Understanding the GDPR
The GDPR (General Data Protection Regulation) is a new law in the European Union (EU) going into effect May 25 of 2018. There are provisions of the new regulation that make it relevant for all countries with websites that do business in the EU.
What You Should Know About the GDPR
The GDPR was written to protect personal data collected and stored on websites. There has been some debate on whether the regulation is too far reaching. There have also been several discussions about its enforceability outside of the EU.
Essentially, the owner of a website doing business with a person in the EU that collects any personally identifying information has some responsibilities in the collection, and storage of that information.
The major responsibility is getting clear and honest consent from the user. This consent needs to clearly define what’s being collected, exist separate from other terms and conditions, and needs to be a positive affirmation (no pre-selected checkboxes). In addition, this consent needs to be revocable by the user.
There is a lot of complexity around which data is considered identifying as well. Name, address, email are obvious data points. However, IP address may also be considered an identifying piece of information in some circumstances.
The UK organization, ICO, has created some guidelines for the GDPR that answer a lot of questions about what the regulation calls for.
How You Can Prepare for the GDPR
The GDPR is coming and if you’re concerned about it the best thing you can do is understand as much as you can about it. Once you have that understanding you’ll need to consider the impacts that complying with the regulation have on how you do business with your website.
Since the enforceability of the regulation is in question you’re going to need to decide how much time and money you’re going to want to set aside to make changes to the way you collect information. Some of the things to consider are your mailing list signups, shopping cart checkouts, and what kind of analytics you’re running on your website.
In most cases if you’re collecting data on a form, you probably need to look at the storage for that data as it relates to the GDPR.
There is some time before the regulation goes into effect. We recommend that you learn as much as you can about the GDPR. There are some steps that you can take right now that will get you ready for compliance.
Many WordPress plugin developers are already working on making sure their plugins are GDPR compliant. There’s going to be a lot more information especially in the WordPress community as we move closer to the regulation’s implementation.
How Can We Help You?
We want to build your next project.