By now, you’ve probably heard about GDPR. Facebook and various other services have been talking about GDPR for some time now. You probably also got a slew of emails with “updated privacy policies” from various services you don’t even remember joining. What is GDPR and how does it affect you?
GDPR or General Data Protection Regulation
In the simplest terms, GDPR is a regulation tightening the collection and use of personal information such as names, email addresses, and other information you may collect from your customers. This regulation is a regulation passed in the European Union, so its definition may not affect you much. However, if you have any customers or collect any information from individuals in the EU, you need to comply with GDPR standards.
I don’t do business in the EU. Should I do anything?
Yes. Even if you don’t do business in the EU, it still makes sense for you to clarify how you collect and use people’s data to cover all your bases. While we can’t be certain that the US will be following the EU in strengthening privacy rules, it’s always possible, and in cases like this it’s easier to just make your intentions clear rather than cough up fines or scramble to become compliant.
What should I do?
Well, first thing you’re going to want to do is to make sure that your website clearly outlines your privacy policy which is accessible easily. We would suggest putting a permanent link either in your navigation or your footer. In your privacy policy, you should outline: any services that you use to collect data from your visitors. You might be thinking, “I don’t collect information from anyone”, but if you use a contact form, that’s one way you’re collecting information. Contact forms, email marketing subscribe boxes, appointment booking software, and ecommerce are all ways that information can be collected. This includes analytics. In your new privacy policy, describe what information you may collect, link to any third party privacy policies (say you use MailChimp to handle email subscriptions, you’ll want to link to their privacy policy as well), and outline how long you keep this information. You can say “indefinitely”, although you should have parameters in place to purge data after a certain period of time (clean out your email inbox, maybe?). Keep in mind you may need to keep invoices for particular periods of time based on tax parameters.
There are more specifics outlined in GDPR, such as notifying people in the instance of a hack. To read more about GDPR standards, we would suggest doing some research on what is expected of you if you collect information from individuals.
WordPress 4.9.6
You know we love WordPress. You also know that WordPress is pretty much the backbone of the internet, as it is the most common CMS used to build websites. WordPress is, once again, on top of things. With the rollout of 4.9.6, WordPress gives you the following tools:
- Quick creation of basic privacy policy (some things will be prefilled, but it’s very fill-in-the-blank)
- Guided help on what to write in your privacy policy
- The ability to export any user or customer information from your website
- The ability to easily purge any user or customer information from your website
How have you geared up for GDPR? Are we missing anything? Let us know in the comments below!