Photo Courtesy of Shel Rogers Photography | Clovis NM

Photo Courtesy of Shel Rogers Photography | Clovis NM

Online privacy and the passage of the General Data Protection Regulation (GDPR) in the European Union (EU) has been in the news lately.

According to the GDPR,

“If your company is not established in the Union but offer good or services, paid or free to data subjects in the Union, you must respect EU General Data Protection Regulation (GDPR) legislation and privacy rights. Understand the new rules for your business from the point of view of personnel, process and technology changes and prepare the application of the regulation in a timely manner.”

Update WordPress to the latest version.

The latest WordPress release is a privacy and maintenance release.

“The European Union’s General Data Protection Regulation (GDPR) takes effect on May 25. The GDPR requires companies and site owners to be transparent about how they collect, use, and share personal data. It also gives individuals more access and choice when it comes to how their own personal data is collected, used, and shared.

It’s important to understand that while the GDPR is a European regulation, its requirements apply to all sites and online businesses that collect, store, and process personal data about EU residents no matter where the business is located.”

Have a clear privacy policy.

If your website doesn’t have a privacy policy, it’s time to write one. The latest version of WordPress includes a Privacy option in the Settings menu that is really helpful. The administrator Privacy option has a guide to create a privacy policy for your website. The guide asks questions about your site and even gives sample text that you can use on your website. Take the time to write your privacy policy using clear and transparent language while making it easy to understand and easy to find.

Be clear about cookies, how they are used, and how long they last.

Cookies are used on any site that offers a customized user experience. This includes online stores, registered accounts, analytics, and more. Clearly state how your site uses cookies and why. Also detail how long the cookies will last.

Make sure you understand how your WordPress plugins collect data.

If you’re using WordPress, you’re probably using a few plugins. Plugins that collect information should follow these standards. Do your homework and read the details available for the plugins you use. 

Limit the data you collect and store via form submissions.

Forms can collect a lot of personal information. Make sure your forms only collect what you need to get the job done. Only use the fields you actually need. When it comes to the information you collect, don’t keep it longer than necessary. Many form plugins store information in the WordPress database. If the one you’re using has a “do not store” option, use it. When building your forms, include text that states why you’re asking for the information.

Clean up mailing lists.

Make sure the people in your lists have given the okay for their information to be collected. Include unsubscribe links in anything you send and only collect the information you need. Give all users the right to easily access their information and the right to be forgotten.  Only the people who need the information to perform their jobs should have access to the data (whether in the cloud, servers, or on local computers).

Move your site to HTTPS.

It’s time to invest in an SSL certificate, if you don’t have one already. HTTPS creates a safe and secure connection between your site and their computers by encrypting the communication between your website and a user’s browser.

This is really just a starting point, and your website may already have taken all of these steps. It’s good for your website, and your site’s credibility, to be open and transparent about the online experience you’re creating.