The General Data Protection Regulation (GDPR) requires the privacy and protection of personal data for European Union citizens interacting with your website. Failure to comply with the new regulation could result in severe fines to your business.
Organic Themes has been working to make our website GDPR compliant for European users. Additionally, we have compiled some information for other website owners that may be rushing to meet the GDPR compliance deadline. If your website is not ready yet, you’re not alone.
Does My Website Need To Be Compliant?
If your website collects personal data of any kind from members of the EU, than yes, your website needs to be GDPR compliant. To be clear, this regulation applies to any business and/or website that stores the personal information of EU citizens — regardless of the location of your business.
If you own and operate a WordPress powered website or blog, you probably collect personal data from your visitors. Chances are, some of those visitors are EU citizens. Collecting personal data on a website comes in many forms, pun intended:
- Contact Forms
- Blog Comments
- Live Chat
- Newsletter Signups
In the case of Organic Themes, our site collects data using all the forms listed above. We sell digital products on our website. Additionally, we support customers through our contact forms, forums, and live chat. Collecting personal data is a necessity for our business.
How Do I Make My Website Compliant?
It’s easier to think about compliance in these terms — your website should be opt-in, not opt-out. So, your website should not be collecting any data from a user without their knowledge or consent. Additionally, no opt-in option should be selected by default.
The good news is that it’s not terribly difficult to make your website compliant. However, it will require some time and effort. Thankfully, if you use WordPress to power your website, there are a number of tools to help you with GDPR compliance.
We highly recommend the WP GDPR Compliance plugin as a starting point. The plugin provides guidance in preparing your website for the enforcement of the GDPR. Also, it works with default WordPress comments and popular plugins that collect user data. Currently, the WP GDPR Compliance plugin adds compliance options for the following plugins:
- Contact Form 7
- Gravity Forms
In the event you are using a different plugin or service to capture user data, some additional work may be required to add compliance. We have provided a few resources for other popular methods of collecting data:
- Mailchimp GDPR Compliance
- Easy Digital Downloads GDPR Compliance Addon
- Ninja Forms GDPR Compliance Information
WordPress itself stores the personal information of users that interact with the platform. As of version 4.9.6, personal data can now be easily exported or deleted within the Tools section of the WordPress admin.
What’s The Point?
The GDPR is intended to protect the privacy of website and software users. They must agree that their personal information may be stored on the website in which they are entering their information. Additionally, the user must be provided with the option to download and remove all personal data.
In the grand scheme of things, the regulation is meant to serve as a basic respect of human rights and the privacy of individuals.
The GDPR is probably overkill for 99% of the websites in existence. In many cases, it could be argued that it’s common sense on the part of the user that information they are entering within software will be stored and used by that software. It adds yet one more required click of consent that seems otherwise unnecessary. As a UX designer, part of my job is about reducing the number of clicks it takes to accomplish a task within software. For that reason alone, I find the regulation to be somewhat of an annoyance. That being said, it does serve a purpose, and an additional click is a small price to pay if the result is a safer and more secure internet as a whole.