The recent propagation of the General Data Protection Regulation (GDPR) across the internet has heavily impacted how data is dealt and treated online. While GDPR is a regulation in EU law and primarily directed towards citizens of the European Union (EU) and European Economic Area (EEA), it also affects the export of data outside EU and EEA.
As such, you can’t ignore the implications of GDPR. So you might as well get ahead of it, even if you’re not currently affected by it.
Why Are Privacy Policies Important?
Collecting personal information from users can provide valuable data for businesses looking to continuously improve their offerings.
Some of the common types of personal data collected by business websites include:
- First and last names
- Email address
- Phone numbers
- Billing/shipping address
- Credit card/Payment details
- IP address
The main thought process behind GDPR is that the personal data that every individual shares online should be regulated and protected. Without this law, the ability for online users to control and protect the personal information that websites collect would be limited (assuming they’d have any control at all).
A Brief Introduction
Address These GDPR Principles For Processing Personal Data
Under GDPR Article 5, there six principles around data collection that you must be aware of:
- Lawfulness, fairness and transparency when it comes to the data processing.
- Purpose limitation: Limitation of processing only to legitimate purposes.
- Data minimization: Collect only what is necessary and relevant for the purpose of processing.
- Accuracy: Data must be kept up-to-date.
- Storage limitation: Collected information should be kept no longer than what is necessary for the purpose for which that data is processed.
- Integrity and confidentiality: Ensure the security and protection of the collected data against unlawful and unauthorized processing.
Types of Data Collection & Process
It’s important to be very clear about what type of personal data (such as IP addresses and cookie data) you’re going to collect, as well as the process (such as specific tools) used for collection.
When disclosing the type of data you are collecting and processing, be as detailed as possible so as to be transparent with users.
Where & How the Data is Processed
Disclose the reasons for processing in terms of the types of data you’re collecting, how the data is processed, then where and why the data is being processed. Again, it’s important to be as detailed as possible about the purpose for collecting user data.
According to the principle of storage limitation, the data your website collects should only be kept for as long as necessary to process it. In other words, don’t keep data for longer than you need it.
In unavoidable cases, provide a separate section that offers explanations via definitions.
Who Has Access to the Data
Under GDPR Article 15, personal data can be transferred and shared, as long as the users are informed and have the proper legal basis for doing so. This should also cover the international transfer of data.
One important aspect of GDPR is transparency — you should be transparent regarding who has access to user data and, if applicable, who you share data with.
Under GDPR Chapter 3, the rights of the user over their personal data are stated, which include:
- Right to be informed (Article 12).
- Right of access (Article 15).
- Right to rectification (Article 16).
- Right to erasure or to be forgotten (Article 17).
- Right to restriction of processing (Article 18).
- Right to data portability (Article 20).
- Right to object (Article 21).
- Right to automated individual decision-making (Article 22).
While not everything mentioned may be applicable to your business, getting familiar with these rights is a must when it comes to handling GDPR changes and updates.
- Termageddon: A website policy generator that automatically updates whenever the laws change. They offer web agencies a free set of policies for their own website as well as the ability to resell Termageddon to their clients.
- If you’re not using WordPress 4.9.6 or above, you’ll have to update WordPress. Make sure to backup your website before doing this.
- Navigate to the updated WordPress dashboard and click Settings > Privacy.
- Edit the page as you see fit for your business needs using the information shared earlier in this article.
- Publish the page and link to it from somewhere on your website — like your navigation bar or footer.
Privacy WP by Amplify Plugins is a WordPress plugin that helps both users and website owners in accessing and handling their personal data. The plugin facilitates access on all ends, whether the data is stored on your website or somewhere else. It integrates with different third-party services such as MailChimp, Insightly, and ConvertKit.