What Is GDPR Exactly?

The General Data Protection Regulation (GDPR) is Europe’s new framework for data protection laws, replacing the 1995 data protection directive. EU legislation says that it is designed to harmonize data privacy laws across Europe and that its main purpose is to give greater protection and rights to individuals. After publication of GDPR in May 2016, it became effective on May 25, 2018.

In a nutshell, GDPR protects user data in just about every conceivable way. Both personal data and sensitive personal data are covered. Sensitive personal data is easier to describe, as the usual suspects like genetic data, information about political views, sexual orientation, religion etc, belong to that category. Personal data, more or less, means any information that can be used to identify a person, starting with name and address and can also include email and IP addresses.

Who Is Affected By GDPR?

In short, every company, organization and individual that is processing or controlling datasets of their customers or website visitors will be covered by GDPR. It will affect any business that does have customers who reside in the EU.

What does GDPR Entail?

In order to be GDPR-compliant companies must handle customer data with the utmost care and attention. However, that alone is not enough, and customers have to be provided with tools to control, edit and also delete any information pertaining to them. Furthermore, any data that is handled has to be protected, meaning that anonymization and encryption are two important aspects that come into play. Another very important factor is that customers have to be asked for their consent explicitly, before their data is collected and processed.

Examples of GDPR

  • A contact form

  • Google analytics

  • Google maps for your contact page

  • Google fonts (most websites use them)

  • Any electronic form that collects data from a visitor

  • A website firewall and intrusion protection application (example: WordFence)

  • Privacy policy and terms of use policy: update existing ones, or add new ones to your website

What Does This Mean For Your Website?

If your website has the following, you should ensure you are compliant (even if your customer base is US based, websites are accessible world wide):

LSi Medias’ contact form as an example of implementing compliance.

Responsibility Of Compliance For Websites

It’s important to note that it is the responsibility of every company or website owner to prepare their sites for GDPR compliance. It is not the duty of any framework used to create and manage a websites compliance. In almost all cases, a lot of manual fine tuning will be needed. Generally speaking, that means there is no use in asking “Is WordPress GDPR compliant?”.  It is a powerful tool to create websites, and the end users website is what will collect data and the data collected will be different for every usecase.

Does that mean that WordPress users are left alone in their fight for compliancy? No, not at all!

WordPress And Its GDPR tools

An article about GDPR Compliance Tools in WordPress was posted on WordPress.org shedding light on the new privacy features that WordPress has added to its latest release 4.9.6, which shipped on May 17, 2018.

The main features are new areas for handling data export and erasure requests, a new privacy policy page and also a consent checkbox for the comments form.

LSI Media can also assist in helping to implement your GDPR compliance. Just reach out to us.

Further Reading