Ever since the implementation of the General Data Protection Regulation (GDPR) by the European Union (EU), every business website needs to inform users about the data that it collects. Severe data breaches at Yahoo, Uber and other companies have brought privacy concerns to the forefront. Making your website GDPR compliant is necessary and helps protect users’ data.
Understanding what the GDPR is all about and how to implement it can feel overwhelming. Let’s take a look at what the GDPR act covers and how you can make your site GDPR compliant.
What is the GDPR?
The GDPR is an EU regulation that protects the online privacy of all EU citizens. It covers how personal data is used and extracted when users visit and interact with a website. This act affects all websites since they are likely to get visitors from the EU region.
Here are some of the key features of the GDPR act that affects businesses:
All websites must explicitly disclose that they are collecting personal data.
Businesses must inform individuals about why, how and where they store and process users’ data.
Users have a right to ask for a portable copy of the data collected from them.
They have the right to have their data erased under some circumstances.
Businesses with core activities where they collect personal data must have a Data Protection Officer.
Businesses must report serious breaches of information within 72 hours.
GDPR violators can be fined up to €20 million or up to 4% of the annual worldwide turnover.
The intent behind the GDPR regulation is to protect people against data breaches. Most WordPress sites or other sites collect information in different ways. If a site uses analytics, WordPress forms, optin forms or email marketing, then it is collecting personal information.