Category Archives: WordPress Tips

A lot of changes are coming for WordPress in 2018, and not the least of which is the General Data Protection Regulation (GDPR) that the European Union is enacting, beginning May 25, 2018. The TL;DR version is that the GDPR says that users have complete control over their data, and you have to tell them why you need it. At which point, they can give the go-ahead or not. Practically, however, it’s a little more complicated than that.

WordPress and the GDPR

Since WordPress is 30% of the internet now, we have a lot of cleaning up to do. Data trickles and flows between our sites and users, and GDPR says that it’s up to us to manage our sites well enough so that users can manage their data. Even though this is a regulation passed by the EU, it affects pretty much the entire world. Because if you collect a bit or a byte of data from a person in EU (regardless of your own location), you’re subject to this law because you then have information owned by an EU citizen. And if you are found to have been in non-compliance, you can be fined up to 20 million Euros.

That’s scary for a lot of people. But it doesn’t have to be.

The good news is that there is a dedicated team of WordPress Core contributors working on GDPR-proofing the Core code before May 25. They have a website (and associated Slack channel) set up where admins and devs can keep up with the progress and to see what you need to do to get yourself (and your clients) in compliance. Here’s the breakdown of what you’re responsible for:

  • Explaining who you are, how long you’re keeping the data, why you need it, and who on your team or externally has access to it
  • Getting explicit and clear consent to collect data through an opt-i
  • Giving users access to their own data, the ability to download it, and to delete it from your records completely
  • In the event of a hack or security breach, letting your users know about it

For longer-form explanations of GDPR, you can check out our overview of data regulations in 2018, the official European Commission infographic on GDPR, and the official support post from Automattic regarding WordPress and the GDPR.

All that said, you need to know what you can do to comply with the GDPR. So here are some specific, actionable steps you can take to keep yourself (and your user’s data) safe.

The GDPR Opt-In

The single most important aspect of all this is the GDPR opt-in. Let me be clear on this. An opt-in is under no circumstances the same thing as an opt-out. The EU has said that you must “get their clear consent to process the data.” That means that users have to explicitly say yes, not only have the option to say no.

Here’s an example: you have an online dropshipping business, and maybe you use WooCommerce. When users get to your checkout page, you have a checkbox that reads “[x] Yes, I want to sign up for your amazing email list!”

No problem, right? If you have the box checked by default, you’re at fault. That’s giving them the chance to opt-out. That’s not what the GDPR opt-in rule says. They must say explicitly choose to share their information with you.

The same thing goes for comment sections that automatically subscribe folks to the comment thread, or any kind of automated contact that isn’t directly user-initiated. (Pop-up chat boxes like Intercom can be okay because that’s not reaching into their data, but could still be affected under the GDPR’s pseudonymisation clause.)

But your #1 goal is to take nothing by default. And honestly, take as little as possible when you do get explicit permission.

Ask for the Bare Minimum of Information

A lot of websites and forms and plugins and stores ask for information they really don’t need. In general, a good rule of thumb is to ask for as little information as possible from your users. If you don’t need their names, even, don’t take it. Or maybe only their first. Sometimes, all it takes is their email to get your job done.

That’s not to say that you can’t ask for the other information. The GDPR simply says you have to tell people why you need it. If you’re asking for their first and last name, tell them why. If you ask their birthdays, make it clear that you send out coupons as birthday gifts for example. Due to GDPR, there is no more asking for info “just in case” or “for future, undetermined projects.”

Many forms plugins let you include a note under/beside the primary label, so if you have a field for phone numbers, you can have a blurb that says “We ask for your phone number so our customer service representatives can expedite the set up process for your custom orders.”

Additionally, when you’re asking for information, the EU says you have to disclose “who you are […], how long it will be stored, and who receives it.” As to how and when you have to disclose this stuff, that can differ. The first one to is that you have to tell who you are at the same time you make the request for their data.

This is effectively no different than the required footers every email service requires you to provide. Just have a sentence or blurb explaining who you are, a single line stating that“This website’s data is handled by B.J. Keeton, the CIO of Awesomesauce International and its subsidiaries.” Or even something like “Data submitted by this form will be used by Awesomesauce International and no one else” will work.

