Have you noticed your inbox is even more full than usual lately? And that a lot of those emails are “just checking” to make sure that you still want to hear from this company or that blog or whoever? Thank the European Union and the GDPR.
What is the GDPR, Exactly?
GDPR is short for General Data Protection Regulation, which is a new law regulating how companies collect and store your personal data on their websites. In the wake of Facebook and the whole Cambridge Analytica debacle, it’s no surprise that legislators are taking further steps to protect internet users and their personal information.
Does the GDBR Really Apply to Me?
Unless you have blocked your website from the European Union, it’s possible that your website may need to be compliant with these new regulations. The main concern with larger businesses is that non-compliance is subject to fines up to 4% of a company’s annual global revenue, which can be a big deal if you’re a company with a large global presence. For most of our clients, it’s mainly good practice to be aware of and compliant with these regulations, since anyone from around the world can potentially find and enjoy your website.
One other thing to consider: we at ThirdSide have been touting the importance of responsive design practically since we opened our doors. But it wasn’t until Google announced that they were giving preferential treatment in search results to websites that were mobile-friendly that the world-at-large began paying attention. Now, Google hasn’t weighed in on GDPR and how compliance might affect search results…yet. But compliance can’t hurt!
Remember that the goal of the GDPR is to protect users’ identity. Taking steps to be compliant with these new regulations will also help protect personal information of the visitors you do have, which is something we all do want. With that in mind, here’s a breakdown of some of the major ways the GDPR may affect your website.
Contact Forms:
- This is the main reason why we add privacy policy pages to a client’s website. A privacy policy outlines specifically what user information may be collected in a form, and why.
- Data collection is NOT an issue if you’re using a plugin like Contact Form 7 or Gravity Forms (our personal recommendation).
- The easiest way to make forms GDPR-compliant is to add a simple checkbox which allows the user to explicitly consent to sending you their information.
- Link to Gravity Forms’ FAQ regarding GDPR compliance: https://docs.gravityforms.com/wordpress-gravity-forms-and-gdpr-compliance/
Mailing Lists:
- This is why you’ve been getting so many emails asking you to stay on all those mailing lists you joined!
- Re-permission emails are NOT necessary if you gained your subscribers in a way that complies with GDPR (which is standard procedure for ThirdSide, and has been).
- Do NOT auto-check subscription boxes in any forms or e-commerce checkout pages (which you shouldn’t have been doing anyway).
- Double opt-in is recommended, so that visitors are 100% clear that they have sent you their information for the purposes of receiving future communication from you. (NOTE: The default setting in MailChimp is now single opt-in. Visit your mailing list’s settings to change to a double opt-in.)
- “Unsubscribe” and “Update Profile/Preferences” must be clearly visible on all mailings (which you should be doing anyway).
- Link to MailChimp, our preferred choice: https://blog.mailchimp.com/gdpr-forms-and-more-tools/
E-commerce:
- Every online store is different; therefore, there is no single solution regarding data collection and the GDPR.
- Even if you don’t market or sell to the EU, it’s best to put solutions in place that protect the end-user.
- Be sure to outline whatever information you’re collecting about your customers in your website’s privacy policy.
- Connect with your payment gateway to be sure they are GDPR-compliant as well.
- Link to WooCommerce, our preferred choice: https://woocommerce.com/gdpr/
Cookies/Analytics:
- If you’re using Google Analytics, Facebook tracking, or any other system that adds cookies to a visitor’s browser, you now need to include not only disclosure, but an explicit method of opting out.
- This is why you’ve likely seen a number of websites with new pop-up banners asking you to accept cookies!
- If you use Google Analytics in particular, we recommend this free plugin for offering an opt-out: https://wordpress.org/plugins/google-analytics-opt-out/
- Note: a pop-up banner is NOT necessary for compliance; a simple link in the body of a page will suffice. (We recommend adding it to your privacy policy, particularly if you’ve included a notice about cookies there already.)
Online Ads:
- If you’re running retargeting pixels or retargeting ads, you’ll need to inform users that their information is being tracked. This is usually limited to IP address, rather than more personal information like names, contact information, etc.
- If your ads don’t target anyone in the EU, you may not need to do anything further. We recommend coordinating with your sales representative to be 100% certain.
Privacy Policy:
- If your website uses any of the tools above, or any variation of them, your website needs a Privacy Policy.
- As of WordPress 4.9.6, there are onboard tools in the WP Dashboard to assist you in generating a privacy policy page. (You can also just select the one we created for you back when we launched your site.)
- If it’s been a while since you reviewed your privacy policy, or you’ve added one or more of the tools above, you might consider reviewing/editing the page content. Just be sure you add the revision date at the bottom of the page.
Friendly Reminder
We at ThirdSide are not lawyers, nor do we retain legal services on behalf of our clients. As per all of our contracts, the client is responsible for their own website content and for engaging in ethical behavior online.
If you have any questions about GDPR or how we can help you maintain compliance, just drop us a line.
