This article will discuss GDPR Compliance, and What You NEED To Do before the deadline on May 25th. This will include the need to edit your Privacy Policies, Terms of Service and any other Data Policies that you may have to fully inform website users of their rights along with acquiring their consent to use any data that you collect or process when they visit your website.
- Tell the user who you are, why you collect the data, for how long, and who receives it.
- Get a clear consent before collecting any data.
- Provide users access their data, and take it with them.
- Allow users to delete their data.
- Inform users how information is stored
- Notify users if data breaches occur.
Tell Users Who You Are & What You Are Doing *
GDPR requires you to tell people who you are. It also requires you to tell them why you are collecting their data and how long you are going to store it. GDPR also requires you to inform users on your website if there are any 3rd parties that are receiving their data via your website. This would include any analytics information, advertisements, form processing and more.
GDPR Collecting Data Via Form Processing *
Just about every website has forms to interact with their users. There are contact forms, order forms and more. Forms collect personal data from users. Yes this includes IP addresses, cookies and more . You must get clear consent when collecting this kind of information.
How To Get Consent *
This is verification that the user understands that their location or browsing history may be accessed by both your websites services as well as possible third party tracking or analyzing services.
Authorization must also be given by the user for any form submissions or checkout processes as well to give consent to use and store information. This type of information is more sensitive and identifying and will need to be encrypted for safe storage.
Users Ability To Access Their Information *
Users will need to have the ability to access their information. This will give them the opportunity to download, modify or delete any information related to them personally.
This will need to be completed in different ways.
- Email subscriptions need to contain a standard link in every contact that allows the user to Unsubscribe from the notifications. This allows them delete their information from that list.
- When making an order they will need to create a username and password to access their purchasing records. This will provide the opportunity to modify or delete any sensitive information on that level.
Inform Users Of How Their Information Is Stored *
Storage of information should always be on a secured platform. This should be protected with both encryption and firewalls. Many servers both standard and cloud formats should be verified and secured.
Notify Users Of Any Data Breach *
GDPR regulations state that any breach of data where the data is stored must be analyzed. Also, all users in the affected breach must be notified within 72 hours of the data breach. You will need to have an officer or monitor in place to keep a regular check on your data. They have to identify if it is breached or compromised in any way.
If a breach occurs it must be caught and investigated to see what information was accessed. They must also find how and where it was accessed from. Any user whose information is contained in the accessed data segment must be notified within the 72 hour window for GDPR compliance.
Preparing For GDPR Compliance *
All of the above steps need to be followed for GDPR compliance. Any organization found to be non-compliant can receive a serious fine of up to € 20 million or 4% of their annual turnover (whichever is greater). It is important to prepare now before the deadline of May 25, 2018.
In addition to the above steps, WordPress has now created a plugin to help with this solution. This plugin is called GDPR. With its simple interface, the GDPR WordPress plugin helps you to quickly and easily set up your WordPress website for GDPR compliance.
Database Encryption *
Keep in mind that at this time you will still need to get an encryption of your database completed and have it analyzed regularly to ensure that there has been no breach in security.