In 2019, Google had to pay $57 million due to violating the European Union privacy law, GDPR. Other major companies, such as British Airways and Marriott, also paid massive fines because of privacy protection violations.
To help you avoid the fine issues and harmful impact followed when violating GDPR, this article will explain what GDPR is, how you can make your website GDPR compliant, along with some WordPress plugin recommendations to keep you and your visitor data safe.
What GDPR Actually Is
General Data Protection Regulation (GDPR) is a security and privacy law created by the European Union (EU) to protect its citizens’ and residents’ personal data.
It includes all identities of a natural person, such as:
- Name
- Identification number
- Email address, locations, and photos
- Physical identities, like step counts, heartbeat, and weight tracking
- Cultural, economic, and social identity
Thus, wherever the organizations or companies are, they have to follow the rule if their data subjects are EU members.
This law will be beneficial for both users and organizations. It lets the users have more control over how organizations process their data and help organizations offer greater transparency and gain public trust. GDPR also provides cyber resilience helping respond to cyber attacks.
If the organizations fail to comply, they have to face a penalty, which could be 4% of the company’s annual global turnover or up to €20 million – whichever is higher.
Yet, another more significant penalty a company would face is regaining trust from their audience.
For example, the scandal when Cambridge Analytica bought millions of Facebook users’ personal data without their consent made 44% of social media users see Facebook negatively. The actions on Facebook, such as shares, posts, and likes, also dropped almost 20% in 2018.
What Makes a Site GDPR Compliant?
Even though the rules have been active since May 2018, the majority of websites are still not ready for the law. Make your site GDPR compliant by applying the five elements below.
1. Privacy Policy
Privacy policy or privacy note refers to the public document from an organization explaining how they apply the protection rules and process the users’ data. It acts as part of the users’ rights to be informed when their personal information is collected and processed.
This document must be clear, concise, and free. If you don’t know how to make it, download the template from the official website of GDPR EU.
2. Cookie Consent Forms
Cookies help websites keep track of the users’ visits and activities, such as the time users spend on the website, the links they click, and preferred settings on the site.
It improves the user experience, but under GDPR, users have to grant their consent before the website installs cookies on their computer as cookies hold their data. Some websites reject users’ access if they don’t want to accept cookies.
To obtain a win-win solution, let the users know by displaying cookie consent forms or notices on pop-ups or banners.
3. Contact Form Consent
Acquiring people’s contact details while growing your database needs a consent check-box as well. The data you store and process, such as the user’s name, email address, and phone number, are categorized into personal data under GDPR.
To stay compliant with the law, provide a clear unsubscribe button on all your emails sent to allow easy opting out.
4. Terms of Service
Terms of service, also known as terms and conditions (T&C), consist of companies’ disclaimers and rules when using their app or website, including payments, subscriptions, and liability statements. It also tells the business’ rights, such as removing threatening users.
Compared to the privacy policy protecting the users’ rights, this document is created for the organizations and developers to avoid potential legal disputes.
5. Data Control and Notification
Under GDPR visitors are entitled to rights, such as:
- The right of access. Allow users to know what kind of information you have collected on them.
- The right to erasure. Let users erase any and all data you have related to them upon request.
- The right to be informed. Inform users if their data was potentially compromised.
This notification shows that you’re compelled by law and value the users’ privacy.
Making a WordPress Site GDPR Compliant
WordPress, after update 4.9.6. is GDPR compliant as it auto integrates T&C, privacy policy, and consent boxes for default comment boxes. However, you also need to make sure you choose WordPress hosting complying with GDPR as well.
Moreover, depending on your operation, you may need extra features. Here are suggested plugin integrations for your site.
1. MonsterInsights
MonsterInsights is a GDPR friendly analytics plugin using Google Analytics. This plugin lets you disable personal data tracking, integrate the consent box and CookieBot or Cookie Notice plugin, and select opt-out options for tracking.
2. Cookie Notice & Compliance for GDPR
This cookie notice plugin offers a customizable website banner to help you meet the cookie consent requirements of GDPR. It provides supportive features, such as:
- SEO optimization
- Link to the privacy policy page
- Custom language localization
3. WPforms
WPForms is a drag-and-drop WordPress form builder, so you can easily make various forms, like contact, newsletter, and survey forms, without writing any code. It also provides other features, like templates, mobile responsiveness, and spam protection.
Conclusion
Violating GDPR will not only make you pay the fines but also lose trust from your audience. Note how you can prevent that from happening by applying essential documents on your site, like privacy policy and terms of service.
About Author: Juliet is an Editor at PRable.org, all in one content marketing agency. She loves creating articles about technology, innovative product reviews, and technical writing to help scale up digital growth. She is a writer by day and a frustrated singer by night.