What is GDPR?
GDPR is a General Data Protection Regulation. This regulation is approved in April 2016 by European Parliament. This will be forced to follow on 25 May 2018 and none of us have any excuse for not following it. This mainly affects the websites which gather personal data from the user. Its primary focus is to give control back of personal data to European citizens.
- WordPress and GDPR
- Instruction to Website Owners By GDPR
- Instruction to Web Developers By GDPR
What is personal data?
The personal data you provide on websites are:
- Health information
- Cultural profile
- Online identification
- Much more
GDPR and WordPress
It is important for all WordPress websites to consider the GDPR compliance. The main focus of the team is to create privacy tool, documentation, plugin guidelines, and comprehensive core policy. The GDPR compliance team is searching for the developers for help to test these privacy tools that are being developed in WordPress core.
A roadmap has been created by the team that they will update on the basis of plugin developer’s feedback.
- Define that how the plugins handle users personal data.
- How plugin developers use file builder
- Visual guidance will be provided for every installed plugin
- The user data that is being stored in plugin must have an administrative overview
- Give administrative way to the data that is sent or delete on the particular user upon request.
Instructions to Website owners
The main focus of the GDPR is contact forms, analytics, and e-commerce website where most of the data is entered. The GDPR for WordPress websites in regards to collecting data of EU citizens includes the key points of obligations for website owners.
- Before collecting any data get a clear consent of the user.
- Inform users about any breach that occur.
- Inform the user about everything, who you are, why do you collect data and for how long you are going to use it.
- Give user complete control to access and take their data.
- Give the user right to delete their data.
Using the contact form on your website
The personal data entered in the contact forms of the website is protected by the data protection legislation but the GDPR emphasis on extra protection on the individual’s data.
GDPR emphasis on to give the right to the user to control data. Main points to focus on while adding the contact form on the website:
- Tell your user why you are collecting and how you are going to use the data.
- While sending email to any user tell them why are you emailing them and how you get their data and give the user the right to unsubscribe that means completely delete their data on their request.
- Give the double opt-in to ensure the user that you have informed consent.
- Do not share data without the user’s permission. If you want to share the data ask for the permission first.
- Use only GDPR compliant form plugins.
Using Analytic Data
Analytic is used to track data and measure website performance. The GDPR also monitors this data, only if you are using this data to track an individual. If you are using analytics keep these two things in mind.
- Do not use this software to track IP addresses.
- Do not use this software to track individual user data.
Using E-Commerce Website
You collect more data when you are operating an e-commerce website. With the names and email addresses, you also collect credit cards data and home address.
Follow these instructions if you are using e-commerce website:
- First, follow the points discussed above in contact form.
- Avoid collecting financial data and use service providers to collect payment.
- Using data for other purposes you collected in the sales process, first inform the user while collecting data and give them the option to opt-out.
- If the data is stolen or lost on your website tell your user as soon as possible and give them access to delete their data.
- Use GDPR compliant e-commerce plugin.
- Add an “My Account” page that can be easily accessible on your website for the user to access or delete their data.
Instruction to Web Developers
GDPR not only applies to website owners but also applies to the developer whether he is a website, plugin or theme developers. Developers also have the responsibility to create compliant code. GDPR will affect the developer when they are creating a theme or plugin which include form regarding personal data. The developer must have to ensure that the data they use of client is fully secure and can be deleted after delivery.
The main points for developers to consider while using third party plugins and themes or developing new themes and plugins.
- If you collect personal data while developing or testing make sure you delete it.
- Upon delivering a website to the client make sure that the data you collected goes back to the client.
- While installing or configuring plugins or themes follow the guidelines for the website owners.
- If you use personal data in the code make sure to include option how the data will be used for the website owner.
- Include an opt-out option for the users if your code sends the data to other API.
- Don’t gather the unnecessary data for your code.
You must follow the rules mentioned above to work properly in future. The compliance is being monitored by the Data Protection Authority; their work is coordinated at EU-level. The cost of not following the rules can be high. First, they give you warning then they scold, if you still don’t follow the rules then you will be suspended for data processing and fined up to €20 million or 4% of global annual turnover.
Want to Update Website
Want to update your website plugins or themes but have no time, we will help you with our best installation and customization service.