of while using Google Analytics. First would be IP Anonymization. Under GDPR IP address is considered  PII. Thus, to be safe we recommend turning on IP Anonymization.

Second would be using MonsterInsight plugin. MonsterInsight allow you to connect Google Analytics to your WordPress website. And MonsterInsight also provide EU compliance addon that can assist you with GDPR compliance and Google Analytics.

Legal Disclaimer

You need to understand that we are not lawyer. And nothing in this article should considered as legal advice. There’s also no single plugin that can offer 100% GDPR compliance. However, the plugin can be use to assist you. If you have doubt, it’s best to consult with legal advisor or specialist internet law attorney to see if your website comply with the GDPR regulation.

 So whether you’re doing business with Europeans or not, it’s better to be prepared considering this is a legal matter. It’s better to be prepared now rather than being unprepared by the time is coming which can jeopardize your business. First, you may have or given the opportunity to expand your market to europe. Second, with GDPR is out, people is more sensitive about the policy of their data. Sooner or later other region might generate the similar law to GDPR.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Close Menu