Had random email recently from a company that you dealt with in the past! Requesting approval to keep your details on file! Most likely prompted by GDPR compliance requirements. In a nutshell, GDPR is one of the most important privacy changes in the last 20 years. This legal rule protects all European state persons and their online activities. It affects the use, handling and storage of personal information. Please note, this is not a legal document and does not cover the entirety of GDPR compliance. That that would take more than on a quick blog. Please visit the relevant governing websites for further accurate information.
So what do you need to do to be GDPR compliant
Any information taken from the website user is a privacy issue. This can include online forms, inquiries, interactions, cookies and also browser read information. Information may include their age, sex, demographics, interests, websites visited, social media interactions. Google analytics and associated advertising networks can target audiences. Most websites use some sort of tracking. Used to analyze the website performance and what audience they are reaching. It also helps show how that audience interacts with the site. For a more detailed GDPR overview please visit https://eugdpr.org/. Also, visit the 2018 reform of EU data protection rules.
Acceptance, opting in and out!
Once accepted to the privacy, cookie or terms the user allows the information to be collected. But handling this information with the correct procedure is vital. It also cannot be distributed without consent. If the website user signs up to any subscription, newsletter or similar. They have the right to easily change their preference. And retract permission to be contacted or notified in the future.
Use a plugin to help stay GDPR compliant
There are WordPress plugins to assist with adding check-boxes to forms. Including WP Forms (built in) or WP GDPR Compliance for Contact Form 7, Gravity Forms, WooCommerce, or WordPress Comments. All tick boxes should be empty and need the website user to tick or accept. So no pre-filled approvals!
Notify the user before activating any Google analytics code or other cookie script has started. To do this a pop-up acceptance box or similar is required. If your already using MonsterInsights then this has an optional EU compliance add-on. Or if not you could have a look at Cookie notice WordPress plug-in.
Geographically block regions such as Europe
Another option is to remove your website from being available from a region or area i.e. Europe. Website hosts and also Content Delivery Networks (CDNs) can enable geo-location. With this functionality enabled an access rule can be created to challenge or block access from a certain region. Cloudflare on the enterprise plan offer geolocation. This can be used to set up country blocking and remain GDPR compliant. But, you will lose a large audience!
They accepted your site privacy! Now what?
So what to do with the information? You cannot pass their information onto or use without explicit consent from the user. The rules are very strict governing how the information is used. Every person handling any data should be trained. Knowledgeable about the rights and responsibilities relating to GDPR. Many large companies run training courses. All the employees that may have access at any level of the business attend training.
Securing personal data!
Information must be secured from external sources i.e. theft. So if the website user’s information is on your host i.e. WordPress database of similar. Then your website access should be restricted to authorized & GDPR trained personnel only. A strong WordPress username and password are essential. Along with layers of protection to protect from security breaches. Such as probing, brute force and other hacking or a security breaches.
The security breach, raise the alarm!
If you do have a breach of security then you will have to investigate and also notify all the affected users and explain how the breach occurred. This alone could cost a small fortune to forensically trace the breach. Any unused information should be audited and deleted, this also helps minimize the risk of a data breach
What can be asked for by the website user
After providing permission and collecting the website users information. That user can contact and request a copy of the submitted information. How this information is used, kept and secured and request for a copy of the information. Users can also request for the records amended. Or for their records sent to a third party, retract permission or deleted.
If your privacy rules, terms and conditions or how you collect information changes. You are required to contact the website users to notify of these changes.
Take the time to get compliant or face the possible risk of huge fines. Large cooperation’s & businesses are taking GDPR seriously along within the know companies and so should you!
Here is a GDPR compliant checklist to help becoming up to date and compliant