This is a short post with General Privacy, Data Protection Regulation (GDPR) information for WordPress bloggers.
Note: This is not legal advice, just late minute information on current opinions and facts around GDPR.
Facebook, Google, Whatsapp and Instagram are facing lawsuits for failing to comply with GDPR, Europe’s sweeping new data protection law.
Facebook, Google, Whatsapp and Instagram are facing lawsuits for failing to comply with GDPR, Europe’s sweeping new data protection law https://t.co/o7FyX0fspI
— CNN (@CNN) May 25, 2018
It is GPRD Compliance Eve and there are loads of last-minute GDPR activity.
Official European Commission resources on GRDP
— European Commission ?? (@EU_Commission) May 25, 2018
Some US News sites are blocking Europeans
GDPR: US news sites blocked to EU users over data protection rules https://t.co/G0g5U0eqM1
— BBC Technology (@BBCTech) May 25, 2018
Legal Teams are up late
— Patrick Donahue (@prdonahue) May 25, 2018
First Lawsuits are filed
— Irish Times Business (@IrishTimesBiz) May 25, 2018
Should you panic?
If you want a good summary for GDPR for bloggers – does it apply to you and how to comply then read this.
Also, Wikipedia has a good article.
Read wpbeginners.com’s summary of what GDPR is?
The General Data Protection Regulation (GDPR) is a European Union (EU) law taking effect on May 25, 2018. The goal of GDPR is to give EU citizens control over their personal data and change the data privacy approach of organizations across the world.
Are there fines?
Basically after May 25th, 2018, businesses that are not in compliance with GDPR’s requirement can face large fines up to 4% of a company’s annual global revenue OR €20 million (whichever is greater). This is enough reason to cause wide-spread panic among businesses around the world.
First, there will be warnings, then reprimands then Suspension then Fines and more.
Does GDPR apply to my WordPress site?
The answer is YES. It applies to every business, large and small, around the world (not just in the European Union).
If your website has visitors from European Union countries, then this law applies to you.
But don’t panic, this isn’t the end of the world.
While GDPR has the potential to escalate to those high level of fines, it will start with a warning, then a reprimand, then a suspension of data processing, and if you continue to violate the law, then the large fines will hit.
But warning are issued before fines are given.
What can you do?
- Check your web server hosts GDPR Compliance (my blog host is Vultr, their GDPR compliance summary on their blog, Vultr data processing guide). Read my guide on setting up a server on Vultr here.
- Know your mail servers GDPR status – I use GSuite (e.g Google GDPR Reference Center, Whitepaper and Resource Center).
- Ubuntu GDPR Auditing and compliance information (e.g Purging old data, use strong passwords, be accountable, perform audits (with Lynis, Qualsys and Zap), running virus scanners, use secure protocols and security (like TLS 1.3)).
- Securing and protecting users private data (e.g using SPF, DKIM and DMARC on your mail server).
- Review the Google AdSense Compiance Information (If you are using AdSense )
- Read WordPress Core GDPR v4.9.6 changes
- Search each of your WordPress plugins and see what you need to be aware of in relation to GDPR.
- Review Mailchimp GDPR data.
- Cookie Consent (I use GDPR Cookie Consent Plugin).
But the takeaway is, don’t create a website (then be lazy) and abuse users private data or be lazy with security.
My blog hosts (Vultr) GDPR information
I instaled a GDPR Cookie Concent WordPress Plugin
# Visited the WP Plugin page and got the URL for the latest plugin version # https://wordpress.org/plugins/cookie-law-info/ # Connect to my server via SSH cd /www-root cd wp-content/plugins/ wget https://downloads.wordpress.org/plugin/cookie-law-info.1.5.5.zip unzip cookie-law-info.1.5.5.zip unzip -r cookie-law-info.1.5.5.zip rm -R cookie-law-info.1.5.5.zip
I then activated the plugin and configured it.
Cookie bot alos have a great page on GDRP here.
I edited the following Privacy/GDRP placeholder files.
cd /www-root # Made a reject cookies placeholder sudo nano rejectcookies.html # Made a privacy placeholder sudo nano privacy.html
I should have skipped creating a privacy.htm page as WordPress v4.9.6 has a Privacy Page Generator. Nice
Goto tour sites Dashboard, click Settings then Privacy. Create a new page, fill in the blanks and publish it.
I read MailChimp GDPR Advice as I had a few lists wih private data
- General Data Protection Regulation FAQs: http://eepurl.com/dufEZb
- About MailChimp, the EU/Swiss Privacy Shield, and the GDPR: http://eepurl.com/c567FL
More to come. Lets get back to those GDPR emails
— H3roes&Vi1lains (@H3roesVi1lains) May 25, 2018
I hope this guide helps someone.
Ask a question or recommend an article
v1.1 Cookie Bot GDPR Link
v1.0 Initial post