General Data Protection Regulation (GDPR) comes into effect on 25th of May 2018 in Europe so you should take all the required actions to ensure your site is ready.
Will this affect me?
If you sell products to customers based in the EU, or have EU visitors to your site, you’ll need to make sure your site complies with GDPR.
What should I know or do?
Here are a link with the key changes and a great infographic with the obligations regarding data collection for EU citizens:
Here is also a summary:
- Tell the user who you are, why you collect the data, for how long, and who receives it.
- Get a clear consent [if required] before collecting any data.
- Let users access their data, and take it with them.
- Let users delete their data.
- Let users know if data breaches occur.
SeventhQueen themes impact on GDPR
Because our themes are built for WordPress, here are some usual ways in which a standard WordPress site might collect user data:
- user registrations
- contact form entries
- analytics and traffic log solutions
- any other logging tools and plugins
- security tools and plugins
Any plugins that you use will also need to comply with the GDPR rules. As a site owner, it is still your responsibility, though, to make sure that every plugin can export/provide/erase user data it collects in compliance with the GDPR rules.
We will be also releasing updates to our themes to ensure the login and register forms comply with the requirements.
WP GDPR Compliance plugin – https://wordpress.org/plugins/wp-gdpr-compliance/
At the time of writing, this plugin adds GDPR support to Contact Form 7, WooCommerce and WordPress Comments
GDPR Plugin – https://wordpress.org/plugins/gdpr/
This plugin is still in beta but it adds some features that try to cover most of the requirements:
- Rights to erasure & deletion of data with confirmation email
- Re-assignment of user data on erasure request & pseudonymization of user data
- Data Processor settings and publishing of contact information
- Right to access data from admin dashboard and export
- Right to access data from front end by Data User
- Right to portability & export of data to XML by Data User
- Encrypted audit logs for the lifetime of the Data User
- Data User Secret Token for decryption and recovery of data
- Data breach notification and user segments for message obligations
- Cookie Preference management & activation toggles
GDPR regulation is the right step in ensuring transparency in handling of data.
Remember, not complying can be fined up to €20 million or 4% of your global revenue.