A lot has changed ever since the GDPR (General Data Protection Regulation) was enacted by the EU. Even businesses that are non-EU-based have had to ensure that they are GDPR compliant.
And as you invest time and money into building your online business, it is important that your business is fully compliant with this regulation. That is if you want to avoid being hit with a €20 million fine for defaulting.
If you're still in the dark as to what GDPR is all about, this tutorial will help set the records straight.
Why is this information so important to WordPress site owners?
It’s mainly because the very nature of your online business requires that you handle visitors’ data – names and email addresses. And GDPR is primarily focused on how you collect and manage all this data.
So, before you violate this regulation in ignorance, let's get into the basics of GDPR and what it portends for you.
About GDPR
GDPR is a law put in place by the EU with the intention of protecting the data of its citizens. This law came into force in May 2018 which means every business that collects users’ data ought to be compliant with the GDPR as at now.
The EU, through the GDPR, seeks to empower citizens with total control over their personal data and how this data may be used by business organizations. Even though this is an EU law, any online business that collects users’ data would be affected by the law.
For instance, an Indian company may be based in its home country but have EU citizens signing up for its email newsletters. And so the company is bound to respect the GDPR, although it is based in India.
Although the EU had put the EU Cookie Law in the past, it is a lot milder than what the GDPR seeks to achieve for its citizens.
Before you collect users’ data on your website, they must confirm that their data can be collected by you. Also, you should have a clear privacy policy on your website that expresses what data will be stored and how it is going to be used.
You are also expected to provide rights to users which enables them to withdraw their consent to the use of their personal data.
GDPR has to be complied with if your website has EU citizens as either visitors or customers. Except you intend to bar EU citizens from using your website, or you do not want them buying any products from your website.
GDPR is a pretty crazy thing, and I did not know about the fine they can impose. Thanks for covering this and using this as a simple reminder.