Here’s an update on GDPR – a law that came into effect in 2018 to protect citizens of the European Union.
Update on GDPR
We last wrote about GDPR in 2018 with our post Do I Really Need to Care About GDPR? So what has changed since then?
What is GDPR? - a refresher
GDPR – or General Data Protection Regulation – is the primary law regulating how companies protect the personal data of European Union and European Economic Area citizens. It has been in effect since May 2018 and covers the following countries:
Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, and Sweden.
What are the aims of the regulation?
Some of the key privacy regulations and data protection requirements under GDPR include:
- Asking visitors’ consent for data processing
- Providing data breach notifications
- Anonymizing collected data to protect e-privacy
So Does GDPR Affect my Site?
The short version: if you have any users from the above countries, then yes. Even if you think you aren’t collecting data, consider that this includes details that are stored when someone leaves a comment, when they use your contact form, or places an online order.
DISCLAIMER: This information in this update on GDPR is not intended as a substitute for professional legal consultation. It is provided “as is” without any representations or warranties, express or implied. Always consult an attorney when you have specific questions about any business matter of this kind.
As a Site Owner, What Do I Do?
Blogging Your Passion has this handy checklist of seven issues that need to be addressed:
- Cookie consent & management
- Terms & Conditions policy
- Right to be forgotten requirement
- Data access requirement
- Data breach notification requirement
- Data rectification system requirement
To most site owners, this is going to seem daunting. But luckily, there have been many technical developments since 2018 to make the process easier.
GDPR and WordPress
As of WordPress 4.9.6, the core software is GDPR compliant, and features several useful tools:
- Comments Consent – a checkbox automatically added under the comment box offering the user an option to save their name and email address.
- Data Export and Erase Feature – a data handling option where a website owner can fulfil a user’s request for exporting personal data as well as removal of user’s personal data.
According to PopupSmart, here are the 10 best GDPR WordPress plugins for 2022.
Here at AndiSites we like Cookie Notice for GDPR & CCPA and GDPR Cookie Consent. For situations other than cookie notices (eg checkboxes for e-commerce forms, data request forms, etc.) we use WP GDPR Compliance.
If you want to make the whole headache go away, then many of the plugins (eg WP GDPR Fix) have an option to simply block all traffic from EU countries. However, this may not be as straightforward as it sounds, so we recommend reading Is it GDPR compliant to block EU visitors?
An Update on GDPR - In Conclusion
The bottom line is that if people from the European Union can visit and interact with your site, you need to be compliant. The fine for violating these requirements is as high as $20 million, plus you might even be barred from serving any users from the EU in the future.
We highly recommend obtaining legal advice on this issue if you have any concerns. If you find the technical side of getting compliant overwhelming, then AndiSites can help you. Contact us today, get compliant, and get back to running your business without having to worry.