Summary of GDPR for Affiliates and Bloggers: More than a Privacy Policy and Cookies
Hi guys, this is a very brief 'in a nutshell' summary to show you that GDPR compliance has a couple of more basic steps than just privacy policy and cookies or analytics.
I will do out a proper walkthrough on this next week but with the WP 4.9.6 GDPR update already upon us peeps are stressing out now and unnecessarily, especially afraid of fines. Sso just some quick pointers here to help you RELAX and not worry about those big fines which are not aimed at us, they are aimed at big organizations for non-compliance and data breaches that cause chaos in people's lives. Does that mean we can ignore GDPR, no, visitors can still report you if their new 'rights' aren't upheld. But it's not so hard. And here is why:
GDPR in a Nutshell = Security, Privacy, Accountability and Data i.e. S.P.A.D.
S - P - A - D
- Security:
- This includes keeping up with wp and plugin updates as they come into your dashboard, also theme updates;
- Make sure your SSL certs are applied to your website, they are free here at WA;
- We also have SiteProtect here but people hosted elsewhere will have to make sure they have extra security plugins and MarionBlack has some training on all that.
2. Privacy:
- This includes the new updated privacy policy in wordpress
3. Accountability:
- This is you being able to show that you've a plan in place for proper security
- Updated privacy policy with the inbuilt disclosures
- Can demonstrate you are collecting data according to the GDPR which includes choosing GDPR compliant plugins and tools which are in the process of being rolled out right now. You will see these now have clearer consent.
4. Data:
- Personal data is name and surname, photo, basically anything that can identify a person so you've got to respect people's privacy in the handling of all of this now. We always respected this at WA but things are being tightened up a lot more with GDPR. You have to be aware of where you are collecting data on your site and plugins.
- The person has the right to ask you for whatever personal data you have collected on them, and there is a new feature built into the wp dashboard under Tools>Export for 'data portability' so you can export that on their request.
- The person has the right to ask you to erase personal data you've collected, again built into Tools>Export
There is a bit of a learning curve but it will become second nature. Also even the official websites on this are not yet compliant, you should not feel so bad and entire week before the deadline. This is where 'accountability' plays in your favor, keep a record of the steps you've taken as you go along.
And remember some perspective on this is it is being rolled out worldwide and there is a settling period. They are aiming at big organizations with sensitive data but also cleaning up some direct marketing practices where people get spammed, or slimey marketing practices where people are profiled and data gathered up for no good reason and without consent. It's a good thing guys.
But we are one small sector with our websites and we need to focus on our specific needs when it comes to GDPR for affiliates and bloggers. I will do a proper walkthrough soon based on what I've seen in the official information, some people are interpreting 'export data' wrong for example, keep it personal data only.
Meanwhile I revamped this blog entirely as some of you went into meltdown, you'll get a feel for the big picture here, it still needs application but that is actually a process and you have time. It includes a very nice example of a privacy policy done up by people who had access to lawyers, though they are a webshop there's only a few differences in terms of which cookies.
https://my.wealthyaffiliate.com/mozmary/blog/gdpr-privacy-po...
This is what google has asked people to update
https://my.wealthyaffiliate.com/training/google-analytics-gd...
*Update: There is a lot of hype on cookie popups and IP anonymization at the moment but imo we do not need to worry about that, google should look after it on their back end as part of the 'privacy by design' that comes with the general data protection regulation. Many sites out there especially in europe seem to have been given some very bad advice...
Mary
Recent Comments
51
I've been out of the loop due to computer problems, is this like the HIPPA disclosure one has to sign before they can see their medical provider?
I'm not familiar with hippa but it's way more than a disclosure, it is a whole level up on how people were handling personal data with some responsibilities added in the mix
Thanks Mary.
I updated my Privacy Policy from Marion's and she has updates needed on the version we all have from the lessons.
Plugins and Tools>Export are new to me!
So far I did both Google Analytics things and my Privacy policy so I have a good part of it done.
Not sure about the subscriber form stuff. I removed my form to find another and will add it soon to my website, but will wait to see if something is needed before I add it.
Thanks for doing all this work for us!!
oh tools is the regular Tools in the dashboard, like if you were going to back up your website, we are familiar with tools>export, but now they've added two features because GDPR allows any visitor to your site to request any personal data you've collected on them and wp has created that feature within wordpress core so you can export THEIR personal data, also another feature in the same menu allows you to delete their personal data
that is part of the new law, 'data portability', the visitors literally can request all the info you have on them lol
So as far as accountability goes you can list the steps above and add a few others like what security you have in place, your ga green date, any gdpr compliant plugins you have...you are getting there
I haven't looked at Marion's pp yet, too busy this w/e :)
Thanks for clarifying that it's part of the WP update they those features were added to Tools.
I'm on my way to submit my Privacy Policy in the 'Private' menu where WP added that if we don't have a PP, we can use their template and if we do, to submit it.
Marion's PP is the same as what we have from the lessons, but the one Google Ad link is updated, we had an older version and she had a bit more information I now have including a Google Cookie link. And a couple more things.
I will PM you my PP so you can see it. At the bottom I added that it supports GDPR
So far, for accountability I have the 3 Google Analytics:
1) Data Retention
2)Data Processing Amendment with the Green date May 13/18
3) Legal Entity registering my name etc..
Both 2 and 3 I printed out screenshots ;)
Then the Privacy Policy is updated and submitted to WP in 'Privacy'.
The plugins I have no idea but will when the info comes out.
Thanks!!
think about all the things you do for security and list them, some people that will be an eye opener but I'm sure you are on top of it
Marion has stated today she hasn't updated her pp yet, and Kyle has commented they will be helping us later in the week, though there is some individuality involved in them now
You aren't a legal entity, we did the second box there in GA
accountability lists will be individual, but you've shown you are taking action
there will be a couple of other things, we'll add them in due course
That's wonderful, Mary. Many thanks for this post as I'm a bit concerned about it all.
I'll look forward for more updates.
James
there's a lot of hype James, the fear element makes people want to comply but it may have been over played ;)
it will settle down and likely mostly be an improvement
See more comments
Thanks Mary