Understanding the GDPR
The GDPR (General Data Protection Regulation) is a new law in the European Union (EU) going into effect May 25 of 2018. There are provisions of the new regulation that make it relevant for all countries with websites that do business in the EU.
What You Should Know About the GDPR
The GDPR was written to protect personal data collected and stored on websites. There has been some debate on whether the regulation is too far reaching. There have also been several discussions about its enforceability outside of the EU.
Essentially, the owner of a website doing business with a person in the EU that collects any personally identifying information has some responsibilities in the collection, and storage of that information.
The major responsibility is getting clear and honest consent from the user. This consent needs to clearly define what’s being collected, exist separate from other terms and conditions, and needs to be a positive affirmation (no pre-selected checkboxes). In addition, this consent needs to be revocable by the user.
There is a lot of complexity around which data is considered identifying as well. Name, address, email are obvious data points. However, IP address may also be an identifying piece of information in some circumstances.
The UK organization, ICO, has created some guidelines for the GDPR that answer a lot of questions about what the regulation calls for.
How You Can Prepare for the GDPR
The GDPR is coming and if you’re concerned about it the best thing you can do is understand it. Once you have that understanding you’ll need to consider the impacts that complying with the regulation have on your website.
The enforceability of the regulation is in question for the United States. You’re going want to set a budget to make changes to the way you collect information. Some things to consider are your mailing list signups, shopping cart checkouts, and what kind of analytics you’re running on your website.
If you’re collecting data on a form, you need to look at that data as it relates to the GDPR.
There is some time before the regulation goes into effect. We recommend that you learn as much as you can about the GDPR. There are some steps that you can take right now that will get you ready for compliance.
Many WordPress plugin developers are already working on making sure their plugins are GDPR compliant. So, there’s going to be a lot more information as we move closer to the regulation’s implementation.