You may have heard of upcoming GDPR (General Data Protection Regulation) deadline that goes into force May 25th, 2018.
Basically, if you own a website and some of your visitors are in Europe, you need to be compliant by May 25th or you can face hefty fines! In a nutshell, GDPR is new legislation that focuses on how the private data of EU citizens is collected, stored, and used. This also covers the overall security of your website.
If you’re interested in the ins and outs of this legislation, please visit the resources we’ve included at the bottom of this post.
How This Applies To Your Website
Unless you’re specifically blocking European visitors, you’ll probably need to update your website, and soon.
Privacy Policy
Your Privacy Policy or Terms & Conditions page will now need to specifically say what personal data is being collected and how it is being used. If you don’t currently have a privacy policy, you’ll need one.
Included within that privacy policy, include the nature of the data that you are actively collecting for any mailing lists, eCommerce, communities, and user profiles. Also include any third-party plugins that may be used on your site such as Google Analytics or Infusionsoft.
Provide a Clear Consent
If you have a checkbox on your contact form to sign up for a mailing list, that checkbox now must be unchecked by default so that visitors can actively consent. Shopping cart forms and user account creation forms should also include messaging about how the data will be used. If information will be shared with a third party, that third party must be identified and you may want to include a link to their privacy policy.
It’s not a bad idea to include a popup or one-time message to every site user that to use your site, they must agree to your privacy policy. Don’t allow the user to use your site until they agree to it.
Make It Easy to Quit
If a user wants to be removed from your mailing list or no longer wants to be a member, you need to make it as easy for them to remove themselves as it was to sign up. Also, if a shopper hasn’t been on your website in years, they should be removed.
Security
It’s also your responsibility to keep your user’s private information secure. This means installing an SSL certificate on your website (meaning your URL will start with “https”) and if your site is built with WordPress, that WordPress, the plugins, and themes are all updated on a regular basis. If your site is hacked, and your users’ information is stolen, you could be liable.
What’s Next?
This article is not all inclusive. We’d encourage you to do additional reading and have included some GDPR links below if you’d like to read more.
Contact Us! We’re here to help you. We can update your site to be compliant.
We also offer a WordPress Update and Security Package to keep your site updated and secure. Additionally, we can install an SSL certificate for your website, which also helps your search engine visibility.
Additional Resources
Here are some extra reading on the subject that we felt would help: