What is GDPR?
GDPR is a new law that was passed by the European government in an effort to protect individuals rights to their personal data and privacy. Simply put, they want everyone in the world to comply with this new law and make client data accessible and editable on demand.
Wall Street Journal Explanation
Does My website need to be GDPR Compliant?
Yes, if you have a website on the internet, no matter where in the world you are, or what kind of website you have, you should implement these tactics to comply. Anyone who does not, can be subject to fines/fees/lawsuits.
Install and activate the WP GDPR Compliance plugin from the plugins menu. Here is a video that shows you how to install plugins, if you don’t know how.
If the plugin is activated, you’ll hover over the “tools” tab and select WP GDPR Compliance. Under the integrations tab, it’s probably a good idea to activate all the forms on your website that collect data. Even if it’s just an email. This will automatically add a checkmark to each form that will make your users understand that they give you consent to collect data and they have the option to access that data if need be.
What the data access request page will do is display a form where a user can enter their email and once they do, it will send that user a special link they can use to access their data on your website. This link is only good for 24 hours and can only be reached by the same device, IP address and browser session from when the person requested permissions.
Try it out yourself when you’re all done.
Don’t forget SSL
If your website does not have a green lock and is accessed by https rather than http, you are inviting users to access your website under unsafe circumstances. That means, that while a user is on your site, they are subject to hackers viewing their sessions and viewing the information they input into your website. SSL, encrypts a users session so that all data is private.This is such an important factor for websites that Google is now using SSL as a ranking factor. As of July 2018 Google will mark all non-https sites as “not secure”. So installing SSL not only protects your users and you, it will also help you boost your SEO by telling Google and other search engines you are safe website to access. To inquire about SSL installation, ask your hosting company or contact your web developer. Read more about Googles new strict security SSL requirement.
I wouldn’t point people to WP GDPR Compliance plugin since it was hacked and the original owner gave zero information on the hack. They have fixed the hack but it still caused a large number of designer and clients to suffer.
No kidding. I felt that backlash. I’m still trying to decide on what alternative thing I can do. I liked the plugin because of the data access request page and it’s ability to let clients get their own content off the site themselves. Although, you should know, that any site can get hacked at anytime and it can be because of a plugin, old theme, old wp version, etc. I’m not sure what the programmers knew about the hack, but they fixed it fairly quickly too once they found out. The real problem is not a programmer who failed to see a vulnerability. It’s the hackers themselves. They hackers cause us all to suffer. Not the programmers.
Thank you for this post Heather, i learnt something new about my privacy concerns on the internet.