That means, your contact form, sign-up form, checkout pages, wherever users may be giving you their info needs to clearly identify you and yours.

Your ToS and Privacy Policy

As for the other parts of the GDPR’s information retention clauses, you can include the details on the data’s why, how, and who in either your Terms of Service or Privacy Policy. And it’s a good idea to, as well, because these are part of the explicit GDPR opt-in.

The actionable step here is two-fold: First, make sure your ToS and Privacy Policy are GDPR compliant themselves. And second, create explicit required fields on every form indicating acceptance of both documents before processing anything. Checkboxes are fine, and text fields where users can type “I agree” are even better (but are truly obnoxious).

We have some more in-depth resources for you on this, too. You can check out how to add the required agreements to your forms here. And if you’re not sure where to begin on your Privacy Policy, we can walk you through that, too.

I would suggest adding a paragraph into your Terms of Service about accepting the Privacy Policy as a term and linking to it directly from the ToS. Then, in the Privacy Policy, add a paragraph discussing its role in the ToS, as well as exactly how your site manages data in compliance to the GDPR. Specifically, you will need to provide detailed instructions in your Privacy Policy explaining each of the following.

  • How to access and download a complete record of any data you have on them
  • The process through which users can fully delete their data from your records (and not simply unsubscribe, etc.) as a part of the ‘right to be forgotten’ laws previously passed in the EU
  • Exactly how you will inform users of data breaches if they ever happen
  • Detailed explanations of who you are, what you use the data for, who has access to it, and how long you retain it

It is now more important than ever to have a Privacy Policy in place. It was pretty important before because Google wanted you to have one. And that importance has just skyrocketed.

Sounds Like a Lot, Right?

And it is. Luckily, you’re probably using WordPress. Because of our fantastic community, developers are hard at work already on so many ways to help with GDPR opt-in and compliance. There are still many details you’ll have to work out your business, but in the coming months, I would expect options popping up in your favorite plugins — or GDPR extensions made by third parties — that insert all the stuff I mentioned by just checking a few boxes and filling in a few fields.

Basically, to make your site GDPR compliant, it boils down to making sure you’re transparent with people. Let them know what you’re doing, don’t ask for extraneous information, and let them opt-in to giving it to you, rather than you taking it by default.

What steps have you taken toward GDPR compliance so far? Any tips you can share in the comments would be great!

Article featured image by Pe3k / shutterstock.com

The post How to Make Your Websites GDPR Compliant appeared first on Elegant Themes Blog.

read more

People Powered By WordPress: Kevin Graham

There are a lot of blog posts and articles online about sites powered by WordPress. Instead of writing “just another… The post People Powered By WordPress: Kevin Graham appeared first on WPExplorer. read more

Best Sticky Header Plugins for WordPress

If configured properly, sticky header WordPress plugins can bring you more returning customers, more satisfied users and ultimately, more conversions. The post Best Sticky Header Plugins for WordPress appeared first on WPExplorer. read more

How to Create Interactive Images in WordPress

Do you want to create an interactive image for your WordPress blog? An interactive image allows you to highlight, link, and animate certain areas of your image. In this article, we will show you how to create interactive images in WordPress. What is an Interactive Image? An interactive image has hotspot areas, highlights, links, colors, … Read More

Divi Plugin Highlight: Revealing Footer for Divi and Extra

One of the most interesting footer design elements is a revealing footer. A revealing footer is when your footer remains locked in place but isn’t seen until the web page scrolls past it to reveal the footer underneath. It’s like the footer is sitting behind a curtain. When the curtain is raised the footer is … Read More

Nonprofit Board and Committee Management Made Easy with WordPress

When you get people together, even to work toward an overtly positive goal, things go haywire. The most organized people are often balanced by the haphazard. Tangents occur, off-topic discussions happen, and before you know it, the allotted meeting time us up, and the only thing that you’ve been able to decide on is whether … Read More

Page 3 of 16312345