GDPR becomes enforceable on May 25th, 2018 and will affect everyone who collects data from the European Economic Area (EEA) and European Union citizens. Trew Knowledge helps you prepare with a simplified explanation of the regulation and a WordPress plugin to support compliance.
What is GDPR?
The General Data Protection Regulation (GDPR) is a data protection regulation designed to harmonize data laws across Europe, empower individuals by providing more control over their data, and to reshape the way businesses process personal data. Personal data is now more broadly defined as being any information relating to an individual’s private, professional or public life including name, home address, photos, email address, bank details, browsing activity, posts on social networks, medical information, including IP address. Essentially, any information that can be used to identify a natural person is now defined as Personal Data.
GDPR becomes enforceable on May 25th, 2018 and those that are in breach could be hit with hefty penalties — companies with the most serious infringements will be fined 4% of annual revenue or up to €20M (whichever is greater). The most recent example of a data privacy breach would be Facebook, where information was shared without consent and given the wild west of data on the web, it’s understandable why the EU is taking such a strong stance for its economic area and citizens.
What rights do users have?
The question should really be — what rights doesn’t a user or ‘data subject’ have? GDPR is very comprehensive and truly puts the privacy of the data subject, first.
Right to be forgotten also known as Data Erasure entitles the data subject to have the data controller erase their personal data from its systems and cease further dissemination of the data or processing of the data.
Right to access is the right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose in addition to being able to visualize the data a company may have on the subject.
Right to portability is the right for a data subject to receive the personal data concerning them and have the right to transmit that data to another controller.
Right to rectify & correct is the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
Right to file a complaint is the right for every data subject to lodge a complaint with a single supervisory authority.
Right to revoke consent is the right to easily withdraw consent as it is to give it. Meaning consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language.
Detailed explanations can be found here: https://gdpr-info.eu/.
Who needs to comply with GDPR?
GDPR goes beyond organizations located within the EU. It will also apply to organizations located outside of the EU doing business with or monitoring the behaviour of EU citizens — all companies processing and holding personal data of people residing in the European Economic Area, regardless of the company’s location.
And really any company who is looking to build brand trust and transparency through best practices should consider applying GDPR to their own data collection process.
How is Trew Knowledge helping WordPress become GDPR compliant?
Trew Knowledge developed a plugin for WordPress meant to assist a Controller, Data Processor, and Data Protection Officer (DPO) with efforts to meet the obligations and rights enacted under the GDPR. It provides site owners with the necessary tools to support GDPR compliance. Features include:
- Consent Management: Build loyalty with user consent and re-consent management for your Terms of Service, Privacy Policies, and create custom granular preferences for users to control and opt-out if desired.
- Cookie/Privacy Preference Management: Advocate for transparency and manage cookie/privacy preferences that users can control or opt-out of when visiting your website.
- Rights to Erasure: Build confidence with the right to be forgotten and erase or anonymize user data from your WordPress website and plugins when a request is made.
- Right to Access: Build trust with the right to access data and manage user requests for visualization or provide an export of the data.
- Right to Portability: Provide the tools for users to request their data through double opt-in confirmations and export the contents in a JSON or XML format for portability.
- Encrypted Audit Logs: Track and log all user activity from consent through to notifications, including deletion requests and data recovery with encrypted and secure audit logs.
- Data Breach Notifications: Advocate for security with data breach notification logs through double opt-in confirmation and generate affected user segments for breach notifications.
- Anonymization: Keep your content with anonymizing user data on deletion requests or re-assign content to other site user roles.
- Telemetry Data: Identify website data being transmitted by plugins to 3rd party destinations with telemetry, providing the details for consent.
What about 3rd Party systems?
Trew Knowledge is working to provide extensions to the GDPR plugin that will hook into various 3rd party systems and comply with the rights of users in addition to added functionality. Coming soon extensions include: Mailchimp, SalesForce.com, Marketo & HubSpot, and other in-demand WordPress product plugins as well.
Need an enterprise GDPR solution?
Do you need a solution to ensure GDPR compliance beyond the WordPress plugin? We’d be happy to discuss how we can build a custom solution for your enterprise. Get in touch!
What is WordPress Core doing about GDPR?
WordPress & Automattic are working towards a core solution for Privacy, Personal Data Exports & Anonymization of content whereby the plugin will adapt when core releases its features. Currently, WordPress core is aiming for some components to be released as early as version 4.9.6, while others are scheduled for version 5.0.