Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If you are already familiar with what GDPR is in general, you can skip to the next step and get started with making your website compliant: Getting started with GDPR compliance.

GDPR?

GDPR stands for General Data Protection Regulation. It is a legislation that aims to protect the privacy of all EU citizens. GDPR forces organisations to make major changes in the way they handle their customers personal data, affecting their business processes as well as software. It’s a whole system of principles, rights and obligations which you will need to be familiar with. GDPR will apply from 25 May 2018.

...

Unlike the previous EU regulations regarding privacy (such as the legislation that required sites to use the annoying “This site uses cookies …” notifications), GDPR has “teeth” – and they’re sharp. If you fail to comply with GDPR, you could be fined for up to 20 million euros or 4% of your yearly turnover, whichever is higher. So it’s clear that the EU is taking privacy and data protection very seriously.

How GDPR affects your website

Starting from May 25, your website visitors have certain new rights. To give you a very short overview that omits a million details: they can request a copy of all of their data you are storing, both in human- and machine-readable format. They can request you to delete all of it. You need to have a good legal basis for gathering and using any data. Alternatively, you need to ask for consent for each purpose separately. Your customers must be able to withdraw the consent they’ve given at any time. And you are obliged to inform them of everything you do with their data, everyone you share their data with and all of their rights regarding GDPR. (We’ll go over what ‘data’ in this context means later.)

...

Based on this summary, the situation might not look too bad. But as mentioned before, this is not the full list of rights and requirements. Also, once we go into the details, you’ll see that there’s a million things to take into consideration and lots of technical difficulties that will arise. But don’t worry – that’s why we’ve built this plugin.

How GDPR affects your business

GDPR also sets some new rules for you business in general. You need to keep a registry of all data processing activities. You might need to appoint a Data Protection Officer. You need to have contracts with everyone you share customer data with. You cannot transfer customer data to someone who does not comply with GDPR. Should a data breach occur (someone else getting access to customer data, by for example a hacked website or a stolen employee’s laptop), you need to notify your local supervisory authority and possibly your customers. If you store a lot of data or work with sensitive data, you might be obliged to make a Data Protection Impact Assessment. And you are responsible for demonstrating that you’re GDPR-compliant to your supervisory authority.

And again, that’s not even the full list.

Seriously?

Yes. We know – it’s a lot of work. But we are here to help you as best as we can!

Next steps

We recommend getting started with GDPR compliance on your website as soon as possible. While making your website compliant, there’s a good chance that you’ll realise that you need the help of a developer or a lawyer. However, as May 25th approaches, other site owners will be doing the same thing and we expect that both developers and lawyers will have a lot of work in at least the following 6 months. You probably don’t want to be late.

...