What’s the GDPR, and does it matter for me even though I’m not in the European Union?
Whether you are located in the EU or not, this is an international law. Although your website might not be hosted or located in the EU, some of your website visitors could be from the EU, and if so, then you need to comply with the law. Of course, you could block visitors from the EU, but it’s a much better idea to comply with the law anyway, since its regulations are really the right way to treat privacy these days.
The new GDPR Law promotes “the right way” to manage your user’s privacy rights.
If you are already collecting any personal information, in any way, then you should make sure that the way you treat the information, and the way you communicate with your website visitors, is done properly. As I suggest in Section 11, when teaching about collecting an email list using MailChimp, you should always use a “double opt-in” system, such that to get on the list, users must provide consent. By using MailChimp’s (or any other provider’s) double-opt-in system, you are already compliant with the GDPR law in that way.
MailChimp and other providers have already formed their own Privacy Policies, but you still need to define your own if you are using services like this on your website. This includes Google Analytics!
What if I’m not collecting any personal information? Do I still need to do anything?
If you use the WordPress commenting system, or allow user registration, then you are already collecting personal information.
Ok, how does WordPress help me become compliant with the GDPR?
There are several requirements in the GDPR, about what you need to do if you are collecting any information about your website visitors from the EU. (You should enact these for everyone anyway.)
What about the new Personal Data “export” and “erase” tools in WordPress?
These new tools are for the WordPress Users system only. If your website allows visitors to register, or allows them to comment on posts, then you are collecting personal data directly into your WordPress database. That means that because of the new GDPR regulations, you’ll need to provide a way for your users to be able to view the information you’ve collected on them, as well as comply with their “right to be forgotten.”
WordPress provides both these tools (for internal users in the WP system only) such that if a user or commenter requests their personal information from you, you have a way to easily provide it, as well as remove it if requested. Use these two tools if you get either of these requests from any of your users.
WordPress makes it easy to comply with GDPR in this way, but only for the WP Users and the commenting system. If you have another place you keep personal data, like MailChimp for example, then you will have to use their own system to comply if requested.
Please feel free to ask more questions, if you have them, in the lively Q&A section of this course, The Complete WordPress Website Business Course. I’ll also be publishing new content in the course about this, with even more detail, in the video lessons.
Here are two excellent resources, if you would like more information.
GDPR as regards Online Marketing: https://www.digitalmarketer.com/gdpr-summary/
General list of GDPR resources: https://torquemag.io/2018/05/gdpr-resources/
Your grateful instructor,