There’s been a lot of recent news about the General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018. The GDPR will have implications for all website owners, even those with U.S.-based companies. Below we’ve compiled a basic review of the GDPR & how to upgrade your website in order to stay in compliance & avoid potential financial penalties.
What is the GDPR?
The GDPR sets new standards for what data is collected on a website, how it is collected, and what is done with that data.
The law was written with very broad language. It will affect:
1) all organizations established in the EU
2) all organizations that process the personal data of EU citizens, regardless of where the organization is established.
The term “personal data’ in the law has been expanded from just common information (name, email, phone number) and it now includes IP addresses, behavioral data, and financial information.
This means that the law sets standards for some of the following:
- how cookies are set up on your website
- how you track a visitor on your site
- how forms are set up on the site
Does this affect your business?
Because of the broad nature of the law, any U.S-based company that processes the personal data of EU citizens may be required to comply with GDPR or face financial penalties as high as 20 Million Euros or 4% of global annual turnover.
- If your business is located in the E.U. or sells products/services to E.U. markets, it’s highly recommended that you consult legal counsel on GDPR compliance and get your website updated as soon as possible.
- If your business is located in the U.S, although the enforcement process of the GDPR is unclear, it’s recommended that you implement the best practices below.
GDPR Best Practices for WordPress
We’ve compiled the following recommendations to get your WordPress website updated for GDPR standards. You can reference the full list of GDPR requirements here.
1. Set Up the WordPress GDPR Plugin
The WordPress GDPR plugin helps you implement many of the requirements under GDPR, including:
- Cookie preference & opt-out link
- Rights to erasure & deletion of website data
- Pseudonymization of user website data
- Data Processor settings
- And much more. See the full plugin documentation here
BEFORE YOU INSTALL: Get an expert WordPress web developer to install & configure the settings of the plugin to make sure no site issues occur. Contact our team for help.
3. Check Email Newsletter Sign Up Process
Under the GDPR, a visitor needs to provide clear consent that their data can be stored & used by the processor.
If you have forms on your website where a user can join your email newsletter when they are providing information for another matter, you’ll need to either:
- adjust the email signup process to double opt-in where an email is sent to the subscriber to confirm & subscribe OR
- Add a checkbox field to your form with language stating that the visitor is consenting to join your email list. The checkbox cannot be checked by default under the GDPR.
4. Secure Your Site to Prevent Data Breaches
The GDPR has a major focus on data security & how businesses handle a data breach. Under the GDPR, a business must notify all users/customers of a data breach on their website within 72 hours of the breach.
Make sure you are following best practices for security, including:
- 24/7 security monitoring & malware removal
- Secured hosting server for WordPress
- Monthly maintenance by an expert WordPress developer
- SSL certificate
- Regular backup of entire site database
NOTE: If you are part of the TinyFrog hosting & maintenance program, our servers meet all GDPR compliance. Contact our team for more information.
What To Expect
Even though the GDPR enforcement process remains unclear for U.S. businesses, European law tends to set the trend for international privacy regulation.
It is only a matter of time before these standards are adopted in the U.S. and globally. Updating your website now to meet these standards can create a competitive advantage for your business & save time and hassle later.