What is GDPR?
GDPR is a new law that was passed by the European government in an effort to protect individuals rights to their personal data and privacy. Simply put, they want everyone in the world to comply with this new law and make client data accessible and editable on demand.
Wall Street Journal Explanation
Does My website need to be GDPR Compliant?
Yes, if you have a website on the internet, no matter where in the world you are, or what kind of website you have, you should implement these tactics to comply. Anyone who does not, can be subject to fines/fees/lawsuits.
Step 1
Install and activate the WP GDPR Compliance plugin from the plugins menu. Here is a video that shows you how to install plugins, if you don’t know how.
Step 2
If you don’t already have one, create a page on your website where your privacy policy can live. When you install the plugin, it will automatically create a “data access request page” for you that you can access and customize later (/data-access-request). This is what my privacy policy page looks like and as you can see, I added the verbiage for the “GDPR COMPLIANCE” and a separate link that we will get later for the data access page (or simply use /data-access-request).
Step 3
If the plugin is activated, you’ll hover over the “tools” tab and select WP GDPR Compliance. Under the integrations tab, it’s probably a good idea to activate all the forms on your website that collect data. Even if it’s just an email. This will automatically add a checkmark to each form that will make your users understand that they give you consent to collect data and they have the option to access that data if need be.
Step 4
Under the settings tab, select the drop down and look for your “Privacy Policy” page you created earlier activating and connecting it. Just underneath that where it says “request user data”, check mark the activate page box. Choose the save changes button. Now you can edit and access the (/data-access-request) page. Notice the green link for editing the page? Make sure this is a clean and full width page.
What the data access request page will do is display a form where a user can enter their email and once they do, it will send that user a special link they can use to access their data on your website. This link is only good for 24 hours and can only be reached by the same device, IP address and browser session from when the person requested permissions.
Try it out yourself when you’re all done.
Don’t forget SSL
If your website does not have a green lock and is accessed by https rather than http, you are inviting users to access your website under unsafe circumstances. That means, that while a user is on your site, they are subject to hackers viewing their sessions and viewing the information they input into your website. SSL, encrypts a users session so that all data is private.This is such an important factor for websites that Google is now using SSL as a ranking factor. As of July 2018 Google will mark all non-https sites as “not secure”. So installing SSL not only protects your users and you, it will also help you boost your SEO by telling Google and other search engines you are safe website to access. To inquire about SSL installation, ask your hosting company or contact your web developer. Read more about Googles new strict security SSL requirement.
Privacy Policy
It’s required by law that you have a privacy policy on your website. Because I’m not a lawyer, I cannot advise you on how to write a privacy policy or where to purchase one from. I can however suggest a really good one and it’s the same one I use with prices starting at “free”. https://privacypolicies.com/pricing
I wouldn’t point people to WP GDPR Compliance plugin since it was hacked and the original owner gave zero information on the hack. They have fixed the hack but it still caused a large number of designer and clients to suffer.
No kidding. I felt that backlash. I’m still trying to decide on what alternative thing I can do. I liked the plugin because of the data access request page and it’s ability to let clients get their own content off the site themselves. Although, you should know, that any site can get hacked at anytime and it can be because of a plugin, old theme, old wp version, etc. I’m not sure what the programmers knew about the hack, but they fixed it fairly quickly too once they found out. The real problem is not a programmer who failed to see a vulnerability. It’s the hackers themselves. They hackers cause us all to suffer. Not the programmers.
Thank you for this post Heather, i learnt something new about my privacy concerns on the internet.