After waiting for what seems like an eternity, GDPR (General Data Protection Regulation) is finally upon us, it took effect on 25th May 2018.
It may be a punishment from the EU for the BREXIT vote or it may simply be a way of looking after our privacy on the internet but whatever it is, if you own a website, it applies to you.
For those of us without legal training GDPR seems at best difficult and daunting and at worst threatening and very, very scary.
Fortunately, there is a lot of high quality information and guidance available to help you find your way through the GDPR maze and there are tools that will help you implement it.
In this post I’ll share the information and tools that I’ve found useful and mention a few GDPR items related to this website.
My Affiliate Links Disclosure
Hi everyone. Just to let you know that many of the links on this site are my affiliate links. What that means is that if you click one of them and buy something… I get a commission. It doesn’t cost you anything extra and I only recommend things that I’ve tried and tested, so please, please, please… use my links.
Cookies, cookies anyone for cookies?
If you’re running a WordPress website, you need a cookie consent solution – see the quote below from the CookieBot website
A clean version of the WordPress code without plugins doesn’t set any user related cookies. It only sets cookies when a site admin logs into the backend of the system.
In this case, you don’t need a cookie consent on your website, as there are no cookies.Very few people use WordPress in its basic form. Once you start to install plugins on your site, you either need to check the plugins to ensure that they don’t set cookies, or you need to implement a cookie consent function on your site.
Hence, we recommend that you always use a cookie consent solution to ensure that you comply with the GDPR and the EU ePrivacy directive.
For this website I chose the Cookie Notice by dFactory plugin as my cookie consent solution.
This plugin has 600,000+ Active installations, a five star rating and is super easy to setup.
I’ve configured the plugin to have an orange background, display an I ACCEPT button for cookies and to provide a button link to my Privacy Policy page.
I would tell you about my new Privacy Policy… but it’s private
Once you’ve added your cookie consent solution, you need to add a Privacy Policy relevant to your site.
For my Privacy Policy I used the WordPress built-in privacy policy generator in conjunction with the Privacy Policy guide.
The Privacy Policy template can be found under Settings > Privacy.
I worked my way through the various headings, adding / changing text as necessary and deleting headings that don’t apply to this site.
Divi Theme is a fairly simple site from a privacy point of view but if you have an eCommerce site or engage in more complex collection or processing of personal data, you would have to look in detail at the sections for “data protection” and “data breach procedures”.
I’ve linked to my Privacy Policy from my main menu and from my Cookie Notice bar but you could have a link in your footer or anywhere where it’s obvious and easy for your visitors to find.
With a little help from my friends – GDPR tools provided by WordPress
WordPress 4.9.6 was released on 17 May 2018 and it came with three specific GDPR tools:
#1 – Comments Consent
WordPress used to store the commenter’s name, email and website as a cookie on the user’s browser. This made it easier for users to leave comments on their favourite blogs because those fields were pre-populated.
In order to comply with GDPR’s consent requirement, WordPress has added a “comment consent checkbox” to the comments form with the text “Save my name, email, and website in this browser for the next time I comment”.
If the user leaves a comment without checking this box, they have to manually enter their name, email, and website next time they leave a comment.
#2 – Data Export and Erase Features
WordPress has added Data Export and Erase Features in order to comply with GDPR’s data handling requirements and comply with users’ requests for exporting and/or removing personal data.
These data handling features can be found under the WordPress Tools menu from inside the WordPress dashboard.
#3 – Privacy Policy Generator
WordPress now comes with a built-in privacy policy generator, which can be found under Settings > Privacy.
It offers a pre-made privacy policy template and provides guidance on how you can modify it for your own website GDPR compliance.
The driving force behind the Privacy Policy is to be more transparent with your users in terms of what data you store and how you handle that data.
These three tools aren’t enough to make your WordPress website GDPR compliant but they will get you moving in the right direction.
Subscribing to Divi theme
When you subscribe to Divi Theme, you are added to my MailChimp mailing list. This list is used to deliver published posts to subscribers. Each notification has an unsubscribe link at the bottom, which you can click to unsubscribe from the list.
This list is used solely to inform subscribers of recent posts and we do not use it for any other purpose or share it with any third party.
If you want to know more, please read my full Privacy Policy.
GDPR resources – a little light reading
There are lots of GDPR resources out there and I mean a lot, but these are the ones that I’ve found useful.
- The best general introduction to GDPR for WordPress websites – is this post from the guys over at wpbeginner: The Ultimate Guide to WordPress and GDPR Compliance – Everything You Need to Know
- The best discussion of Cookie Notice plugins – is this post: 4 Best Free Privacy, GDPR, Cookie Consent Plugins For WordPress
- The best introduction to using the new WordPress GDPR tools – is this video: WordPress Update 4.9.6 – It’s The WordPress GDPR Tools Update We’ve All Been Waiting For
Those are the best resources that I’ve found but if you have your own favourites, please let me know in the comments below… after you’ve checked the “comment consent checkbox” of course.
This is just my take on GDPR – but what do I know?
GDPR took effect on 25th May 2018 so we are all still trying to figure out what it means and how it will impact our websites.
Two things to bear in mind are: if you own a website, you can’t just ignore GDPR and a more comforting thought is that if you do a little reading and use the available tools, it’s not that hard to make your site compliant.
Don’t forget folks, I have no legal qualification so this is just my take on GDPR and nothing in this article should be considered legal advice.
If in doubt, you should consult a specialist internet law attorney to determine if you are in compliance with all applicable laws for your jurisdictions and your use cases.
And finally, I leave you with a quote from the guys over at wpbeginners, which, in a nutshell, tells you what GDPR is all about:
To put it in plain English, GDPR makes sure that businesses can’t go around spamming people by sending emails they didn’t ask for.
Businesses can’t sell people’s data without their explicit consent (good luck getting this consent).
Businesses have to delete user’s account and unsubscribe them from email lists if the user ask you to do that.
Businesses have to report data breaches and overall be better about data protection.
The Ultimate Guide to WordPress and GDPR Compliance – Everything You Need to Know
Credits:
My thanks and gratitude to Pixabay for the header graphic used in this post.
