The General Data Protection Regulation (GDPR) standardizes data protection law across all 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information (PII). From 25 May 2018 every website collecting data from EU citizens must need the GDPR requirements.
What is GDPR?
GDPR stands for General Data Protection Regulation and is intended to strengthen and unify data protection for all individuals within the European Union. Its primary aim is to give control back to the EU residents over their personal data.
Why the urgency? Although the GDPR was introduced two years ago, it becomes enforceable starting May 25, 2018.
Make WordPress GDPR Compliance Team
Currently, the GDPR Compliance Team understands that helping WordPress-based sites become compliant is a large and ongoing task. The team is focusing on creating a comprehensive core policy, plugin guidelines, privacy tools and documentation. All of this requires your help.
The GDPR Compliance Team is focusing on four main areas:
Add functionality to assist site owners in creating comprehensive privacy policies for their websites.
Create guidelines for websites to become GDPR ready.
Add administration tools to facilitate compliance and encourage user privacy in general.
Add documentation to educate site owners on privacy, the main GDPR compliance requirements, and on how to use the new privacy tools.
Who Does GDPR Impact?
While the new GDPR regulations were designed to protect the rights of EU citizens, it essentially impacts everyone on the web. That’s right, everyone! This is regardless of where a business is established or where its online activities take place. If your website is processing or collecting data from EU citizens, then you must abide by the GDPR regulations.
Consequences of Not Complying with GDPR
If your business doesn’t comply with GPDR you can get sanctioned up to 4% of the annual worldwide turnover or fined up to €20 million (the higher of the two), per infringement. There is also a tiered approach to fines. For example, a company can be fined 2% for not having their records in order, not notifying the supervising authority and data subject about a breach, or not conducting an impact assessment. (Art. 83)
Here are just a couple examples of websites located outside of the EU that would still be impacted:
A WordPress community site that collects personal information for each user profile.
A WordPress theme shop that has customers sign up for accounts to purchase themes or plugins (sales and billing data).
A WordPress blog that has a newsletter subscription widget or lets visitors comment.
An ecommerce (WooCommerce or Easy Digital Downloads) store that sells products online.
A WordPress site that uses analytics software.
If you’re a small ecommerce shop or WordPress developer these fines could be devastating!
Contact us today to get your website GDPR Compliant.