How To Protect Your WordPress Site From Security Breaches
November 30, 2017Cookie Consent – Does Your Website Need It?
December 29, 2017The General Data Protection Resolution or GDPR takes effect on 25 May 2018. If you own a WordPress website that collects or processes personally identifiable information of EU citizens, you need to comply with this regulation.
What Is The GDPR?
The GDPR replaces the Data Protection Directive which was enacted in 1995. Under this regulation, the power shifts to the EU citizens as they are given more control about their digital data. These data include any sensitive personal information that can be used to identify, find or contact a person such as photo, address, phone number, email, medical information, etc.
Under the GDPR, data subjects, or the EU citizens, now have the right to know if their personal data is being collected and what information about them is being gathered. They also have the right to request access to these data as well as ask organisations to update or delete their PII.
Is Your Website Affected By The GDPR?
Do you collect personal information of EU citizens via online forms on your WordPress website? Do you ask for the name, address and other PII of your website users or visitors in these forms? If you do, then you need to comply with the GDPR.
Similarly, if you have an e-commerce site, you are also covered by this regulation. This is because your EU customers provide you with sensitive information about them when they purchase something from your site.
However, if your website uses forms that do not ask for your visitor’s PII, then you do not have to worry about the GDPR. For example, websites that primarily focus on offering quizzes without requiring users to input their personal data are not affected by the GDPR.
It is important to note that, even if your business does not have physical presence in any EU nation, you must still follow the regulation. Regardless of the location of your servers or your company headquarters, your WordPress website needs to be GDPR-compliant if it collects PII of EU citizens.
Why do you need to comply? Noncompliance can result in fines of as much as €20 million or 4% of your annual turnover. Moreover, users of your website whose data have been compromised can go after you and sue you for damages.
How To Make Your WordPress Website GDPR-Compliant
First, you need to have an in-depth understanding of your online-data gathering activities. What sensitive information about your users to collect? Where do you store this information? Why are you collecting these data?
You also need to come up with privacy policy. This policy needs to be communicated to your WordPress website visitors or users. The privacy policy should inform them of your site’s data collection and storage practices – what the data is for, where it is stored, where it would be used, etc. Moreover, you must request consent from your users before collecting their data. They should be informed that your online form asks for some of their PII and that these data will be stored.
Unlike the old practice, the GDPR requires you to get the explicit consent of your users. The opt out process is no longer allowed. Users must indicate through an affirmative action such as ticking a box that they are giving you permission to use their data. One way of ensuring that you get your users’ consent is to design your forms in such a way that data would not be submitted unless the user gives his/her consent (by ticking the consent box, for example).
Making your website GDPR-compliant (as well as your online forms) on your own can be challenging, especially if you are not WordPress savvy and well-aware of the GDPR provisions. For these reasons, it is highly recommended that you seek professional help when it comes to this matter. Tap the services of a WordPress website design company that has an in-depth understanding of and is compliant with the GDPR. With this company’s help, your WordPress website can transition into the “GDPR era” in a painless and effortless manner.
Another important thing you must do is to ensure that you collect data in a secure manner. A report showed that around 34% of firms belonging to the FT30 have websites which collect PII in an insecure manner. Also, 29% of FT30 companies do not use encryption software. Under the GDPR, insecure gathering of PII is a violation. Therefore, make sure that you implement a secure data collection process and use strong encryption algorithms to protect the PII you collect.
Need help making your WordPress website and online forms GDPR-compliant? Call us at 019609023 today!