We have created this blog to help you get a better understanding of GDPR,
However, we are not lawyers and take no responsibility for the advice provided.
What is GDPR?
In 2016, the European commission approved a new General Data Protection Regulation (GDPR). In short, GDPR states that if a website collects or stores data related to an EU citizen, you must comply with the following:
- Tell the user who you are, why you collect the data, and also how long it will be stored.
- Get clear consent before collecting any data.
- Let users access or delete their data
- Let users know if data breaches occur
This means that citizens have more control over their data and business benefits from a level playing field. One set of rules for all companies operating in the EU, wherever they are based.
When does GDPR start?
GDPR comes into effect across the EU on 25th May 2018
Why is GDPR Important?
GDPR has added stronger rules on data protection. In turn the cost of non-compliance has increased. Now with fines up to £20 million or 4% of global annual turnover.
According to the European commission, the process for non-compliance is as follows;
The important thing to note here is that if you are not fully compliant with GDPR the first stage is a warning.
What is the definition of “personal data”?
Under GDPR, personal data is any information relating to an “identifiable person”. Identifiable information includes things such as a name, location, ethnicity or political standing. Data doesn’t have to be confidential or sensitive to qualify as “Personal”.
When looking at most websites, personal data will include:
- Blog/post comments (name, email, IP)
- Traffic stats plugins/tools such as Google Analytics
- 3rd party hosted services such as jet pack.
- Email signup forms such as Mail Chimp or Feedburner
- Contact Forms
- Issues relating to the location of your server or Webhost. E.g. data is transferred outside of the EU.
How do you become GDPR Compliant?
The good news here is that WordPress is working on updates to help make your site GDPR compliant behind the scenes. Adding in a new checkbox to their standard comments form on blogs. Which asks commenters for consent to set the comment cookies. This will help make the core of your site compliant however there are other features you should look into to ensure you are 100% compliant.
- If you gather email addresses as part of a newsletter or subscription service, you must provide the ability for people to opt-out or unsubscribe. If you are using a third party email service such as mail chimp, you wont need to worry about this because they will provide the settings for you.
- Ensure that your website is on Https rather than http, contact your host if you need help with this. Or contact us.
- Ensure that WordPress is updated to the latest version
- Ensure that all themes and plugins are updated to the latest version. Enable automatic updates if possible. (However, Consult your web developer first. To ensure 1, that your site is backed up first 2, that an update will not break your website.
- If you use Google Analytics, then you must enable certain options to ensure you are compliant. More information regarding this can be found here https://medium.com/@subsign/google-analytics-and-gdpr-compliance-3fad792babf5
- If you use third party plugins on your website, ensure that they are still being maintained by the author. If they are not you could be at risk of a security threat.
For more information regarding this, please contact us.
Know a website owner? Ensure to share this guide with them.
For more information regarding GDPR click here. http://ec.europa.eu/justice/smedataprotect/index_en.htm
If you struggle or need help with any of these steps please don’t hesitate to contact us.