Protecting Personal Data on Your WordPress Website with the New GDPR Update

The General Data Protection Regulation (GDPR) goes into effect on May 25th, 2018. The GDPR by the European Union affects EU as well as non-EU businesses and sites regardless of size, location, or financial turnover. This new legislation relates to how personal data about EU citizens is collected, processed, and how the data is stored. As such, a website with EU customers or visitors is required to comply with GDPR.

Definition of Personal Data

Personal data is defined as, any and all information concerning an identifiable or identified natural person. The definition of personal data is expanded with GDPR and includes location data; online identifiers; genetic data; pseudonymized data; and biometric data, such as fingerprint and facial recognition logins. This may be multiple pieces or a single piece of data.

In addition to personal data, sensitive personal data is included as well and is defined as information about an individual’s health data; race or ethnic origin; sexual orientation or sex life; membership with trade union; philosophical or religious beliefs; and spent or past conviction. Protections and consequences for breach of sensitive personal data are greater than regular personal data.

Penalties for Non-Compliance

Depending on the seriousness of the breach, penalties for non-compliance vary. Four percent of annual global turnover, with a maximum penalty of €20 million, could be implemented. The purpose of high penalties is to increase compliance. The site owner is the responsible party and must ensure it is GDPR compliant.

WordPress GDPR Compliance

To ensure your WordPress website protects personal data with the GDPR update, the website must be compliant.

• The Right to Access means complete transparency must be provided to users in relation to data processing and storage. This includes what data is collected; where the data is processed and stored; the reason for the collection, processing, as well as the storage of the data. Also, users must be provided for free within forty days, a copy of their data.
• The Right to Be Forgotten means users are provided with an option to have their personal data deleted and additional collection and processing stopped. The user withdraws their consent to use their personal data with this process.
  Data Portability means that users are provided with the right to download and transmit their personal data.
• If your site is experiencing a breath, notification must be sent out to users within seventy-two hours notifying them of the breach.
• All plugins used on your website must comply with GDPR. Each must establish a flow with the data and inform the user about the processing of their personal data. Third-party plugins must also comply with this new legislation.

Need Some Guidance With Your WordPress Website?

With GDPR, control over personal data is returned to the individual the data refers to through the use of consent. What this means to site owners and developers, better user controls and consent mechanisms must be provided. It must never be assumed that consent was given. An opt-in and opt-out option must always be provided to the user.