This is a short post with General Privacy, Data Protection Regulation (GDPR) information for WordPress bloggers.
Note: This is not legal advice, just late minute information on current opinions and facts around GDPR.
fyi: Read my guide on the awesome UpCloud VM hosts (get $25 free credit by signing up here).
Facebook, Google, Whatsapp and Instagram are facing lawsuits for failing to comply with GDPR, Europe’s sweeping new data protection law.
Facebook, Google, Whatsapp and Instagram are facing lawsuits for failing to comply with GDPR, Europe’s sweeping new data protection law https://t.co/o7FyX0fspI
— CNN (@CNN) May 25, 2018
It is GPRD Compliance Eve and there are loads of last-minute GDPR activity.
Official European Commission resources on GRDP
What are your new #dataprotection rights? What is the right to be forgotten?
Our official website provides you with more information → https://t.co/h0rqJaHqJt #GDPR pic.twitter.com/VLhWzOUzR6
— European Commission ?? (@EU_Commission) May 25, 2018
Some US News sites are blocking Europeans
GDPR: US news sites blocked to EU users over data protection rules https://t.co/G0g5U0eqM1
— BBC Technology (@BBCTech) May 25, 2018
Legal Teams are up late
— Patrick Donahue (@prdonahue) May 25, 2018
First Lawsuits are filed
Under #GDPR, Schrems files legal cases worth €7bn against Facebook https://t.co/eQtbptLl09
— Irish Times Business (@IrishTimesBiz) May 25, 2018
Should you panic?
If you want a good summary for GDPR for bloggers – does it apply to you and how to comply then read this.
Also, Wikipedia has a good article.
wpbeginner.com has an Ultimate Guide to WordPress and GDPR Compliance – Everything You Need to Know
Read wpbeginners.com’s summary of what GDPR is?
The General Data Protection Regulation (GDPR) is a European Union (EU) law taking effect on May 25, 2018. The goal of GDPR is to give EU citizens control over their personal data and change the data privacy approach of organizations across the world.
Are there fines?
Basically after May 25th, 2018, businesses that are not in compliance with GDPR’s requirement can face large fines up to 4% of a company’s annual global revenue OR €20 million (whichever is greater). This is enough reason to cause wide-spread panic among businesses around the world.
First, there will be warnings, then reprimands then Suspension then Fines and more.
Does GDPR apply to my WordPress site?
The answer is YES. It applies to every business, large and small, around the world (not just in the European Union).
If your website has visitors from European Union countries, then this law applies to you.
But don’t panic, this isn’t the end of the world.
While GDPR has the potential to escalate to those high level of fines, it will start with a warning, then a reprimand, then a suspension of data processing, and if you continue to violate the law, then the large fines will hit.
Read more at Ultimate Guide to WordPress and GDPR Compliance – Everything You Need to Know
But warning are issued before fines are given.
What can you do?
- Check your web server hosts GDPR Compliance (my blog host is Vultr, their GDPR compliance summary on their blog, Vultr data processing guide). Read my guide on setting up a server on Vultr here.
- Know your mail servers GDPR status – I use GSuite (e.g Google GDPR Reference Center, Whitepaper and Resource Center).
- Ubuntu GDPR Auditing and compliance information (e.g Purging old data, use strong passwords, be accountable, perform audits (with Lynis, Qualsys and Zap), running virus scanners, use secure protocols and security (like TLS 1.3)).
- Securing and protecting users private data (e.g using SPF, DKIM and DMARC on your mail server).
- Review the Google AdSense Compiance Information (If you are using AdSense )
- Read WordPress Core GDPR v4.9.6 changes
- Search each of your WordPress plugins and see what you need to be aware of in relation to GDPR.
- Review Mailchimp GDPR data.
- Cookie Consent (I use GDPR Cookie Consent Plugin).
But the takeaway is, don’t create a website (then be lazy) and abuse users private data or be lazy with security.
My blog hosts (Vultr) GDPR information
I instaled a GDPR Cookie Consent WordPress Plugin
I used the WP-CLI plugin install GDPR Cookie plugin for the command line. View the developer site here.
# Visited the WP Plugin page and got the URL for the latest plugin version # https://wordpress.org/plugins/cookie-law-info/ # Connect to my server via SSH cd /www-root cd wp-content/plugins/ wget https://downloads.wordpress.org/plugin/cookie-law-info.1.5.5.zip unzip cookie-law-info.1.5.5.zip unzip -r cookie-law-info.1.5.5.zip rm -R cookie-law-info.1.5.5.zip
I then activated the plugin and configured it.
Cookie bot also has a great page on GDRP here.
I edited the following Privacy/GDRP placeholder files.
cd /www-root # Made a reject cookies placeholder sudo nano rejectcookies.html # Made a privacy placeholder sudo nano privacy.html
I should have skipped creating a privacy.htm page as WordPress v4.9.6 has a Privacy Page Generator. Nice
Goto tour sites Dashboard, click Settings then Privacy. Create a new page, fill in the blanks and publish it.
I read MailChimp GDPR Advice as I had a few lists with private data
- General Data Protection Regulation FAQs: http://eepurl.com/dufEZb
- About MailChimp, the EU/Swiss Privacy Shield, and the GDPR: http://eepurl.com/c567FL
More to come. Let’s get back to those GDPR emails
Trying to delete #GDPR emails like… pic.twitter.com/eZpqSS2OVF
— H3roes&Vi1lains (@H3roesVi1lains) May 25, 2018
I hope this guide helps someone.
Ask a question or recommend an article
[contact-form-7 id=”30″ title=”Ask a Question”]
v1.1 Cookie Bot GDPR Link
v1.0 Initial post