For some group of people, the right to have privacy is a very sensitive matter. For websites owner in this matter, personal data might be some things that get overlooked by them. Take notice that personal data that you generated from your customers must be used very carefully and based on regulation. So how do we use these data properly? And what kind of law that protect personal data?
What is GDPR
General Data Protection Regulation (GDPR) is a law applies in European Union (EU) that regulates on data protection. It’s a sets of guideline for the collecting and processing individual’s personal information. The regulations focus is to give individuals more control over their personal data and force business to provide transparent data processing. To make it easier we summarize what you should expect from your customers towards their data.
Right to access : Access for individual to their personal data and how its being used
Right to be forgotten : Individual’s right to have their data deleted
Right to be informed : Individuals must be informed how their data being gathered and used
Right to object : Individual’s right to stop their data being processed and used
Right to be notified : Right to be informed within 72 hours after data breached
For more information you can visit here.
When we talk about personal data, people naturally think of the obvious one such as demographic. But customer’s data that you possibly generated from your website is more than that. Here are few data you might have including the obvious one.
If your website is directly impacted by this regulation, meaning that you currently stored and process individual’s personal data based on EU, the law requires you to employ a Data Protection Officer (DPO). How ever this is not obligatory. You can consult with your attorney if you’re in doubt.
So who will be affected by this regulation? Online retailers? E-commerce? Does WordPress GDPR compliance? In this article we will explain everything in the simplest way everything you need to know and what you need to do about GDPR on websites powered by WordPress.
My website is outside of the European Union, Does this really affect me?
Even though this regulation protects data of individuals within the EU, it applies to all enterprises, regardless of the location and business sizes, that are doing business within the European Economic Area. From business perspective, it could affect online business with website such as online retailers and e-commerce platform.
For website owners such as online retailers and e-commerce, a potential European customer should make you take GDPR seriously. To put it plainly, if your website have visitor from EU, then this law applies to you. Regardless of whether you are likely to be affected, there are some measures you should take to avoid the penalties.
Fines and Benefit of GDPR
Basically if there’s a regulation, we need to obey it. If we didn’t obey it, there will be cost and penalties. Same thing applies for GDPR. The maximum fines they could give you is € 20 million or 4% of global annual turnover. However, they would not directly fined you. First you will get a warning. Then you’ll be given a reprimand. Third would be suspend processing of data about EU citizen. Finally, if you manage to still not obeying the regulation the fines will hit you.
So if i’m obeying this law, is there any benefit that i can get except for avoiding the fines? Well first, by being a GDPR compliance website it helps you improved customer confidence. It shows your business values the customer and allows them to manage how their data being processed. Having greater customer confidence means they trust you and it reinforce your bond with them. When they trust you, confidence becomes loyalty.
Then you can use GDPR to increase marketing effectiveness. For example, you are using email marketing for your customer. GDPR requires you to get consent from your customer before sending email to them. It means you’re sending it to people that actually interested. Therefore, you can focus on improving customer relationship and customer satisfaction to people who actually care.
How to make your website GDPR Compliant
Now we manage to the part of how you actually can make your website compliant. But you may have a question in mind, does WordPress GDPR compliant? The answer is yes. The WordPress 4.9.6 Version is GDPR compliant. The WordPress team has added several addition to make sure that WordPress is GDPR compliant. For this section, we will explain everything you need to know, what kind of actions needed and what tools that can assist you for your website to be GDPR compliant.
- Website Compliant
4. Privacy Notice and Term and Conditions must be updated and based on GDPR regulation. It need to be transparent on how you process and use the data. This is a sample privacy notice you can use.
5. If you’re an e-commerce business, then most likely you will be using payment gateway as your transaction service. Usually some of the user’s data is stored in your website before it passed to payment gateway. Thus, what you need to do is modify the web process to remove any personal data after a reasonable period. E.g. after 60 days.
- Plugin to assist you become GDPR compliance
Plugins is piece of software that add features or functions into WordPress websites. And these are some plugins that you may added into your website in order to assist you with GDPR compliance.
These are some plugins you may used to create contact form:
User’s Access to Delete their Data
One of the GDPR regulation explained on right to access. Basically you must allow your users to access, download and delete their data completely. Delete Me is a free plugin that allow users delete their profile from your website.
Other Plugin to assist you
There are other plugins that may help and assist you over GDPR compliance.
Basically these two will assist you with GDPR compliance.
Give an assistance if you’re using Google analytics (EU compliance addon)
- Popular Plugins, are they GDPR compliant?
If you know or use any other plugins that are not mentioned above, it doesn’t mean it’s not GDPR compliant. The list above just mentioned the popular ones. If you want to know more about any plugins that you use currently or in the future and their commitment towards GDPR, you should ask them directly by customer or support service.
For most website owners, you probably heard about Google Analytics and mosts likely using it. It means you’re taking user data and using cookies without consent. When you generated data from Google Analytics, it means Google is the your Data Processor, while your organization is the Data Controller.
But according to Google, they have been committed towards the GDPR regulation. Read Google commitment towards GDPR. Google said that they will introduced data retention controls that allows you how long your user’s data is being held at Google’s server. Google analytics will automatically delete the user’s data when the data is older than the period you set.
Google Analytics will also introduced a user deletion tool that allows you to delete all data associated with an individual user. Google Analytics also committed to provide GDPR compliance features such as customizable cookie settings, privacy settings, data sharing control, and IP anonymization.
As you can see Google already take some actions in order to comply with GDPR regulation even though some measurements are still in process. Therefore, there are other alternatives and feature you can make use of while using Google Analytics. First would be IP Anonymization. Under GDPR IP address is considered PII. Thus, to be safe we recommend turning on IP Anonymization.
Second would be using MonsterInsight plugin. MonsterInsight allow you to connect Google Analytics to your WordPress website. And MonsterInsight also provide EU compliance addon that can assist you with GDPR compliance and Google Analytics.
You need to understand that we are not lawyer. And nothing in this article should considered as legal advice. There’s also no single plugin that can offer 100% GDPR compliance. However, the plugin can be use to assist you. If you have doubt, it’s best to consult with legal advisor or specialist internet law attorney to see if your website comply with the GDPR regulation.
So whether you’re doing business with Europeans or not, it’s better to be prepared considering this is a legal matter. It’s better to be prepared now rather than being unprepared by the time is coming which can jeopardize your business. First, you may have or given the opportunity to expand your market to europe. Second, with GDPR is out, people is more sensitive about the policy of their data. Sooner or later other region might generate the similar law to GDPR.