Change is the law of life. And those who look only to the past or present are certain to miss the future.
John F. Kennedy
It’s been 55 years since John Kennedy has famously pointed out this universal truth. Life is about changes we have to embrace and bear. The web world has recently been exposed to the sharpest change in the 21st century which will set the principles of behavior in the digital world for the future, as it was claimed by Sheila Colclasure, Acxiom’s chief data ethics officer.
The distrustful users have always wondered what the Internet knows about them, and now the ball is on their court owing to the European privacy law paying utmost attention to collecting, processing, storing and sharing of personal information. The buzzword ‘GDPR’ applies to all, as you might have already noticed the recurring emails in your inbox notifying of the changes regarding the new confidentiality policy of companies that you deal with.
What does GDPR stand for?
GDPR (General Data Protection Regulation) is European legislation giving citizens of the European Сommunity the right to check up and manage their personally identifiable information (PII) that is freely distributed on the Internet. The law attempts to establish relations of trust between the digital realm and consumers which is believed to be the cornerstone of the groundbreaking market-driven reforms the world has never seen before.
According to the Hubspot, Europeans concur with the idea that GDPR is a favorable change in today’s digital community.
The companies, gathering personal information should set out the need for those actions. What is more, under GDPR users have a right to request access to the databases of the companies creating their profiles with the objective to correct misinformation. Citizens of 28 countries are protected by this law no matter where data collection and processing occurs. The code concerns every company having a web page excluding the websites or apps (both mobile and desktop apps) locating outside the European Union and restricting the access of the European citizens to them. Note, that the law presupposes regulations different from the accustomed Terms and Conditions which set forth legal rules of cooperation between the company and the client. The strengthening of individuals’ conviction about safety and reliance is the primary focus of the recent initiatives.
What is meant by personally identifiable information?
The personally identifiable information is information that can be used on its own or with other information to identify a specific individual. Such information may include:
- birth date;
- IP address;
- identification number;
- marital status;
- credit card information;
- physical address;
- contact details (email, fax, phone number, etc.);
- health information;
- religious belief, etc.
Any portion of information relating to the individual can be treated as personally identifiable information which can be processed by the companies collecting it. Even simple storing of any piece of such information is considered as processing.
Is WordPress GDPR compliant?
The businesses collecting clients’ personal information have no right to select whether they want to be GDPR compliant or not. The self-hosted WordPress.org is not the exception, as of WordPress 4.9.6. If you do the business (no matter whether it is big or small) and have customers coming from the European Union, then you must be 100% compliant with the law. If you are not physically available in the Union but have European clients, you should adhere to the law. Otherwise, you may be imposed a fine of 4% of the global annual revenue, or up to €20 million, which is quite a lot of money. The measures are strict, but rational and human-friendly since you are given a chance to redeem before being punished.
The state supervisory authorities determine the level of penalties, whether it is a warning, a reprimand, a suspension of data processing or financial liability.
Warning -> Reprimand -> Suspension of data processing -> Fine
Such penalties may cause alarm and confusion, but still, there is no reason for concern, especially when you are now equipped with our GDPR compliance guide guaranteeing full immersion into the slightly transformed realm of eCommerce.
The Fruitful Code experts unanimously adhere to the regulations and want to help you get to the bottom of the innovation to ease the adjustment to the new guidelines. Below you can find 5 issues to solve to make your WordPress site GDPR compliant.
Promote the data privacy culture
GDPR compliance is a team effort, and thus it is vital to make your colleagues think different, as Elizabeth Denham has already proved it: “We’re all going to have to change how we think about data protection.” Keep your dream team informed about the new rules of the game. Take all the possible measures to encourage them to treat personal information as the precious resource on which business practices depend. Consulting data protection specialists, holding thematic pieces of training and even quick meetings may contribute to the robust business. Don’t forget to contact a lawyer to update all the legal documents and agreements to stay away from troubles. According to Statista, this measure has gained popularity in the prevailing security situation.
Make predictions regarding information leakage and plan the measures to ensure data safety.
Reconsider the information that you keep
Audit the personal identifying information that you keep – both hard and electronic copies count. Sort out data according to the type, format, source, and implicated individuals. After the audit, figure out what information is irrelevant and remove it. Ensure, that the remaining personal information is pertinent and keep it secure. Use it only for the pre-set purposes. Start new data collection on WordPress sites only when there is an unmet need.
Systematize your database
Be aware that now users can start requesting access to their personal information stored in your database. Arrange information in different languages as a responsive system to improve the user experience.
Establish the process of responding to the customers’ requests since they have now the right not only to view their PII but also ask for deleting some details. According to the recent study, most consumers would like to have their PII removed from the World Wide Web.
Schedule the delivery of copies containing all personal information stored in your database within 30 days after receiving the request.
Notify your clients of the Regulations
Ensure peaceful coexistence
In case you are used to tracking your traffic and cookies with Google Analytics, then you probably know that in such case data is processed anonymously. Nevertheless, check out the Data Processing Amendment to the Google Analytics Terms of Service to ensure that you are GDPR compliant and none of the tracking systems might conflict with each other.
That’s about it, though. We hope to be useful in the process of making your WordPress site an exceptional piece of work that is liable in cases of international collaboration. In case you’ve got any questions about the improvement of your website, feel free to contact Fruitful Code specialists for help.