I will do out a proper walkthrough on this next week but with the WP 4.9.6 GDPR update already upon us peeps are stressing out now and unnecessarily, especially afraid of fines. Sso just some quick pointers here to help you RELAX and not worry about those big fines which are not aimed at us, they are aimed at big organizations for non-compliance and data breaches that cause chaos in people's lives. Does that mean we can ignore GDPR, no, visitors can still report you if their new 'rights' aren't upheld. But it's not so hard. And here is why:
GDPR in a Nutshell = Security, Privacy, Accountability and Data i.e. S.P.A.D.
S - P - A - D
- This includes keeping up with wp and plugin updates as they come into your dashboard, also theme updates;
- Make sure your SSL certs are applied to your website, they are free here at WA;
- We also have SiteProtect here but people hosted elsewhere will have to make sure they have extra security plugins and MarionBlack has some training on all that.
- This is you being able to show that you've a plan in place for proper security
- Can demonstrate you are collecting data according to the GDPR which includes choosing GDPR compliant plugins and tools which are in the process of being rolled out right now. You will see these now have clearer consent.
- Personal data is name and surname, photo, basically anything that can identify a person so you've got to respect people's privacy in the handling of all of this now. We always respected this at WA but things are being tightened up a lot more with GDPR. You have to be aware of where you are collecting data on your site and plugins.
- The person has the right to ask you for whatever personal data you have collected on them, and there is a new feature built into the wp dashboard under Tools>Export for 'data portability' so you can export that on their request.
- The person has the right to ask you to erase personal data you've collected, again built into Tools>Export
There is a bit of a learning curve but it will become second nature. Also even the official websites on this are not yet compliant, you should not feel so bad and entire week before the deadline. This is where 'accountability' plays in your favor, keep a record of the steps you've taken as you go along.
And remember some perspective on this is it is being rolled out worldwide and there is a settling period. They are aiming at big organizations with sensitive data but also cleaning up some direct marketing practices where people get spammed, or slimey marketing practices where people are profiled and data gathered up for no good reason and without consent. It's a good thing guys.
But we are one small sector with our websites and we need to focus on our specific needs when it comes to GDPR for affiliates and bloggers. I will do a proper walkthrough soon based on what I've seen in the official information, some people are interpreting 'export data' wrong for example, keep it personal data only.
This is what google has asked people to update
*Update: There is a lot of hype on cookie popups and IP anonymization at the moment but imo we do not need to worry about that, google should look after it on their back end as part of the 'privacy by design' that comes with the general data protection regulation. Many sites out there especially in europe seem to have been given some very bad advice...