GDPR Compliance for Your Site
I’ve been hearing about GDPR (General Data Protection Regulation) for the past year. You can read more about the law here. It applies to everyone who is located in the EU or who has user/visitors/customers in Europe. So basically, if you have a website, you should care about GDPR. The law regulates the privacy and data protection requirements for individuals located in the EU. In short, you need to prove consent or legitimate interest for any private information that you collect. I have no law background and no special knowledge about GDPR compliance.
With the implementation of GDPR drawing near, I decided to take some steps to meet the law since I’m located in Europe. All my sites are on WordPress.com or WordPress.org.
To start, I figured that I needed a cookie alert and clear language about my data collection and use for sign-up forms and other places where users may provide private information. I found this website useful as an example of one person’s approach and this one which offers a free checklist.
Steps I’m Taking for GDPR Compliance
- Install the EU Law Cookie Widget on all my sites.
- Create a privacy policy using this template and looking at the policy of other websites.
- Check my settings for Google Analytics
- Remove/delete plugins that I am unsure about.
- Ensure that my contact forms and subscription forms clearly state my data protection policy. I’ve been trying different options and decided to use MailChimp due to their popularity, my existing familiarity, and their clear steps for compliance. I’m still working on this step. I think I will have to make sure to link to the relevant section of the privacy policy due to this requirement.
I haven’t posted the privacy policy but am keeping it stored in case I need to use it. I’m hopeful that the next version of WordPress will make GDPR compliance even easier.