Disclaimer: We are not lawyers. Nothing on this website should be considered legal advice. This is a basic ‘beginners’ blog on the subject, outlining how WordPress users can adopt best practice regards GDPR compliance. It has to be noted having reviewed industry recognised editorials on the subject, no one is offering the possibilities of 100% effective compliance, given the complexities involved. However, there are some basic procedures you can adopt in pursuit of best practice as outlined below.
The primary function of the new GDPR ruling is to provide clarity of when, where, and how data is stored during browsing and where that information you have provided may end up. Given most of the internet activity and development comes from outside the EU, it became of concern to the EU institutions that such sensitive data was in fact moving out or being stored outside the EU jurisdiction and may be used without consent, or redress to correction, or deletion.
As you can imagine if you actively get involved with shopping on-line, the data stored increases, as you may activate an account at that web-store, or create a purchasing record, which hold details of the purchase you’ve made. As some web store software features are software plugins maintained by servers in the cloud, perhaps managed from another country, your basic function details and activity may be reviewed by developers to assess a particular software’s performance, this may also include those that also provide software for managing newsletters and email promotions too. To ensure best practice, it is now incumbent on the website you’re visiting and those that visit yours, to use developer companies that are both reputable and offering best practice in data protection. These developers are required to clearly show in their own privacy policies and they too are conversant with all the demands of GDPR.
a) Terms and Conditions : A page clearly outlining who you are, and your relationship with the browser. Any terms and conditions of service and information provided, including any disclaimers.
c) Privacy Tools: A Page, where by browsers can access the detail you have acquired and delete the entry. This is an extension of the ‘rights to be forgotten’ in terms of data usage and storage and the rights to port data, and enables browsers to opt in or out, or review data.
For basic commercial sites primarily outlining product and company information, such tools and frameworks are readily available for managing this process, from cookie acceptance, right the way through to simple newsletter and shop cart activity. For Word Press these function as plugins and subsequent page edits and adaptations. However for companies (such a utility companies, Banks and social media platforms) where the data collation and service handling on-line are more intense, the need for Data Protection Managers and data management becomes acutely more apparent. It is for this level of involvement the GDPR is mainly gear towards, as fines can be as significant as 4% of turnover. For smaller companies, compliance is a requirement of best practice, but the levels are less intense, however, a basic understanding and framework of management of privacy and acceptance is required and needs to be in place.