Blogs

Hello world, have you been seeing these 4 letters GDPR constantly and don’t know what they mean, but hear it could cost up to 4% of your worldwide turnover of the past financial year which translates to a lot of benjamins. Let me repeat that, A LOT OF BENJAMINS! Let me give you the basic rundown of the General Data Protection Regulation and how YOU can become compliant.

The Simple Overview That Everybody Needs to Understand

Let us travel back in time to 1998 where the Data Protection Act was created to protect personal data on the technology at that time. Fast Forward 20 years and now it is 2018 where the Data Protection Act has not been updated since and with the advancement of technology calls for new regulations. Here is where the Council of the European Union took action and decided that all EU representatives that collect personal data will have to be compliant with new laws in order to protect their citizens from privacy and data breaches. However, as mentioned above, if the representative does not comply then penalties will be enforced and companies will have to pay fines. Well, If I still have not gathered your attention let me just warn you that the European Union has already begun making changes and is enforcing it throughout the countries as of May 25th, 2018. But as a business in the U.S, you’re still laughing behind this screen because you don’t think it will affect the area you reside in, but let me state it clearly that this is going to have a ripple effect globally so fasten your seatbelt.

How Being Compliant Will Affect Companies Positively

First things First, complying with the General Data Protection Regulations can seem to be overwhelming and difficult. However, It is worth the time because it allows your company to display that you are focused in on people’s personal data and that you will take serious precautions to protect them. Being Transparent is one the major key ways to become compliant and once quality data is surfacing in your company this leads to better marketing. Before people were scared to give out quality data in case of a circumstance for misuse, but once everything is settled and compliant, they won’t be afraid anymore. Furthermore, companies will naturally become more organized when storing personal data and know where everything is and how it is being used. The impact of that will be a company that is running more efficiently and effectively. Enough with the small talk, let’s get into the meat and bones of it.

The Major Changes About User Data That Will Affect Business Globally

TIme to reveal the best part! Users now have the right to

• Be informed
• Have access and portability
• Restrict processing
• Erasure and objection
• Recertification

In more detail, now that users have the right to be informed means they are able to know how their data is being collected, processed and what it is being used for. Next,  the user has the ability to access their data at any time and actually export a human-readable copy. Which means there can’t be a spec of legal terms on the copy and must be written in plain language. Also, they can request for the company to stop processing their data and be able to erase it whenever they want. Super fun, I know. Of course, this is only a basic rundown on the user data and there a much more to learn. I highly recommend checking out https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations_en

to become more familiar with the specific regulations in place. There are also quizzes and checklists that also determine compliance which is https://ultimategdprquiz.com/quiz

https://gdprchecklist.io/

Nevertheless, WordPress sites will be strongly affected and down below I created a 10 step process on how your site can become compliant.

The 10 Steps to Take in Order for Your WordPress Site to be Compliant

1. Perform a security audit on the entire WordPress site and determine where data is collected, processed, and how it is stored
2. Create a data inventory and mapping based on the audit above
3. Update all legal agreement documents that specifically asks for consent
   1. Must include checkbox
   2. Special page for the updated easy to read privacy policy (Check assignment 7 for more detail)

4. Create the option to export and erase personal data

1. 1. Also implement an email based method to confirm the bolded actions above

5. Change safeguards for personal data to the highest level

1. 1. Which contains a notification sent to all people whos’ data is collected saying there has been a breach
   2. Notification must be sent under 72 hours

6. Encrypt web traffic (HTTPS)
7. Items to include in updated Privacy Policy

1. 1. Who your company is  
   2. Why your company is collecting their data
   3. How long data will be kept
   4. Who else will receive it
   5. Allows the right to withdraw content
   6. Allows the right to have access
   7. Allows the right to obtain a copy or delete their data
   8. Allows the right for a customer to correct their data

8. Double Check if WordPress plugins are compliant

1. 1. Contact forms must add a checkbox
   2. Comment section must add a checkbox
   3. MailChimp and ActiveCampaign are compliant
   4. Paypal and WooCommerce are compliant
      1. Recommend anonymize IP

9. Create a cookie consent popup
10. Helpful Plugins to look into

1. 1. WP Security Audit Log by WP White Security
   2. WP GDPR Compliance by Van Ons
   3. GDPR by Trew Knowledge
   4. WP GDPR by AppSaloon

Our next article will focus on how Design Source Media is becoming GDPR compliant

Sources:

https://ec.europa.eu/info/law/law-topic/data-protection/reform/rules-business-and-organisations_en

https://kinsta.com/blog/gdpr-compliance/

https://make.wordpress.org/core/2018/03/28/roadmap-tools-for-gdpr-compliance/

https://www.codeinwp.com/blog/complete-wordpress-gdpr-guide/

https://www.eugdpr.org/key-changes.html