It’s almost time for the latest shakeup in the web industry — the GDPR deadline. What the heck is GDPR? And why does it matter for your WordPress site? Dive in with us to learn more. As a note to our clients, this is something we’ll be updating for you so you shouldn’t have to worry about it too much, though we’ll probably have you review some text so be on the lookout for those emails.
If you’re one of those people who loves to get into the legal and technical nitty gritty, you’ll probably want to just head over to https://www.eugdpr.org and read it in all its detail. For the rest of us, here’s the summary:
There’s more to it, but that’s definitely the gist. Here’s the kicker: You might be thinking, “My website has nothing to do with Europe. Why does this apply to me?”
The bummer (or great thing depending on your point of view) is that this applies to all European visitors to a site, regardless of where the website or operator of the website is located. Due to the wonderful “World Wide” part of the World Wide Web, pretty much any website could be visited by someone from the EU and therefore falls under these guidelines.
The EU has also said they’ll enforce fines for those who aren’t following the rules, so definitely better safe than sorry in this case.
It sounds like a huge pain, and could be, but from what we’ve found, it’s not too bad to at least get to the bare minimum standards to comply with GDPR. Granted, we are not lawyers, but from our review of this and our web knowledge, this seems pretty safe, and we’ve already implemented these steps on our website.
The first thing is that any time you’re collecting information from a user, they need to acknowledge they’re giving it to you. For things like forms (even contact forms), this usually means one of those checkboxes that says, “By using this form you agree with the storage and handling of your data by this website from this form.”
And that checkbox need to be unchecked by default. That’s important! To comply, you can’t have these sort of checkboxes checked by default. A site visitor has to actually do something intentional in order to give their consent.
So about user who request their data or request that their data be deleted? This is a little more involved but if you’re running a WordPress site, we found this awesome plugin called WPGDPR that handles this and a lot of other things more or less out of the box.
It helps with creating things like contact form messages, but also in creating a form where users can request information you’ve collected on them (contact forms, users accounts, WordPress comments, Woocommerce data, etc). They’ll get an email with a url to view the data that’s valid for 24 hours, and they’ll even be able to request that data be scrubbed. Pretty awesome functionality out of this plugin and if you check their roadmap, they’ve got a lot more planned.
It also looks like WordPress will fold a lot of this stuff into the main WordPress software with the next update. We’ll keep an eye on that for you.
We’ve talked about our love of Woocommerce but we’ve kind of breezed past it so far. What about those sites? All of the above still applies to those sites, but the great folks at Woocommerce have announced that the latest update of Woocommerce, 3.4, should be release around May 23, and will include a bunch of tools to make sure that Woo sites are compliant, but also doesn’t mess up your order information. It’s a bit of a complicated process, and we’re glad they’re handling this out of the box. We’ll be updating all of our clients’ e-commerce sites once that becomes available.
All in all, it’s really not that much work getting your site up to date, but it does require a little bit of attention.
And we’re hopeful that wide adoption of GDPR compliance will only help protect consumer data online. If you have any more questions on GDPR, especially with how it relates to WordPress sites, feel free to contact us using the contact form below!
That’s a good sign you need to talk with us.