General Data Protection Regulation is the latest data privacy regulations set up by the EU government and started getting implemented by 25th May 2018.
Table of Contents
Market analysts and business owners often comment that they are still struggling to make their website completely in line with the GDPR Compliance.
But, if you are conducting business online while targeting the EU member state audiences: customers, readers, viewers, etc., then you need to get the GDPR guidelines checked.
We know that the majority of us are already using WordPress as a platform for our digital businesses. But if you want to continue to tap into mature markets like the EU, then you must step back and learn more about getting your WordPress ready for the GDPR.
That’s our motive here: guiding you to prepare your WordPress website before it’s too late.
Things to Set Rights of WordPress Website Under GDPR Compliance
Check The Policy Through Policy Generator
GDPR compliance and policy focuses primarily on transparency. According to the terms and conditions under this regulatory act, your website should clearly state the processes related to the collection of data, as well as the practices to carry out using the information collected.
For such a degree of transparency, make the best use of your WordPress website’s Privacy Policy. It should be:
- Clearly written and articulated in a language that is clearly understandable by an average reader.
- Oriented on the website at such a place that it is clearly accessible, clicked, and bookmarked by readers for further perusal from their end.
The benefit of having a WordPress website is that it has its Privacy Policy generator. You don’t have to search around for external help then.
Access it by searching and browsing the “Settings” option. Then go to the “Privacy” option. At this dashboard, you can upload the document of your Privacy Policy copy, if you already have curated one.
If not, there’s an option of “Generate New” Privacy Policy. Click it to start using and editing the template of the policy terms for your website.
Use The Template Given For Privacy Policy
The template which we are talking about has common areas; filling them completes the procedure for your website’s updated Privacy Policy—one which adheres to the GDPR compliance.
Some areas might not be relevant for your website. So, go through the areas available on the Privacy Policy template. Make sure you fill only those areas which you think speak about how your website is going to function.
More than that, your business operations, user interactions, data handling & processing features should be mentioned on a general basis. This helps the user acknowledge the fact that he or she isn’t oblivious to the same.
When you are satisfied with the draft, along with the font, images (if any), and other snippets, you can hit the “Publish” button. This will Privacy Policy option often is found at your site’s footer.
And while logging in the admin page, the Privacy Policy button highlights itself at the bottom of the same.
Erasing or Exporting User’s Personal Data
The users, whose information you collect, process, and use for expanding your business online and across nations, are to be informed regarding the same under the GDPR compliance rules.
These rights are to:
- Access
- Be informed
- Rectification
- Restrict the processing of their data your WordPress site collected
- Object
- Be forgotten
Similar other rights are also included in the GDPR policies. So, you need to make sure that though the Privacy Policy your users are informed about their rights and that they can stop you from using their information if they are not comfortable.
At the same time, as an example, if a person of your website requests to be forgotten, then you will have to comply.
Under certain conditions of the GDPR, you will have to erase the documents, data, and the other information related to that person you have in your database through WordPress.
So, for the user to exercise the rights, you need to have a contact form embedded, irrespective of the theme.
These contact forms help the customer or client reach out to you as soon as they feel uncomfortable or not sure about the content about themselves that your website is deemed to use.
To create the forms, you will them under the “Tools” heading on the WordPress dashboard system. Here, administrators of the website, like you are of your own site, can choose to “Erase the personal data” of the particular who has put forward that request.
Under this window, you get the option to enter that user’s ID who has requested such a query through contact forms. Then click the button that says “Send Request” to send the user a confirmation email that you will be processing his/her request.
Moving ahead, click the “Erase Data” option from the same window to erase the data that the WordPress site has originally collected from that user’s IP address.
Similarly, under the “Tools” section on the dashboard, you also have an option to “Export” the data. When you click this window, again you get an option to send the email to the user, asking for confirmation to export his or her personal detail.
Once that user sends the confirmation, then you can start exporting his or her data for further insights and business analysis.
Set Up The Cookie Opt-in Notification To Inform The User
WordPress uses two types of cookies: Session (keeps user’s session logged in) and Comment (collects the user data when they comment on any post).
For informing users that Comment cookies are being used by your website under the GDPR compliance, go to the “Settings” and select the checkbox of “Show comment cookies opt-in…”
Enabling this option will inform every user on your website in the comment section about the same. A small checkbox will be asking for their permission, so you can use their data.
If they check the box right, then it is deemed there is no objection from their side. Otherwise, users can simply choose not to let you use their comment box insights.