There’s been a lot of talk about the General Data Protection Regulation (GDPR) so far this year. In fact, there’s been so much talk that it’s easy to lose track of what’s most important to understand. Given the penalties imposed for non-compliance, this could be catastrophic.
While there are a wide array of articles on the subject being produced regularly, you’ll want to keep track of additional sources of information. For example, WordPress’ own reaction to the GDPR should be closely monitored, along with the responses of various developers and businesses connected to the platform.
In this post, we’ll round up a number of resources related to the GDPR that will help prepare you for its rollout. We’ll also mention some choice articles from the Torque archives to further inform you on the subject. Let’s get started!
A Brief History of the General Data Protection Regulation (GDPR)
For the uninitiated, the General Data Protection Regulation (GDPR) is a ‘mutation’ of sorts of the previous data protection legislation and the EU Cookie Law. It’s a European Union directive stating that site owners need to declare the use of cookies to visitors. However, the GDPR takes things further by looking at user privacy and data as a whole.
It contains a complex assortment of guidelines for compliance that ultimately boil down to three simple elements. Users must be given:
- The right to access their data.
- The right to be forgotten.
- A method for porting their data elsewhere if needed.
If your site doesn’t comply with these three requirements, the penalties could be catastrophic. For example, non-compliance could mean incurring a fine of 4 percent of your annual turnover, or up to $25 million.
Essentially, the GDPR is intended to help ensure that users gain more control over their data, and that site owners are more transparent about what they do with the data they collect. With over 50 percent of companies using so-called ‘Big Data’ tactics, the time is ripe for legislation.
The GDPR rollout date is May 25, 2018. For this reason, practically all concerned parties are working hard to ensure that their websites are compliant – including WordPress.
How WordPress Is Handling the Implementation of the GDPR
Given that it currently powers over 30 percent of the web, WordPress is one of the key players when it comes to GDPR compliance. Some users may feel that their WordPress-powered websites are exempt because they simply don’t collect data openly. However, this is incorrect. All WordPress sites collect data by default.
The only real source of news on the GDPR as it relates to WordPress is a constantly-updated page on WordPress.com, outlining how Automattic’s business philosophy aligns with the goals of the GDPR. Although we are confident that WordPress is working hard behind the scenes to ensure that the platform is compliant, they have been slow to respond to inquiries from the community regarding the GDPR.
We’ll take a look at the GDPR for WordPress initiative in more detail shortly. For now, what’s important to know is that the whole community is pulling together to make sure WordPress and its outlying elements are all fully compliant.
A Comprehensive List of GDPR-Related Resources
By now, you’ll hopefully understand just how important GDPR compliance is. Given that, you’ll want to use only trustworthy resources when researching the ways you can make sure your site is compliant.
The following list is a guide to reliable GDPR resources. While we recommend starting with this very article, the second place you should go is the official website.
Articles
As you may expect, the internet has become pretty obsessed with GDPR-related articles. This means there’s lots of information to assimilate, and no shortage of advice on how to become compliant. Of course, it can be difficult to know where to start (as well as how to tell which articles are reliable).
We’d be remiss if we didn’t mention our own piece on the GDPR initiative, and we’d humbly suggest that it’s a great first step for site owners who are new to the subject. US website owners will also want to check out this piece by PCMag UK. The article covers how the GDPR impacts US users specifically, and why it’s necessary for companies to employ a Data Protection Officer (DPO) to help ensure that GDPR requirements are met.
Finally, you’ll likely want to read up on how Automattic itself is tackling the GDPR. The first port of call here should be the official statement on WordPress.com. WooCommerce users should read this dedicated GDPR page, which also includes some handy additional resources. Although Jetpack has a tag set up specifically for GDPR, the only article within is short and directs to the previously-mentioned WordPress.com page.
Tools and Plugins
As for dedicated plugins you can use to help ensure that your site is compliant, there are a smattering of choices (although we expect there will be more in the future). The first plugin you might want to try out is WP GDPR Compliance:
This plugin lets you add elements to your current form plugin to make sure it’s GDPR-friendly. So far, Contact Form 7, WordPress’ comments, Gravity Forms, and WooCommerce are supported, with more on the way. There’s also a handy checklist included so you can see at a glance what aspects of the form are compliant, and which still need addressing. While reviews thus far have been mixed, it represents the best option currently available.
For a feature-heavy plugin that’s extremely handy for recording how your site is used, you’ll want to look at WP Security Audit Log:
This plugin records every action taken on your website relating to user activity, and we’ve talked about it in our own GDPR article. Needless to say, we’re big fans of the plugin for the flexibility and power it gives you.
Finally, if you’re a developer, you’ll want to make sure your products are also compliant – especially plugins. A good primer on the subject was presented by Heather Burns at WordCamp Belfast in 2016, although you’ll likely want to supplement this with more current information. To actually whip your plugins into shape, check out the GDPR for WordPress initiative:
This ultimately lets you work with hooks to provide anchors that tell others where your plugin provides compliance. It’s a project that’s constantly moving forward, and as Kåre Mulvad Steffensen alluded to in this post, its tools should be integrated into the WordPress core within the next couple of revisions.
Conclusion
The GDPR is taking up much of the WordPress community’s focus in 2018, and for good reason. Quite frankly, user data is vital for income. By not protecting it (and the users who gave it to you), you’re doing them a disservice and potentially impacting your own cash flow to boot.
Therefore, keeping up to date with all things related to the GDPR is vital. This post collated a number of resources, articles, and tools to help you guarantee compliance. In our opinion, you’ll want to start at the official website, but also take a look at how the WordPress bigwigs are getting the platform prepared. Developers will also want to check out the community-led initiatives to help you comply with the GDPR.
Do you have any questions about the GDPR or any resources to add? Let us know in the comments section below!
Featured image: TheDigitalArtist.
No Comments