After waiting for what seems like an eternity, GDPR (General Data Protection Regulation) is finally upon us, it took effect on 25th May 2018.

It may be a punishment from the EU for the BREXIT vote or it may simply be a way of looking after our privacy on the internet but whatever it is, if you own a website, it applies to you.

For those of us without legal training GDPR seems at best difficult and daunting and at worst threatening and very, very scary.

Fortunately, there is a lot of high quality information and guidance available to help you find your way through the GDPR maze and there are tools that will help you implement it.

In this post I’ll share the information and tools that I’ve found useful and mention a few GDPR items related to this website.

My Affiliate Links Disclosure

Hi everyone. Just to let you know that many of the links on this site are my affiliate links. What that means is that if you click one of them and buy something… I get a commission. It doesn’t cost you anything extra and I only recommend things that I’ve tried and tested, so please, please, please… use my links.

Cookies, cookies anyone for cookies?

If you’re running a WordPress website, you need a cookie consent solution – see the quote below from the CookieBot website

A clean version of the WordPress code without plugins doesn’t set any user related cookies. It only sets cookies when a site admin logs into the backend of the system.
In this case, you don’t need a cookie consent on your website, as there are no cookies.

Very few people use WordPress in its basic form. Once you start to install plugins on your site, you either need to check the plugins to ensure that they don’t set cookies, or you need to implement a cookie consent function on your site.

Hence, we recommend that you always use a cookie consent solution to ensure that you comply with the GDPR and the EU ePrivacy directive.

CookieBot website

For this website I chose the Cookie Notice by dFactory plugin as my cookie consent solution.

This plugin has 600,000+ Active installations, a five star rating and is super easy to setup.

I’ve configured the plugin to have an orange background, display an I ACCEPT button for cookies and to provide a button link to my Privacy Policy page.

I would tell you about my new Privacy Policy… but it’s private

Once you’ve added your cookie consent solution, you need to add a Privacy Policy relevant to your site.

For my Privacy Policy I used the WordPress built-in privacy policy generator in conjunction with the Privacy Policy guide.

The Privacy Policy template can be found under Settings > Privacy.

I worked my way through the various headings, adding / changing text as necessary and deleting headings that don’t apply to this site.

Divi Theme is a fairly simple site from a privacy point of view but if you have an eCommerce site or engage in more complex collection or processing of personal data, you would have to look in detail at the sections for “data protection” and “data breach procedures”.

I’ve linked to my Privacy Policy from my main menu and from my Cookie Notice bar but you could have a link in your footer or anywhere where it’s obvious and easy for your visitors to find.

With a little help from my friends – GDPR tools provided by WordPress

WordPress 4.9.6 was released on 17 May 2018 and it came with three specific GDPR tools:

    #1 – Comments Consent

    WordPress used to store the commenter’s name, email and website as a cookie on the user’s browser. This made it easier for users to leave comments on their favourite blogs because those fields were pre-populated.

    In order to comply with GDPR’s consent requirement, WordPress has added a “comment consent checkbox” to the comments form with the text “Save my name, email, and website in this browser for the next time I comment”.
    If the user leaves a comment without checking this box, they have to manually enter their name, email, and website next time they leave a comment.

    #2 – Data Export and Erase Features

    WordPress has added Data Export and Erase Features in order to comply with GDPR’s data handling requirements and comply with users’ requests for exporting and/or removing personal data.

    These data handling features can be found under the WordPress Tools menu from inside the WordPress dashboard.

    #3 – Privacy Policy Generator

    WordPress now comes with a built-in privacy policy generator, which can be found under Settings > Privacy.
    It offers a pre-made privacy policy template and provides guidance on how you can modify it for your own website GDPR compliance.

    The driving force behind the Privacy Policy is to be more transparent with your users in terms of what data you store and how you handle that data.

These three tools aren’t enough to make your WordPress website GDPR compliant but they will get you moving in the right direction.

Subscribing to Divi theme

When you subscribe to Divi Theme, you are added to my MailChimp mailing list. This list is used to deliver published posts to subscribers. Each notification has an unsubscribe link at the bottom, which you can click to unsubscribe from the list.

This list is used solely to inform subscribers of recent posts and we do not use it for any other purpose or share it with any third party.

If you want to know more, please read my full Privacy Policy.

GDPR resources – a little light reading

There are lots of GDPR resources out there and I mean a lot, but these are the ones that I’ve found useful.

Those are the best resources that I’ve found but if you have your own favourites, please let me know in the comments below… after you’ve checked the “comment consent checkbox” of course.

This is just my take on GDPR – but what do I know?

GDPR took effect on 25th May 2018 so we are all still trying to figure out what it means and how it will impact our websites.

Two things to bear in mind are: if you own a website, you can’t just ignore GDPR and a more comforting thought is that if you do a little reading and use the available tools, it’s not that hard to make your site compliant.

Don’t forget folks, I have no legal qualification so this is just my take on GDPR and nothing in this article should be considered legal advice.
If in doubt, you should consult a specialist internet law attorney to determine if you are in compliance with all applicable laws for your jurisdictions and your use cases.

And finally, I leave you with a quote from the guys over at wpbeginners, which, in a nutshell, tells you what GDPR is all about:

To put it in plain English, GDPR makes sure that businesses can’t go around spamming people by sending emails they didn’t ask for.

Businesses can’t sell people’s data without their explicit consent (good luck getting this consent).

Businesses have to delete user’s account and unsubscribe them from email lists if the user ask you to do that.

Businesses have to report data breaches and overall be better about data protection.
The Ultimate Guide to WordPress and GDPR Compliance – Everything You Need to Know

My thanks and gratitude to Pixabay for the header graphic used in this post.

Pin It on Pinterest

Share This