In the first post of our series “The Complete WordPress GDPR Guide ” we covered the basics of GDPR. We briefly discussed what it means, and we addressed a few common mistakes about the meaning of the new regulation. You can read the first post here.
W eclome to part 2. In this post, we will discuss the key principles of the regulation, and what does it takes to make your WordPress site GDPR compliant. Please note that It is not necessary to read all the posts in our WordPress GDPR in order, however we do recommend that you read all of the, to get the full picture. You can access all the posts via our dedicated WordPress GDPR page here.
GDPR key principles
Many of the GDPR principles are build on the current EU data protection rules. Nevertheless, it introduces some major key principles.
- Consent – A specific, active, consent from the user side is required in order to collect his personal information.
For example, It is not enough to allow opt-out of your mailing list. You must also get his approval before signing in.
- Privacy by default – This principle requires companies and service providers to build systems for collecting and monitoring information in a way that keeps it completely anonymous – that is, one that cannot be associated with a specific person.
- The right to access the information – Anybody that collects information in one way or another is required to allow access to any user who wants to know what is collected within a reasonable period of time.
- The right to be forgotten – Any user is able to require that his information be permanently deleted if he chooses to discontinue any service.
- Transparency – Have your privacy and cookies policies publicly available. Allow your visitors to know which personal data is collected by you and by 3rd parties, how you collect and handle it, how long will you keep it and to what purpose.
- Data breach notification – You must inform your users within 72 hours if any event occurs that compromises their personal information.
GDPR Frequently asked questions
- Must I comply with GDPR?
The answer is simple; follow the GDPR guidelines in this post for more information.
- What constitutes personal data?
According to the GDPR FAQ, personal data is “any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.“
- Must I have both privacy and cookie policies, or can I use just one?
- What is DPO and do I need one?
DPO is Data protection officer, you only need one if you meet one or more of the following conditions.
- Your business is a public authority.
- You are processing a large scale sensitive personal data.
- You organization engages large scale systematic monitoring.
If you are interested in more information about DPO, read this excellent article.
WordPress GDPR – Is there such a thing?
GDPR is not a “technology oriented” regulation in the sense that it doesn’t care which platform your business runs on.
If you take into account that almost 30% of all Internet sites are built are WordPress, it is only logical that there is a very close relationship between WordPress and GDPR.
It is clear that business owners who users WordPress as their CMS (Content Management System) must update their site, and add tools and policies to comply the the new regulation, if they want to continue doing business with individuals living in the EU.
In this post, we covered the key principles of GDPR, and started discussing the connection between WordPress and GDPR. The next post of this series will cover the improvements to WordPress code in order to comply with the regulation. Future series posts we will also cover 3rd party tools to help you make sure your WordPress site GDPR compliant.
We invite you to check back with us next week for the second part, or simply subscribe to our Messenger Hub and we will send you the article as soon as it goes live!
References and further reading: