Five Critical Steps to Make WordPress GDPR Ready

There is no doubt that the risk of legal action for failure to meet GDPR requirements is real and the penalty of 4% turnover is alarming. However, a degree of perspective on the new regulations should be maintained.

Business Think has spoken to the GDPR enforcement agency, the Information Commissioners Office (ICO), several times and has only ever found their approach supportive and helpful. This is borne out by their actions. ICO statistics show that in a 12 months period the ICO instigated only 39 monetary penalties, 20 prosecutions and 18 enforcement notices in the United Kingdom. Compare this to a total business population of almost seven million.

Source: https://ico.org.uk/action-weve-taken/enforcement

We do believe in GDPR, but not because of the threat of prosecution. We believe in the new regulations because it is going to generate business benefits for everyone, particularly online.

Email marketing lists are going to be smaller but more powerful (true advocates). Security of websites is going to be heightened. Consumers are going to have added control of their data and respect brands that demonstrate they take that responsibility seriously.

The five critical steps towards online GDPR readiness are not complex and should be within the capability of most businesses with a modicum of technical knowledge. This information will point you in the right direction. 

GDPR Support

GDPR regulations come into force on 25th May 2018. With less than a week to go until the deadline, our GDPR 5 Upgrade is a quick and easy solution to help your digital marketing and WordPress website comply with the new regulations.

The Information Commissioners Office (ICO) is the enforcer of the new regulations. In January 2018 an ICO GDPR Helpline representative advised that:

“We will not have zero tolerance on May 25th. We will support businesses who are still trying to comply and can show evidence of taking positive steps towards compliance.”

STEP 1: ADD COOKIE and TRACKING CONSENT

The ICO guidance on GDPR confirms that, “If the information collected about website use is passed to a third party you should make this absolutely clear to the user.”

Under the GDPR regulations, consent must be agreed to using a clear action such as an opt-in tick box prior to setting cookies. Simply visiting a site no longer counts as consent.

Under GDPR, an IP address is personal data owned by the data subject. This information is transferred when tracking takes place using services such as Google Analytics, social media advertising and live chat.

Add a pop-up alerting your visitors that you are about to set cookies, explain what the cookies do and offer the person a choice to agree or refuse to accept the cookie. Cookie consent is clear and unambiguous.

STEP 2: UPDATE DATA POLICY

Under GDPR the website owner is now responsible for ensuring visitors know how their data will be stored, where and why. A GDPR compliant Privacy Policy (including a Cookies statement) must clearly set out this information for the visitor.

It is unlikely your current Privacy Policy and Cookie statement is GDPR compliant, as new requirements have been introduced requiring added transparency on what you do with visitor data. There is also a new level of scrutiny on securing data in terms of storage and transmission over the Internet.

Our recommended solution is to add the new information required to your policies. WordPress has introduced tools to assist with the production of GDPR compliant policies. 

STEP 3: LINK FORMS TO PRIVACY POLICY

The purpose of most website forms is to collect personal data. Under GDPR you must obtain opt-in consent from visitors prior to accepting their details. The form must include information on usage and a link to the GDPR privacy policy. Consent must be clear and unambiguous. A consent check box must be a compulsory field on the form to ensure agreement is given prior to sending details.

Use the WordPress GDPR Privacy Policy template to produce your required document and link this to your contact forms.

STEP 4: ENABLE GDPR EMAIL SIGN-UP

Under GDPR, contacts must not be automatically added to marketing lists without consenting to receive emails using an opt-in checkbox.

In response, email marketing providers such as Mailchimp have all recently updated their terms and conditions and introduced GDPR compliant tools for customers.

Update your email marketing sign up form to ensure GDPR information is provided prior to ticking an opt-in for consent. Plugins that allow users to sign-up for marketing lists must be updated to ensure the process is GDPR ready.

STEP 5: APPLY SSL ENCRYPTION

Websites must ensure that transmission of user data sent via the Internet is secure e.g. a contact form submission. SSL encrypts data transferred between the browser and server, reducing risk of data breach.

The case for HTTPS is now overwhelming – GDPR compliance is heightened, Google ranking benefits are awarded and customer perception of a secure website is guaranteed (the Google Chrome browser now displays security warnings about sites that do not have SSL enabled).

Add SSL and HTTPS to your website. You may also need to upgrade to SSL hosting at your Internet Service Provider (ISP)*.

Business Think Digital is not a solicitor and is not providing legal advice. We are digital marketing experts and understand the implications of GDPR online. If you require legal advice on the offline GDPR regulations, please contact a qualified legal representative.