GDPR Basic Guide

Disclaimer: We are not lawyers. Nothing on this website should be considered legal advice. This is a basic ‘beginners’ blog  on the subject, outlining how WordPress users can adopt best practice regards GDPR compliance. It has to be noted having reviewed industry recognised editorials on the subject, no one is offering the possibilities of 100% effective compliance, given the complexities involved. However, there are some basic procedures you can adopt in pursuit of best practice as outlined below.

GDPR Logo Mac Creative GuideA basic guide to GDPR

The primary function of the new GDPR ruling is to provide clarity of when, where, and how data is stored during browsing and where that information you have provided may end up. Given most of the internet activity and development comes from outside the EU, it  became of concern to the EU institutions that such sensitive data was in fact moving out or being stored outside the EU jurisdiction and may be used without consent, or redress to correction, or deletion.

All websites use cookies that collect and store basic visitor data so that the browser can access the site without slow loading speeds. These cookies also report to browsers you may use such as Yahoo, Mozilla and Google. Internet tools such as Google Webmaster and Google Analytics, report the pages and sites you landed on and the frequency to the owners of the properties involved. All this is designed to best enhance search engine experience and for webmasters to best assimilate interest a particular site, and maybe the products on offer too. Dependent on the level of interaction, this will also govern type of the information stored. In general, your personal IP address, email address and location is the foremost data used. If you have a Gravitar then you may leave links to you profile etc, and the depth of the data progresses the deeper your involvement with web based activities such as social media. The more material you make available, be it images, comment, or products the more that is accessible. However this is all now governed by consent.

For very basic commercially used websites the primary functions,which you or your customers will get involved with, will be viewing your information pages. At this level, you will leave is very basic information linked to browsing history for that site, such as personal IP address, email address and location. If your site is based on a blog platform such as WordPress (which is good tool for ‘blogging news’ and gauging consumer reaction) and you leave a comment, this detail along with your ‘passing by’ info will be stored for a limited period (see the sites privacy policy). Recent Word Press platform upgrading now features a check box, for you to consent when leaving a comment, for the saving of this information. Likewise, if you are requesting information via a contact form, there should also be a similar consent check box. Likewise, any email correspondence via newsletter, should include an unsubscribe facility as well.

As you can imagine if you actively get involved with shopping on-line, the data stored increases, as you may activate an account at that web-store, or create a purchasing record, which hold details of the purchase you’ve made. As some web store software features are software plugins maintained by servers in the cloud, perhaps managed from another country, your basic function details and activity may be reviewed by developers to assess a particular software’s performance, this may also include those that also provide software for managing newsletters and email promotions too. To ensure best practice, it is now incumbent on the website you’re visiting and those that visit yours, to use developer companies that are both reputable and offering best practice in data protection. These developers are required to clearly show in their own privacy policies and they too are conversant with all the demands of GDPR.

Best practice overall involves clearly identifying that the site uses cookies (which all do in some form) at the opening of a site.  You ask the browser to accept this condition or not. To which cookies will be applied or not. Then on, your site must contain:

a) Terms and Conditions : A page clearly outlining who you are, and your relationship with the browser. Any terms and conditions of service and information provided, including any disclaimers.

b) Privacy Policy: This page outlines the data you collate and store in relation to your business, and provides links to the privacy policies of service providers where applicable, including Google Analytics for opt out purposes and details of your National Data Protection regulator.

c) Privacy Tools: A Page, where by browsers can access the detail you have acquired and delete the entry. This is an extension of the ‘rights to be forgotten’ in terms of data usage and storage and the rights to port data, and enables browsers to opt in or out, or review data.


For basic commercial sites primarily outlining product and company information, such tools and frameworks are readily available for managing this process, from cookie acceptance, right the way through to simple newsletter and shop cart activity. For Word Press these function as plugins and subsequent page edits and adaptations. However for companies (such a utility companies, Banks and social media platforms) where the data collation and service handling on-line are more intense, the need for Data Protection Managers and data management becomes acutely more apparent. It is for this level of involvement the GDPR is mainly gear towards, as fines can be as significant as 4% of turnover. For smaller companies, compliance is a requirement of best practice, but the levels are less intense, however, a basic understanding and framework of management of privacy and acceptance is required and needs to be in place.

GDPR Fines Mac Creative Guide



Posted in Update News.

Leave a Reply

Your email address will not be published. Required fields are marked *

I accept the Privacy Policy