If you pay attention to the news, you’ve probably seen this strange four-letter acronym appear more and more in webmasters (perhaps with a sense of panic): GDPR.
What does it mean? And do you need to worry about this as a regular webmaster?
In this post, I will give you a general description of what the GDPR is and how it might affect your WordPress site.
This is not legal advice (even if I made the law for 4 years), then I am not a lawyer. But if you just want a good general understanding of what GDPR is, and how you should approach GDPR WordPress website, you can continue reading.
What is the GDPR?
The GDPR, short for ‘General Data Protection Regulation’, is a European law that focuses on data protection and user privacy. This is an update to the 1995 Data Protection Directive. Although the law was originally enacted in 2016, it provided for a two-year grace period to allow compliance. This grace period is almost over and the GDPR will enter into force on 25th May 2018.
What is it?
- Storage of personal data
- The processing of personal data
Personal data is defined fairly broadly. It is “any information related to an identified or identifiable natural person”. It’s … like everything. Name, email address, IP address … and many more could be defined as personal data.
In contrast, the processing of personal data is “any transaction or set of transactions made in personal data or personal data sets, either by automatic means or not”. Therefore, even if you process this personal data manually, they are still in GDPR.
So … this wording is quite broad, right?
In general, the GDPR requires that …
- Get consent for many actions, such as storing someone’s email when leaving a comment on your site
- Offer users access to the data they have about them, as well as an option to eliminate this data (the “right to be forgotten”)
- Inform users of any data breach (this is particularly difficult because many small webmasters may not realize when a violation has occurred on your site)
What does GDPR mean for WordPress users?
Yes! At least according to the law. GDPR applies to all websites that process data for EU citizens (which is almost any website in the modern world).
Of course, it is not possible to control all websites on the Internet, and I am sure that millions of ignorant webmasters will continue without making any changes.
But according to the letter of the law, GDPR almost certainly applies to you.
What happens if you ignore the GDPR?
Even if I am not a lawyer, I think it is unlikely that the EU will overthrow you because you are not implementing its recommendations.
But the GDPR definitely has teeth …
The possible fines are 20 million euros. Or, alternatively, 4% of your total income (although I think the first number is scary for most of us).