GDPR, or General Data Protection Regulation, is a regulation protecting personal data of citizens of the European Union. Adopted in April 2016, it became enforceable on May 25, 2018. As the owner of a WordPress website, here’s what you need to know to ensure you comply with GDPR laws.
What does the GDPR do?
The GDPR creates a single data protection law for the European Union, making it easier for non-European companies to comply with these regulations. It also establishes a set of digital rights for citizens of EU countries and restricts how data on EU citizens can be collected and stored.
How does the GDPR affect WordPress site owners?
Perhaps one of the biggest changes coming to website owners is a shakeup to ICANN’s Whois database. Currently, the database stores names, addresses, and telephone numbers of website owners in a publicly-visible database, but ICANN has been notified that the database is not GDPR-compliant. ICANN’s response to the GDPR warning states that the database will become fragmented without an extension that was denied. The situation is not yet resolved, but it could lead to massive changes to the Whois database, at least for the short term.
The law applies to any company collecting data from citizens in the European Union, regardless of whether the company is based in the EU or not, so even companies based outside the EU need to pay attention and ensure compliance. WordPress is addressing the GDPR through four initiatives: adding functionality to assist site owners in creating comprehensive privacy policies for their websites, creating guidelines for plugins to become GDPR-ready, adding administration tools to facilitate compliance and encourage user privacy, and adding documentation to educate site owners on privacy and compliance.
What should you do to prepare for the GDPR’s May 25 enforcement date?
Site owners should take two important steps to ensure GDPR compliance. First, evaluate the data your site is collecting from users. Do you collect unnecessary data? Do you collect data without users’ consent? The GDPR requires data to be collected with at least one “lawful basis” for doing so — either the consent of your users or a necessary reason. As long as the data you collect fits one of their criteria, you’re in good shape.