In the pipeline for more than two years, the General Data Protection Regulation (GDPR) is a new European-based piece of legislation aimed at giving citizens increased control over their privacy and how their personal data is used by the organisations they interact with.
As defined by the European Commission, “Personal data are all information which is related to an identified or identifiable natural person.” For example, a name, a telephone number, a home address, a credit card or PPS number, bank details, a number plate, a photo, a customer number, an email address, posts on social networking websites, medical information or a computer’s IP address are all personal data.
The new GDPR privacy law comes into force across Europe on 25 May 2018 and applies to any business and organisation providing products or services to EU residents. The regulation is primarily concerned with data collection, informed consent and outlines the rights of individuals over their personal data.
As a website owner, what does this mean?
Data collection
WordPress websites automatically collect user data in a number of ways including cookies, user comments and Google Analytics.
Cookies are a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing. They can be temporary or persistent (but have an expiration date) and are used to avoid re-entering login details for instance at each new visit.
Posting a comment on a post generally involves a person’s name and email address.
Informed consent
If my website displays a contact form or distributes a newsletter, I must obtain user’s consent.
I must also provide users with the option to access and or delete personal data, and a newsletter must provide users with an “unsubscribe” link.
As a website owner, what do I need to do?
With the new GDPR regulation coming into force, website owners are now required to publish or update an existing privacy policy on their website which will state clearly:
- if their website uses cookies
- if their website stores personal information (through cookies, comments, contact forms, tracking analytics, logins or passwords)
- if website shares personal information with third parties for marketing communications or targeted advertising
- How users can access and or request their personal data to be deleted
But first and foremost, website owners MUST now seek consent from users on Contact and Newsletter sign-up forms and always provide an obvious “unsubscribe” option. This is why over the last few weeks, our inboxes have been filling up with emails from organisations now asking us to opt in again to various newsletters and subscriptions.
Several WordPress plugins regarding cookie, privacy policies or new GDPR legislation are already available to assist website owners in achieving compliance.
Released on 17 May 2018, WordPress version 4.9.6 introduced the option to create a generic privacy policy with an inbuilt template which website owners can tailor to suit their own requirements.
The new set of GRDPR regulations not only offers increased protection against unlawful usage, loss or exposure of consumers’ personal data, it also forces organisations and businesses to be a lot more transparent and accountable when it comes to their data processing activities.