The Complete GDPR Guide: What Does the New Data Regulation Mean for Your Website, Business and Data?

What is GDPR?

GDPR stands for General Data Protection Regulation and it is a new data protection law in the EU, which comes into force in May 2018.

The aim of the GDPR is to give citizens of the EU control over their personal data and change the approach of organizations across the world towards data privacy. The GDPR provides much stronger rules than existing laws and is much more restrictive than the “EU cookie law.”

For instance, users must confirm that their data can be collected, there must a clear privacy policy showing what data is going to be stored, how it is going to be used, and provide the user a right to withdraw the consent to the use of personal data (consequently deleting the data), if required.

The GDPR applies to data collected about EU citizens from anywhere in the world. As a consequence, a website with any EU visitors or customers must comply with the GDPR, which means virtually all businesses that want to sell products or services to the European market.

To better understand the regulation, take a look at the publication of the regulations in the Official Journal of the European Union, which defines all terms related to the law. There are two main aspects of the GDPR: “personal data” and “processing of personal data.”

Businesses have time until May 2018 to comply with the regulations set by the GDPR. The penalty for non compliance can be up to € 20 million, or in the case of an undertaking, up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.

There are various slabs of penalties according to the seriousness of the breach, which have been described in the FAQ section of the GDPR portal.

Such a high amount in penalties has been proposed to increase compliance. However, one may wonder what steps for the supervision of websites are in place. Supervisory Authorities (SA) of different member states are going to be set up, with the full support of the law.

Six months after the guidelines were released, PwC surveyed 200 CXOs of large US firms to assess the impact of the GDPR guidelines. The results revealed that a majority of the firms had taken up the GDPR guidelines as their top data protection priority, with 76% of them prepared to spend in excess of $1 million on GDPR. This shows that owing to a substantial presence in the EU, large corporations are taking up the GDPR compliance seriously.

The details of your WordPress GDPR compliance

Okay, so with all that said, let´s make sure that your website is compliant and that you won’t experience any GDPR problems.

Before you move on to each of the aspects and how to comply with them, contact us and request your free security audit for your WordPress site to reveal how data is being processed and stored on your servers, and steps that are required to comply with the GDPR.

After inspecting your websites data-storage, our team wil then proceed to make your website GDPR compliant. This includes :

• The user right to request to eraze his data
• The user right to request a downloadable version of all his data
• The user right to request his data in a portabel format (when customer changes providers for exmple)
• The user right to enable or disable specific cookies for specific functions

Besides of the extended user rights, the website needs to comply with the following technical points :

• Cookie Consents – User accepts or accepts not cookies
• Right to be forgotten –  User can request data delete
• Data Access – User can access his data
• Pseudonymisation – User data is pseudonymised to secure personal identity
• Data Breach Notification – A email to all users to notify within 72 hours about past data breach