15 May GDPR and WordPress – How GDPR Affects Your WordPress Website
GDPR and WordPress
What you need to know about GDPR and how it affects your WordPress website
The new General Data Protection Regulation (GDPR) introduces some very in-depth regulations surrounding how personal data is handled and stored and it is clear that this sending a lot of business owners into a panic. There has been a lot of scaremongering going on with GDPR and a lot of ‘so called experts’ popping up left right and centre!
This is why Poppy Design Studio has left it quite near to the deadline for GDPR to write this article. It was not done to panic people even more but it was done so we could try and get to grips with it before we even try explaining it to our customers.
If your business processes and stores personal data of EU citizens (even just email), GDPR applies to you.
It is true, there are major fines for companies that do not comply with the new regulations – up to 4% of your turnover or €20 million but please remember before panicking that the ICO will work constructively with business owners in a non-adversarial way. The GDPR fines will only tend to be imposed when a business commits a very severe privacy violation, or where a business refuses to cooperate or continually repeats the same mistakes. This is not us saying you do not need to take GDPR seriously but it really is important that you as a business owner comply with a positive ‘how can we improve things’ mentality, rather than thinking of it as a box-ticking exercise to avoid being fined.
Ok, so where do I begin to tackle GDPR?
To start we have to add a obligatory disclaimer so we do not get shouted at by a lawyer:
Poppy Design Studio are not lawyers and what follows isn’t legal advice. We are here to give guidance on what needs to happen to Your WordPress Website and GDPR as we have a vested interest but we are in no way legally trained and we have to advise you to get legal advice on your own policies and practices/privacy polices so you know you are covered for your own business. If If you notice things that are wrong, out-of-date or missing – please let let us know so we can update this article!
If you haven’t started getting ready for GDPR yet, here’s a basic plan based on what we have done at Poppy Design Studio:
- Read through the ICO’s guidance on GDPR
- Conduct a GDPR compliance audit for your business.
- Identify any weaknesses and address these.
- Create/update your Internal Data Security Policy. This should outline the policies and procedures you have in place internally to ensure the security of personal data. We suggest again you talk to a GDPR expert and legal team for this. You can get further advice from a company that we work with a lot and highly recommend : www.outsorcedvirtualoffice.com
What needs to be done to help get your WordPress website GDPR compliant
3. Scan your website for the Cookies it uses – You now have to list the cookies you use on your WordPress website so a visitor has the option to turn them off. Every website uses them and some are required and cannot be turned off to keep the site functioning but others can be switched off and the visitor needs to be given a choice. We recommend using this website: https://www.cookiebot.com/en/ You can then use that free scan to get a free PDF report of the cookies your website uses, and then you use that to list them and give visitors the option to turn them off.
4. Cookie Consent – It is stipulated in the ICO guidelines that when a user visits your website that they must have the ability to turn off cookies easily before they continue to use your website. A simple information pop up bar just listing the cookies is no longer compliant, they literally have to be able to turn them off easily and from the screen they arrived on. This has caused some issues in the WordPress world as some plugins just simply do not work. We have found and tested them all! We are on the case though and have found a couple that just need a few tweaks and we will update this shortly once we know they are working with no glitches to what we will finally use and recommend.
If you are using a database plugin to store all emails in your WordPress database, it works differently for you. You will need to have a tick box (acceptance box) This must be their explicit consent, it must be opt-in (rather than a pre-ticked checkbox), it must be separate from any other terms and conditions and make it clear as to why you want the data and what we’re going to do with it and how you are storing it in your database.
WooCommerce will be releasing a GDPR update also. Here are the details, this should cover everything that is needed from a shop perspective. See details here: https://woocommerce.wordpress.com/2018/05/04/woocommerce-3-4-gdpr-features/
[tick box that is not ticked] I agree to my personal data being stored and used to receive the newsletter.
[tick box that is not ticked] I agree to receive information and commercial offers from [company name] You need consent for each broken down reason why you are emailing them.
Other precautions you need to take with a WordPress website:
- Make sure your WordPress is updated and all your plugins are updated monthly.
- Ensure your website is on HTTPS
We hope this will help you prepare for GDPR with your WordPress website and if you feel we have missed anything please leave a comment and we will be more than happy to add it.
Need extra help on GDPR and WordPress ? Email or call us today and we will be happy to help! firstname.lastname@example.org or 0800 321 3843