Category Archives: GDPR

Preparing Your Website for GDPR – Part 3

This is Part III in this series and addresses the new GDPR and Privacy tools that WordPress is planning to release Tuesday, May 15th.

Tuesday, May 15th WordPress Releasing GDPR Tools

May 25th is the GDPR Enforcement Date

First, my standard quick disclaimer: I’m not a lawyer and the information in this newsletter isn’t legal advice. Rather, it contains a selection of information from various sources.  If you need legal counsel, please consult an attorney.
This is Part III in this series and addresses the new GDPR and Privacy tools that WordPress is planning to release

Overview of Part I & II

The GDPR (https://www.eugdpr.org/) becomes enforceable from May 25, 2018. It gives EU citizens control of their digital data by empowering them with the right to know when personal data is being collected, what data is being collected, access to that data, and to purge it on request. the legislation affects not only businesses and organizations operating in Europe, but also those ‘processing the personal data’ of people living in the European Union. Which includes most websites around the world.

Part I: Click here to read Part I in this series
Part II: Click here to read Part II in this seriesTuesday, May 15th.

New WordPress GDPR & Privacy Tools

The WordPress team is scheduled to release WordPress version 4.9.6 Tuesday, May 15th.

 

GDPR tools that are expected to be included in next weeks’ release:

  1. Add settings screen for creating a privacy policy
  2. Default text for privacy policy page (to help site owners get started)
  3. Add tools for anonymizing of commenters
  4. Add opt-in for commenter cookies
  5. Cookie notice
  6. User access to personal data collected (primarily sites that accept comments, have user login area(s), run a forum, and/or have online stores)

Items planned for WordPress version 5.0

  1. Add a way for registered users to request deletion or anonymization of their private data
  2. Add to the privacy tools a means to erase personal data by username or email address

How to implement the new tools on your website

If you’re already on any of my maintenance plans, I will be implementing the new GDPR tools for you. I’ll contact you once the new privacy policy page and other elements are set up and we’ll schedule a time to review them together.

Links for Those Who Want to Follow Active Development

Preparing Your Website for GDPR – Part 2

This is Part II in this series and addresses the new GDPR and Privacy tools that WordPress is developing.

First, a quick disclaimer of my own: I’m not a lawyer and the information in this newsletter isn’t legal advice. Rather, it contains a selection of information from various sources.  If you need legal counsel, please consult an attorney.

This is Part II in this series and addresses the new GDPR and Privacy tools that WordPress is developing. 

Overview of Part I

The GDPR (https://www.eugdpr.org/) becomes enforceable from May 25, 2018. It gives EU citizens control of their digital data by empowering them with the right to know when personal data is being collected, what data is being collected, access to that data, and to purge it on request. the legislation affects not only businesses and organizations operating in Europe, but also those ‘processing the personal data’ of people living in the European Union. Which includes most websites around the world.

For more details: click here to read Part I in this series

New WordPress GDPR & Privacy Tools

Quite a few of you have reached out to me after reading Part I in this series. There is nothing to be done at this point except to be aware that changes will need to be made to most websites once the new tools have been released by WordPress.

Once the new tools have been released, I’ll be available to get these setup and running on your site.

Items that may need to be implemented:

  1. Privacy policy with site-specific cookie collection information
  2. Privacy consent checkboxes on all website forms (such as contact forms)
  3. Cookie notice
  4. User access to personal data collected (primarily sites that accept comments, have user login area(s), run a forum, and/or have online stores)

If your website is informational (does not accept comments, no online store, no user login, no forum, etc…) then you may only need to implement items 1-3 above—WordPress is working on making this a simple as possible.

Tools Currently in Development

The WordPress development team is actively working on the new tools to address GDPR Compliance and privacy in general.

Some Items Being Developed For Release (still no ETA):

  • Tool to create GDPR-ready privacy notices
  • Tools to access, export, delete all personal data and anonymize published/public content (like posts, comments, etc.)
  • Tools for commenters and registered users
  • Documentation/help for site owners on how to use the new tools

Roadmap and details regarding the new tools: click here

Links for Those Who Want to Follow Active Development

Preparing Your Website for GDPR

GDPR General Data Protection Regulation on 25 may 2018. GDPR Vector illustration

What is the GDPR – General Data Protection Regulation?

The GDPR (https://www.eugdpr.org/) becomes enforceable from May 25, 2018. It gives EU citizens control of their digital data by empowering them with the right to know when personal data is being collected, what data is being collected, access to that data, and to purge it on request. the legislation affects not only businesses and organizations operating in Europe, but also those ‘processing the personal data’ of people living in the European Union. Which includes most websites around the world.

These are the key items addressed:

    • Consent. Everyone whose data you collect must consent to you doing so. This doesn’t just apply to data gathered via forms but also to data picked up in the background such as IP addresses, if it’s used to identify an individual.
    • Right to access. Individuals will have the right to access to their data and to information on how it’s being processed and used.
    • Right to be forgotten. An individual will have the right to have their data erased, and for it to no longer be disseminated.
    • Breach notification. Inform users if there is a breach.

The GDPR Will Affect U.S.-Based Business & Websites

If you don’t allow public registrations, you might not think that you collect data from your visitors, but you probably do. Some of that data may come from EU citizens, even if they’re not part of your target market.

You website collects data from users if it:

  • Allows comments (WordPress logs the email address, IP, and name)
  • Allows user registrations
  • Uses online forms (especially if you’re storing this information in your database)
  • Uses analytics tools – such as Google Analytics

Basically, it affects you if you collect any type of data, even unintentionally.

GDPR Compliance and WordPress

The WordPress development team is actively working to address GDPR compliance for WordPress websites. They are working on centralizing tools in WordPress itself to help website owners understand and meet compliance standards.

Some Items Being Developed For Release (soon):

  • Section and/or tools to address: consent, right to access, right to be forgotten, and breach notification
  • Screen to create a Privacy Policy
  • Opt-in for cookies (ex: Google Analytics)
  • Documentation/help for site owners on how to use the new tools

Links for Those Who Want to Follow Active Development