GDPR Compliance & Your WordPress Site
So far I’ve been resisting jumping into the fray about GDPR. Originally because I am a US company that doesn’t market or have clients in the EU… but I’m realizing that I don’t necessarily know who is on my site or who is (or going to) opt in to my mailing list. I did however, update my Privacy Policy and in addition, created a ‘Plain English‘ version. I think it is a good idea for transparency anyway and it shows compliance with the spirit of GDPR.
But because I do create, develop, and host WordPress sites for clients and I want to start them off in compliance (in addition aid current clients in becoming compliant as well), I’m tackling it. I don’t think this is something that’s going away (and may be the wave of the future). This is NOT a definitive solution article, but one that will aid you in finding what you need.
So today (on the eve of the May 25th deadline for EU compliance), I’ve been cramming for information to guide you, while making certain you understand there are way better places to find more information on how to comply. I’ll be updating this as I understand more and share any ‘silver bullet’ solutions come up.
WHAT IS GDPR?
GDPR stands for “The General Data Protection Regulation” a privacy law from the European Union that goes into effect May 25, 2018. Even though it’s a European Union law, all online entrepreneurs need to be paying attention because the GDPR will mean major changes for the way we operate, collect information, track visitors to our website and handle and store personally identifiable information and much more (that’s the very abridged version).
DISCLAIMERS: I am from four generations of NY lawyer, however none of this is legal advice. That being said, the majority of my clients are US companies conducting business with US citizens but may end up with EU citizens on their site or on their list and my best advice is get knowledgeable, get in front of what you need to do and make a good faith effort in that direction.
First off, here are some excellent articles to explain what GDPR is and what you must do (again operate in EU and/or market and/or have clients or a mailing list with EU persons). This might be the wave of the future, so get knowledgeable.
- Excellent definition article HERE and specifically addresses WordPress potential issues.
- The Ultimate Guide to GDPR from WPBeginner
- Another article HERE with resource links
- Article HERE for WordPress.org regarding GDPR and WooCommerce for those of you using it.
And here is an awesome video by Adam of WPCrafter.com (his videos and how-to’s for WordPress for non-techies are gold). He has some links as well under his video.
- In addition here is an article by WPTavern on the updates WordPress has made that Adam also goes over in his video that will help you write a Privacy Policy and aid you in complying with giving members and visitors access to the information you’ve collected about them and the ability to remove it (GDPR requirements).
At the very least, if you have any tracking code, collect emails or even allow ‘commenting’ on your blog, you will need a Privacy Policy that explains what you are tracking and what is done with this information.
Personally, I use www.FreePrivacyPolicy.com and in addition, I wrote a ‘plain English’ one based on the Privacy Policy that is auto-generated for you in the latest version of WordPress (see Adam’s video). I’ll be discussing it more inside my Facebook Community and offering more resources and sharing what I am doing.
Plain English fixes you might need to do:
- Have a contact form that persons can request what information you have about them (WordPress’s new ‘Tools’ menu has resources to send that information and to delete it).
- Create a Privacy Policy (again, from the new ‘Settings’ option labeled Privacy).
- If you give a ‘gift’ or download, etc. in return for an email, you need to specifically ask their approval to then market to them (newsletters, etc.). And they must be able to give their email and not be opted in for general distribution… that’s big. It will may change how you use ‘lead magnets’ (lead magnet = gift in return for an email to build your list).
- If you are running analytics or the Facebook pixel code on your site or any other 3rd party software that collects information or tracks, you need to know what they are and how the information is stored and what you are doing with it and (in the future) you may be asked to turn off ‘automatic’ tracking without consent for persons coming to your site (my understanding is that automatic consent isn’t required by May 25th and is still in the air). This information needs to be in the Privacy Policy.
So, confused yet? Those are the major ones I have worked towards by tomorrow May 25th. I will be updating this article and adding additional ones as I have things to share that will help you.
Until then, take care!
Join my free community of Kick A@@ bloggers on Facebook here! I'd love to discuss setting up a new blog for you or a blog refresh! Click here to see more or set up time to talk.