The laws surrounding the new privacy legislation in Europe have now been implemented, and many businesses, especially those outside Europe, are scratching their heads and wondering what to do. The big questions they have sound something like these:
- Does my business need to worry about GDPR?
- What does GDPR compliance look like?
- What can I do to be GDPR compliant?
Well we will go through these questions one by one, and offer some easy solutions for small and medium sized businesses who may not have a data-controller, or even an IT lead to decipher this new legislation.
Does my business need to worry about GDPR?
In summary, the answer is yes. Even if you are not located in Europe and are not primarily focused on a European audience, this legislation could still affect your business and the visitors to your site. Matt Tyrer, senior manager at Commvault recently wrote in the Financial Post:
“Any interaction with people over there could have implications. It could be an email address or phone number, or some exchange at the cookie level of an EU citizen. Some of the information you collect could easily fall under the regulatory rule set. There are subtle, nuanced things that people don’t think about.”
There are stipulations in the legislation that mention non-compliant organizations could risk fines of upto 4% of global revenue. While this may be difficult for the EU to enforce with foreign entities, this is something that needs to be taken seriously.
What does GDPR compliance look like?
The basic answer is that you need to be aware and transparent regarding all of the data that you collect, and have those from the EU explicitly opt in to providing this data, and also give them the ability to opt out at any time.
The full answer is a highly nuanced and technical problem that is best handled through some external audit assessments/quizzes that are readily available online, here are a couple that we have seen:
- Microsoft’s GDPR Assessments
- The Ultimate GDPR Quiz
What can I do to be GDPR compliant?
If you are like many other small and medium businesses, you don’t have an IT dept, lawyers and a data controller, and are looking for some basics to at least get started with GDPR compliance. The following advise should not be considered as legal advice, and should only be taken as a starting point towards compliance (please do your own research and consult those that can speak authoritatively on this).
With that being said, here are some resources that will help your WordPress site manage GDPR compliance, and also give you the option to only show your site compliance pop-up to EU Citizens (this will make for a better user experience for all other visitors).
- Update your privacy policy.
- Ensure that you cover all of the areas in clear language. Free template.
- Get Consent.
- You need to get clear, unambiguous, and affirmative consent.
- You can use the GDPR WordPress plugin
- Limit To EU
- (Optional)Consider limiting the consent popup behind a Geowall so only EU citizens see the opt-in notification.
- Consider these WordPress Plugins:
What have you done to help ensure compliance?
Origional photo by Adam Wilson on Unsplash