GDPR, WordPress and You.
1 like15,808 views
This document discusses the General Data Protection Regulation (GDPR) and its implications for WordPress sites. Some key points: - GDPR strengthens and expands the data protection rights of EU individuals and applies to any company processing EU residents' personal data, regardless of location. - It introduces strict rules around consent, data breaches, and new individual rights like the "right to be forgotten." Non-compliance can result in fines of up to 20 million Euros. - WordPress core has implemented changes like comment consent checks and data export/erasure features to help sites comply. However, plugins and privacy policies may also need updates, and proper data collection, storage, and use practices should be reviewed
GDPR, WordPress and You.
- 1. GDPR, Data Privacy and WordPress
- 2. Brendan Woods Team Lead, XWP @brendan_woods brendan.woods@xwp.co https://xwp.co/ not a lawyer
- 7. War is 90% information. ~Napoleon Bonaparte
- 8. Data = Power
- 9. WordPress is for a free internet ● WordPress is a bastion of the free internet ● Stands for equal opportunity, to allow anyone to bring a great idea to life no matter where they are. ● We must stand for ethical data practice. To protect the vulnerable.
- 13. Data is Essential ● Understanding your market ● Cost saving / time reduction ● Product development ● Enhanced service
- 14. Being a Good Data Steward ● Data awareness is growing, and consumers are becoming far more sceptical ● This is an opportunity to build consumer trust.
- 16. The General Data Protection Regulation (GDPR) is a new regulation that acts as an addendum and overhaul of the European Union's (EU) existing data privacy laws
- 17. Does GDPR apply to me? - Any company processing the personal data of subjects who are in the Union. - It doesn’t matter where the company is located.
- 18. Do I really need to follow? ● Previous fines under the DPD were much smaller, up to £500k in the UK. ● Now, failure to comply can result in fines up to €20 Million or 4% of global revenue, whichever is more. ● Enforced Internationally.
- 21. Data Types ● IP address and mobile IDs now included as personal data. ● Geolocation data. ● Sensitive personal data ○ Health, sexual orientation, race, religion, political opinion. ○ Also includes biometric data - fingerprints, retina scans, genetic data.
- 22. Consent ● Explicit consent must be obtained, no more pre-ticked boxes and vague statements. ● Revoking consent must be just as easy. ● GDPR applies to some data already collected. ○ Some companies will need to re-establish consent. ● Must be used only for the purpose it was collected.
- 23. Breaches ● Companies have a 72 hour deadline to report data breaches to their relevant Data Protection Authority. ● Breach must be reported to users/customers without “undue delay”. ● Due to this difficult clause, companies will need reporting policies and procedures, as well as breach templates.
- 24. I just want my phone call
- 25. My New Rights ● Data subjects are able to request to be forgotten. I.e. The right to erasure. ● The right to restrict processing ● Data Portability ● Knowledge of profiling
- 26. WordPress Core ● WP 4.9.6 Release implemented a set of changes to help site owners with compliance ● Comment Consent (check language) ● Data export and erasure feature ● Privacy policy generator ● Gaps in localisation Leo Postovoit
- 27. So what should I be doing?
- 28. Next Steps ● Check your plugins ■ Google Analytics ■ Email opt in ■ Cookie consent ● Create a Privacy Policy ● SSL and Encryption
- 29. The most important questions ● What data am I collecting? ● Where am I storing it? ● Why am I collecting it? ● Did I get proper permission to have it?
- 30. What kind of future do we want?