What You Need to Know About GDPR Compliance

with No Comments

There’s a ton of talk around GDPR and actually some fear tactics to scare people into buying products and services they might not even need. I bet you are getting a ton of these updated policies in your inbox from different services you use. I sure have been getting a ton!

While I’m not a lawyer (I’m a business owner like you), I can give you some guidelines around how to handle this whole GDPR thing.

Let’s start with what the heck is GDPR?

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU).

Sounds like it doesn’t apply to you but it does. Your business is on the World Wide Web so you can collect data from an EU citizen and may not even know it.

Remember, this is all to help protect consumers’ personal information. The larger scope of everything, this is a good thing!!

#1 Thing You Can Do

1) Update your privacy policy

What is a privacy policy? A privacy policy tells people how your site processes data and what you do with any data you collect. So if you collect email addresses, what will you do with those? Those types of questions. We are recommended that you have a privacy policy on your site, either using this tool or speaking with your lawyer. Privacy Policy Template offers a free template to create your own privacy policy.

Other Helpful Things:

What is a cookie? An HTTP cookie (also called web cookie, Internet cookie, browser cookie, or simply cookie) is a small piece of data sent from a website and stored on the user’s computer by the user’s web browser while the user is browsing.

2) Update your Cookie Policy

How do you know if you are using cookies on your website?

There’s a good chance if you

  • have Google Analytics installed to analyze website traffic
  • use your Facebook pixel for Facebook ads
  • have a SquareSpace site
  • are you selling and collecting credit card info?
  • have a WordPress plugins that uses cookies?

Be aware you need to be transparent and let people know you have a cookie policy. Just be straight forward and these types of notices will become more common.

One easy solution is to use this free WordPress plugin to enable compliance with EU cookie law regulations: https://wordpress.org/plugins/cookie-notice/

3) Make sure your WordPress website is up to date!

Make sure your WordPress website is up to date, visit WordPress to find out the latest version. WPBeginner has a great resource on checking which version of WordPress you are currently running. This update covers a few items such as

  • Logged-out commenters will be given a choice on whether their name, email address, and website are saved in a cookie on their browser.
  • Site owners can now designate a privacy policy page. This page will be shown on your login and registration pages. You should manually add a link to your policy to every page on your website. If you have a footer menu, that’s a great place to include your privacy policy.
  • Site owners can export a ZIP file containing a user’s personal data, using data gathered by WordPress and participating plugins.
  • Site owners can erase a user’s personal data, including data collected by participating plugins.

4) Make sure your webforms and opt-ins are GDPR Compliant

For example, if you have a lead magnet or opt-in to get email sign-ups, be clear about the kinds of emails you’re going to send people once they sign up. Ideally you could say below the opt-in “Adding your email means you are signing up for my weekly newsletter list and promos”.

The main point is to be very transparent about what you are doing. Most of the main email newsletter subscribers should be helping you with these options.

Also, there’s GDPR Compliance for WordPress Forms. It’s a free and easy WordPress Plugin. It can add compliance language to the most common forms including comments, Gravity Forms, and Contact Form 7.

5) Decide if you need to re-confirm content with your email subscribers

When GPRD exploded in May 2018, you might have gotten a lot of emails saying: “Do you want to continue receiving emails from me?”

If you are in a situation and can’t really prove that people gave consent to get marketing emails from you, then you might want to do this too. Go ahead and send them a similar email.  That way you know you’ll get the real people who want to opt-in.

Also, to comply with the GDPR, you only need this consent from people in the European Union. If your email provider doesn’t have a way to segment people by country or region, send the email to everyone.

Make it easy for people to unsubscribe from your list. Have it in a obvious place at the bottom of your newsletter.