On 25 May 2018, the Europian Union (EU) put a new privacy regulation into action that affects websites around the globe. The General Data Protection Regulation (GDPR) is more than 250 pages long and can get even American-based website owners into deep trouble if you don’t comply with this regulation.
The GDPR is an invisible privacy breach detector and can get you into serious trouble if you own a website and does not comply with the regulation. The GDPR is in action and has taken many big website owners down, so caution and in-depth understanding of GDPR is all that you need to survive it.
Is GDPR applicable to me?
If you have a website or a blog, there are chances that some of your website visitors are from the EU or European Economic Area (EEA). If you collect data on your website visitors through plugins, email signups or any other way; GDPR applies to you. The regulation is also applicable to all the suppliers outside the EU who offer their products or services by doing business and collecting information of EU or EEA citizens.
This article will help you get started on your GDPR compliance journey.
What is GDPR?
General Data Protection Regulation (GDPR), is a regulation in EU law on data, personal information protection and privacy for citizens of the EU and EEA, addressing the export of personal data outside the EU and EEA areas. The GDPR aims primarily to make individuals the sole owners of their personal data. It further simplifies the regulatory environment for international business by applying the regulation within the EU.
The GDPR describes 7 Fundamental principles:
- Lawfulness, fairness, and transparency.
- Purpose Limitation
- Data minimization
- Storage limitation
- Integrity and confidentiality (security)
What happens if the GDPR is violated?
If the business doesn’t comply with the Data Protection regulation, can face significant fines. These fines can be up to €20 million or 4% of annual global sales of the company, whichever is higher.
What are cookies?
Cookies are tiny text files, stored in a browser. They store information about a visitor. This information helps improve and customize the visitor’s experience.
A website can use a different type of cookies. Some cookies are created and used by the website. While others are placed by third party services, such as Google Analytics.
GDPR states that you can store cookies on your device if they are strictly necessary for the operation of the website. For all other types of cookies, you need the user’s permission.
A critical aspect of GDPR requires websites to be accountable for the cookies used on the website. The regulation requires that websites give users a choice to:
- Give consent to cookie usage on the website,
- Withdraw consent to cookie usage, and
- Delete cookie user data that was once consented
- Show what cookies are used on your website including their name, domain, purpose, and expiry.
- Categorize cookies as ‘Necessary’ (cookies that are required for using the website) and ‘Non-necessary’ (cookies required for analytics, marketing, etc.).
- Obtain user consent prior to implementing cookies that store user data.
- Take accountability of third-party cookies that you’re using on your website and the data that’s shared via them.
- Store user consent securely so it can be produced in case of need.
Like we discussed before, websites need to classify the cookies used as necessary and non-necessary cookies. To make it easy for users, cookies can be further classified as:
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
Analytics cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.
Preference cookies enable a website to remember information that changes the way the website behaves or looks, like your preferred language or the region you are in.
Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
What is Cookie Consent?
This consent depends on two elements:
- Alerting users about the cookies and their purpose.
- Providing them the choice to accept, deny, and set preferences to the cookies’ use.
GDPR Cookie Banner
GDPR compliant cookie banner is used to display to the site visitors visiting for the first time to allow them to accept, decline, or set preferences.
Cookie banner example:
By displaying these buttons in the banner that they click to allow consent to the cookies, you satisfy the GDPR consent requirement of freedom.
Create a GDPR cookie banner similar to the above or other variety of choices for your site using the GDPR Cookie Consent Plugin.
You can choose from a variety of banner templates as shown below:
WordPress GDPR Compliance
There are many WordPress plugins that can help you comply with GDPR.
The plugin helps you:
- Save hours of effort: One-click scan to detect cookies. Ready cookie data including name, domain, purpose, and expiry.
- Stay up to date: Keep your cookies up to date with our continually updated database of known cookies.
- Customize cookie information: Easily edit custom cookie names, domains, purpose, and expiry when no data is available.
- Get granular consent: Give users the choice to consent based on cookie category – necessary, marketing, analytics, and unclassified.
- Match website style: Create subtle or loud consent banners with customizable colors and button styles to match your website.
Note that cookie consent is just one aspect of GDPR. Installing the plugin does not guarantee compliance. You’ll still need to implement other aspects of the GDPR regulation.
Your website must comply with GDPR if you get visitors from EU countries. Or risk heavy penalties.
Complying with GDPR is all about:
- being open and transparent with user data,
- asking consent for its use, and
- allow users the choice to remove any of their data.
Is your website GDPR compliant? Tell us what steps you have taken to make it compliant in the comments below.