I've purposefully written about GDPR Web Compliance several times recently, but there's one more I feel I need to update you all on. FULL GDPR Web Compliance.
You see, an earlier GDPR post of mine, read that you should first audit your website for where you're collecting user information, then update your privacy policy, then "decide whether or not to take further action":
Decide whether or not to take further action. If there's a chance that anything you learned in step 1 about how you're collecting user data puts you in a position where there's a chance that an EU company or citizen would submit their information to you, then their expectations are are going to be that you've accounted for the following basic things on your website...
- data accessibility - On the data request page users can request access to their personal data.
- viewable data - Make it possible for users to view their personal data
- updateable data - Make it possible for users to update their personal data
- downloadable data - Make it possible for users to download their personal data
- request for removal - Make it possible for users to request for their personal data to be removed
What I mean by that specifically are the following:
2. Add a floating Cookie Compliance Notice that the user sees at the bottom of our website
3. Add a consent checkbox on all forms on your site.
4. On your privacy policy, add a link to a page where users can request their personal information, like this one.
5. Now, on a WordPress site, using a plug-in like this one allows for all users to request access to view and delete their own information and have it be sent to them in an email, without you as the site admin needing to do anything. It's all automated, and you're fully compliant.
This last screen is really what GDPR wants users to be able to do.
- data accessibility - On the data request page users can request access to their personal data.
- viewable data - Make it possible for users to view their personal data
- updateable data - Make it possible for users to update their personal data
- downloadable data - Make it possible for users to download their personal data
- request for removal - Make it possible for users to request for their personal data to be removed
Now, if you don't want to take it this far just yet, it's also good to know that if you have a WordPress site, upgrading to WP Core Update 4.9.6 added tools for you to be compliant, but not have it be as automated as I outlined above with the GDPR plug-in.
Also, Enfold Theme version 4.4 has added tools for GDPR. We're fond of this theme, and so natively most of our clients are already covered between the WP Core Update and Enfold Update.
Having said that, if your company frequently has users from Europe visiting your website, they will actually expect the above functionality. So if you're in that camp, it's wise to upgrade to the functionality outlined above.
More resources are below, and feel free to contact me directly at paul@datadriven.design for any GDPR help, including implementation of items 1-5 above!
Thanks for reading, and have a great day!
Paul Hickey, Founder / CEO / Lead Strategist at Data Driven Design, LLC has created and grown businesses via digital strategy and internet marketing for more than 10 years. His sweet spot is using analytics to design and build websites and grow the audience and revenue of businesses via SEO/Blogging, Google Adwords, Bing Ads, Facebook and Instagram Ads, Social Media Content Marketing and Email Marketing. The part that he’s most passionate about is quantifying next marketing actions based on real data.
