GDPR: Get Ready for the New EU Privacy Law in Fifteen Minutes

GDPR

If you’ve had to recently agree to many new terms and conditions for your online services, there’s a good probability that it’s because of a European regulation on privacy.

If you haven’t yet heard, the European Union is introducing a set of common sense laws on May 25th called the General Data Protection Regulation (GDPR).

We certainly think these regulations are a good thing for everyone. Why? Because they give users’ control over their data while being fairly easy to understand.

You can jump straight to our guide on our support website to learn how to implement them on your website.

We asked Heather Burns, a tech policy and regulation specialist based in the U.K., how GDPR will benefit the WordPress community. Here’s what she had to say:

The biggest benefit GDPR brings to the WordPress community isn’t in the code. It’s in the processes it encourages you to go through. Getting to grips with GDPR, for many developers and users, will be the first time they’ll have sat down to really think about questions like “What data do we collect? Why do we collect it? Where do we store it? Who has access to it? How long do we keep it? Who do we share it with?

In short, the regulation gives the right to ask a website or app for their personal identifiable information. Furthermore, users can ask for their data to be anonymized (also known as “the right to be forgotten”.) Moreover, a company is obliged to inform its users in the event of a data security breach.

Everyone agrees that these new laws are simply common sense.

Have European Users? GDPR Applies to You, Too

The regulation applies to any company which processes data of European residents.

For example, an American company will have to process a request from one of their European visitors if he/she leaves comment on a blog post with his name and email address.

For this reason, we recommend all website owners to simply abide to the regulation, regardless if you are in the European Union or not.

In time, people online beyond Europe’s borders will start to expect this “privacy by design” mentality, as Heather Burns suggests:

As your users become more conscious about their personal privacy, you need to be prepared to meet those expectations, and “promises to respect your privacy” just won’t do anymore […] and this is particularly important for people working in countries which have no comparable overarching privacy law, such as the U.S.

What Are the Penalties?

The penalties can be up to 4% of a company’s annual revenues.

Rest assured, most small website owners will not be hounded or regulated.

Most European countries are not ready to enforce the directive right now, and when they are, they will certainly be concerned with large companies hoarding vast amounts of data or those handling very sensitive information, such as the ones who operate in the healthcare industry.

The biggest risk to site owners outside the EU who don’t abide to the new privacy guidelines will be a loss in public trust and confidence in their services. […] Respecting your users’ privacy will become a selling point for responsible services, as important as the product itself,” says Burns.

Get Ready In 15 Minutes

The team behind WordPress have made it easy for website owners and plugin authors to abide to the new rules.

Starting in version 4.9.6, there are several tools to help you get GDPR-compliant.

In our GDPR guide, we’ll take website owners through these tools:

  1. Publish a new Privacy Notice that makes your visitors’ rights clear;
  2. Ask for consent to collect data in your forms;
  3. The tool to extract a visitor’s identifiable data;
  4. The tool to anonymize a visitor’s identifiable data.

We also have other, optional recommendations in our guide.

Hopefully, you’ll see the reasonableness of this new regulation. GDPR will certainly get a big boost from WordPress since it powers 30% of the internet.

More than half of the world’s population will be online this year, for the first time. It’s timely that we finally get the rights to control our own data 29 years after the WWW was created.

Illustration by Mary Delaney.