GDPR stands for General Data Protection Regulation and is the personal data privacy regulation implemented by the European Union which came into force across the EU on May 25th, 2018. In this series of posts I will walk through some of the tools and procedures that can be followed to begin the road of making sure that your website is GDPR compliant.
Before we begin I want to clearly indicate that this post is not a complete guide to WordPress GDPR compliance, rather I just wanted to bring to light some of the tools and insights that I’ve found useful in getting closer to GDPR compliance. Secondly, I am not a lawyer and therefore you should not rely on any of this with regard to your own legal protections particularly with regard to your websites Privacy and Cookie policies. You should seek out professional legal advice which is the wisest and cheapest option for you, particularly if you end up facing legal issues with regard to GDPR data protection compliance in the future.
There are a couple of different areas that a WordPress website developer should consider when working toward GDPR compliance, they are as follows:
- Consent to collect personal data when handling form submissions
- Cookie Notifications on each page of the website
- Personal Data Retrieval, Reporting & Deletion upon request
I intend to write a blog post on each of the topics. I do believe that if your WordPress website solution addresses each of these sufficiently, you are well on your way to achieving GDPR compliance.
As a software engineer, this is my least favorite part of GDPR compliance and yet it is a very important component. In all reality it is an area that requires input from both the lawyer as well as the engineer building the website. I say this because key sections of information that need to be covered in the data protection policies of your website include what data you collect, what it’s used for and how you protect that data from public exposure. There are also commitments made in the data protection policies of the website that require technical implementation such as:
- displaying a cookie notification on each page
- including a place where a user specifies that they consent to the website storing and using personal data prior to allowing them click the form submit button
- including functionality that allows for the complete retrieval of all personal data for an individual who has visited your website. This can even include a requirement that the data you retrieve is machine readable and not just printed.
- including functionality that allows for the complete deletion of the personal data for an individual who has visited your website.
There are a number of factors to consider here when building your WordPress website. For example the default WordPress install comes with the ability to produce such reports out of the box and at a minimum includes things like blog comments. But, this is also a very important consideration for a WordPress developer when deciding what Plugin’s to use on the website. Some plugins integrate with the default WordPress functionality for handling such requirements, this is ideal. Other plugins only help you partially meet these requirements while still others do not offer any help in doing so. It would be a shame to spend a lot of time on achieving the perfect functionality that you are looking for from a plugin and then realize, after all that work, that it is very difficult to make the functionality GDPR compliant. So some forward thinking is in order.
Types of Policy
We are a company that writes software including WordPress websites. If you would like help in implementing a GDPR compliant website please don’t hesitate to fill out a quote and we’ll get back to you as soon as we can to help.