“How Do I Make My Website GDPR Compliant?”
… is a question that will be coming up a lot in 2018 due to the privacy law approved by the European Commission which is designed to regulate control of your website visitor’s personal data. It is set to replace Directive 95/46/EC and will be enforced by May 25, 2018.
What is GDPR?
Basically, your website users have complete control over their data, and you need to display on your website terms exactly why you need it. At which point, they can give the go-ahead or not. In-depth, however, it’s a little more complicated than that.
What does making my website GDPR compliant mean for everyone?
The good news is that there is a dedicated team of WordPress Core contributors working on GDPR-proofing the Core code before May 25. They have a website (and associated Slack channel) set up where admins and devs can keep up with the progress and see what you need to do to get yourself (and your clients) in compliance. Here’s the breakdown of what you’re responsible for:
- Explaining who you are, how long you’re keeping the data, why you need it, and who on your team or externally has access to it
- Getting explicit and clear consent to collect data through an opt-i
- Giving users access to their own data, the ability to download it, and to delete it from your records completely
- In the event of a hack or security breach, letting your users know about it
How do I make my website GDPR Compliant?
The actionable step here is two-fold:
- How to access and download a complete record of any data you have on them
- The process through which users can fully delete their data from your records (and not simply unsubscribe, etc.) as a part of the ‘right to be forgotten’ laws previously passed in the EU
- Detailed explanations of who you are, what you use the data for, who has access to it, and how long you retain it
- Exactly how you will inform users of data breaches if they ever happen
As always, talk to your attorneys to help identify the risks and ensure your processes comply with GDPR, as well as work with your tech team to build the needed safeguards to collect the data, evaluate it and remove it.