Getting flooded with General Data Protection Regulation (GDPR) emails from every service you’ve ever signed up with? There’s a good reason you’re receiving all those notifications. Businesses all over the world had until May 25, 2018, to put GDPR relatulations into place for European Union (EU) customers and visitors.
If you’re just hearing about this now, or you’ve been putting it off in hopes of handling the issue later on, time has run out. It’s now past the deadline, and that means you could be held responsible or even sued if you aren’t compliant.
Of course, that doesn’t mean everything is about to implode under your feet, so don’t panic. If you’re a WordPress user, it’s easier than ever to manage compliance with brand-new plugins that take the pain out of GDPR. But it’s still important to know what you’re facing, including how the GDPR might impact your business.
We’ll start with the basics, then reveal how you can take action with three of the easiest and most adaptable plugins available right now.
What Is The GDPR?
Before you start trying to figure out what to do about the GDPR, you need to know what it is, how it works, and why it exists. The GDPR is a set of regulations set up by the EU to give citizens more control over how their personal data is stored and used. The regulation was initiated in response to abuse of power and breaches at the hands of various companies, like Cambridge Analytica and Facebook, who used information carelessly or maliciously.
Does it Affect You?
Maybe. If you target people in the EU, or are based in the EU yourself, your business is definitely affected by the GDPR. The same is true if you live outside the EU, but serve an EU market in any facet of your business.
Living outside the EU? If you don’t target the EU, you aren’t required to follow the GDPR at all and can essentially ignore it – maybe. (Thought you were scot-free? Not quite.)
Here’s the catch: let’s say you’re attracting people from the EU, even if it’s unintentional and you’re located in the USA. You still have to follow all regulations, even though you don’t intend to serve EU visitors in the first place, and even if they stumble upon you by happenstance.
If you aren’t located in or targeting the EU, and you have no intentions of targeting the EU in the future, the best thing you can do is use region blocking to prevent EU citizens from accessing your content. This may seem draconian, and honestly, it probably isn’t the right choice for most businesses.
Email Marketing and Mailouts
With regard to non-website content, including email marketing lists and subscriptions, you will need to enact a few changes here, too. First, do away with soft opt-ins; they’re no longer allowed, full stop. Instead, you need to use only hard opt-ins with what the EU refers to as “freely given, specific, informed and unambiguous consent.” In short, be clear and honest about what they’re signing up for, what they’re getting, and how they can opt out if preferred.
Data Storage and Management
On your end, you must maintain a database of consent at all times. This should include a name, an email address, and some measure of indication that the subscriber consents; many businesses are using checkboxes or “YES” textboxes to confirm.
Lastly, you need to make it clear and easy to remove data, request deletion, or retract permissions at any time. This goes beyond unsubscribing and includes confirmation that the individual’s information has been removed – permanently.
Next: The WordPress Plugins
Next, let’s talk about how to get your WordPress-based site up and running with GDPR compliance without extensive manual changes. Here is the good news: many developers updated their plugins for GDPR compliance; some even made new plugins to help you achieve compliance without extensive edits. Use these three examples to get your site compliant in just a few short minutes with very little effort.
IP GEO Block
Not interested in serving the EU, and don’t want to put effort into worst-case protections? Use IP GEO Block and prevent European Union customers from accessing your WordPress website in the first place. IP GEO Block lets you selectively block IPs from specific countries (not just the EU), putting the power of precaution into your hands while also helping you improve market targeting at the same time.
GEO Block is also really useful for developers and webmasters who need more time to achieve compliance. Use it temporarily to prevent a potential issue while you make changes, or set it up permanently to re-route that traffic to a second WordPress site instead.
IP Geo Block also blocks spammers from high-risk areas, malicious attacks, and intrusion attempts, making it useful even after you no longer need to block EU access.
WP GDPR Compliance
WP GDPR Compliance gives you the power to review your website for compliance issues in seconds with the click of a button. It is an incredibly handy tool for developers who are currently in the process of updating to become compliant as well as those who prefer to err on the site of caution with oversight.
This plugin works on basic WordPress websites and integrates with most well-known webshops, including WooCommerce. It also works flawlessly alongside Gravity Forms and Contact Form 7, making it easier to set up consent forms and signups. Best of all, it gives you handy suggestions for potential issues, all from within the back end.
GDPR by Trew Knowledge was created to “assist a Controller, Data Processor , and Data Protection Officer (DPO).” It’s a higher-level functioning GDPR plugin that best serves the needs of large-scale businesses, corporations, and sprawling WordPress networks.
“GDPR” is one of the most feature-rich WordPress plugins available to date; it is absolutely packed with functionality. Just look at these options:
- Manage consent
- Privacy Preferences
- Banner and UI Notifications
- Version Control for Privacy Pages
- Re-Consent Management and Acquisition
- Double Opt-In Confirmation Email Mailouts
- Erasure and Deletion of Data Request Management
- Effective Management and Publishing of DPO Contact Info
- Full Data Encryption for User Data and Consent Information
- Data Portability and Exporting Management (including JSON and XML)
- Two-Factor Decryption with Secret Token Access for Better Security
- Data Breach Monitoring and Instant Notification of Access
- Batch Email Mailout Options for Data Breach Announcements
Add to this telemetry trackers, tools that prevent visitors from using workarounds like adblockers to skip compliance agreement, and a long list of other options. Best of all, it’s easy to use, easy to install, and easy to manage, even if you’re not a WordPress whiz.