The General Data Protection Regulation (GDPR) goes into effect on May 25th, 2018. The GDPR by the European Union affects EU as well as non-EU businesses and sites regardless of size, location, or financial turnover. This new legislation relates to how personal data about EU citizens is collected, processed, and how the data is stored. As such, a website with EU customers or visitors is required to comply with GDPR.
Definition of Personal Data
Personal data is defined as, any and all information concerning an identifiable or identified natural person. The definition of personal data is expanded with GDPR and includes location data; online identifiers; genetic data; pseudonymized data; and biometric data, such as fingerprint and facial recognition logins. This may be multiple pieces or a single piece of data.
In addition to personal data, sensitive personal data is included as well and is defined as information about an individual’s health data; race or ethnic origin; sexual orientation or sex life; membership with trade union; philosophical or religious beliefs; and spent or past conviction. Protections and consequences for breach of sensitive personal data are greater than regular personal data.
Penalties for Non-Compliance
Depending on the seriousness of the breach, penalties for non-compliance vary. Four percent of annual global turnover, with a maximum penalty of €20 million, could be implemented. The purpose of high penalties is to increase compliance. The site owner is the responsible party and must ensure it is GDPR compliant.
WordPress GDPR Compliance
To ensure your WordPress website protects personal data with the GDPR update, the website must be compliant.
- The Right to Access means complete transparency must be provided to users in relation to data processing and storage. This includes what data is collected; where the data is processed and stored; the reason for the collection, processing, as well as the storage of the data. Also, users must be provided for free within forty days, a copy of their data.
- The Right to Be Forgotten means users are provided with an option to have their personal data deleted and additional collection and processing stopped. The user withdraws their consent to use their personal data with this process.
Data Portability means that users are provided with the right to download and transmit their personal data. - If your site is experiencing a breath, notification must be sent out to users within seventy-two hours notifying them of the breach.
- All plugins used on your website must comply with GDPR. Each must establish a flow with the data and inform the user about the processing of their personal data. Third-party plugins must also comply with this new legislation.
Need Some Guidance With Your WordPress Website?
With GDPR, control over personal data is returned to the individual the data refers to through the use of consent. What this means to site owners and developers, better user controls and consent mechanisms must be provided. It must never be assumed that consent was given. An opt-in and opt-out option must always be provided to the user.
Cultura Interactive agency is an award-winning Fort Lauderdale website design studio that strives to create unique and attractive websites, and develop strategic digital online marketing campaigns for our clients.
Our team of professionals specialize in web design, logo design, WordPress development, eCommerce, responsive web design, mobile apps, SEO, social media marketing, pay per click advertising and more. Learn more about our services or contact us for a personal interview.