General Data Protection Regulation (or GDPR) is a new regulation passed in European Parliament and taking action from May 25th, 2018. GDPR aims to strengthen the personal data protection policies held by websites situated in European Union. This new regulation is important nearly for any WordPress project, as most of them are collecting and storing some personal data from their users, subscribers and members. Even the IP address is considered as a user`s personal information.
We have dedicated this article to the nuances of new General Data Protection Regulation statements, the situation it might affect and the actions any WordPress website owner should take to prevent the enormous fines which are envisaged by the new law regulation. This information is crucial for every WordPress admin, so you should not miss your chance to familiarize yourself with this aspects as soon as possible and take action beforehand.
What Does GDPR Mean?
GDPR regulates the attitude to personal data for European companies and users located in European Union. Companies and websites can still gather personal data but they should provide 3 important features for the stored data:
- The data should be stored in servers located in European Union.
- A user can receive the full information about his or her personal data stored by the web project.
- A user can request the full deletion of his or her data and the web project can not deny this appeal.
These rules aim to protect users` personal data from illegal usage and give users the official right to control their data usage. It means you can not gather personal data without limitations and use them at our discretion. Users` rights first, marketing operations second – that is how it sounds for WordPress website owners.
Who Must Apply GDPR Rules?
There is a high chance that GDPR can affect any WordPress website owner without an exception. But there are several categories of websites (or their certain parts) which could be affected by GDPR earlier and with higher risk than others. The example of such websites or services are first of all quizzes, surveys, newsletter subscriptions and other forms.
Quizzes and surveys usually have two main goals: make content viral and collect some precious statistics about users. The second goal implies the violation of new General Data Protection Regulation rules if you do not make proper safety procedures. The data collected while subscribing your users to newsletters also usually include personal information which deals directly with GDPR rules.
However, even websites without quizzes, surveys and newsletters can be affected by GDPR due to feedback forms. Feedback forms also collect users` names, IPs and emails which are personal information. Thus any WordPress website should pay attention to the changes in General Data Protection Regulation rules.
What Does the GDPR Violation Mean?
As we have already mentioned, any General Data Protection Regulation violation means great fines. Talking about concrete numbers: up to 20 million EUR or up to 4% of your annual worldwide turnover (whichever is greater). This is, of course, the worst case. In other cases, you can even get only a written warning. But nobody gives you guarantees that you would not get the full fine in your specific case. So it is much better to play by the rules than to count on luck.
How to Prepare Your WordPress Website to GDPR Requirements?
There are some steps which you should make as soon as possible (not waiting for the GDPR rules to come in action at May 25th, 2018). These steps will provide you and your users with the security guarantees for the personal data. Moreover, it will secure you from the great fines we have already mentioned above.
First of all, you should designate a data protection officer for your WordPress project. This person should control all operations connected with users` data and take immediate actions in case GDPR rules are violated. If your WordPress project is still small, you can handle this task by yourself but you should keep your knowledge on GDPR fresh.
Secondly, you should check all vendors you are cooperating with by their compliance with GDPR rules. For example, if you use third-party service for newsletters and subscription forms, you should check their attitude to GDPR requirements. You can check it by yourself or just ask for this information in customer support service.
Then you should pay attention to the data encryption. Any unencrypted data are potentially vulnerable to hacker attacks. And GDPR rules put the responsibility of such data loss on you. It is very likely that you would not have enough knowledge and skills to encrypt your data properly by yourself. Fortunately, there are lots of services which provide professional encryption and secure your data.
Last but not least, you should store your data inside the European servers. It means you can not outsource the issue and throw off the blame to some foreign company. It is now true only for personal data of European users. But this rule can be shortly applied in other countries respectively.
The GDPR rules should be respected even now, when they have not yet act formally. The preparation process for GDPR compliant content can take a lot of time and effort, therefore any WordPress website owner should think about it beforehand. That is the main reason we have shared this important information with you. Do not miss your chance to by GDPR compliant today!
The images for this article are taken from the infographic by Riddle. Thanks for sharing!