Everyone receives privacy emails in response to the EU (European Union) enactment of the GDPR (General Data Protection Regulation) for websites. It can sound like a “house on fire” when you also start hearing scary proclamations about getting your own website up to speed. So let's take a deep breath and tackle the reality
Why website privacy laws?
The internet has been mostly unregulated for over 20 years. There has been tremendous growth in business. 60 Minutes did a segment last week titled "How Google Got So Big". Facebook's relationship with Cambridge Analytica and the transfer of users' personal data has also drawn attention to the privacy of the website. The internet is now a booming industry used by just about everyone, so regulation is on the horizon.
A few months ago, website owners were rushing to get SSL certificates for their websites and make them more user friendly and Google search friendly. SSL not only changes your website from HTTP to HTTPS, it also offers a level of protection to the web visitor … to the consumer.
So now the EU has stepped in with laws that require disclosure of how websites handle personal data. Again, this is for the web visitor … the consumer. It offers a way to understand if their personal data is collected and how it is used.
I don't live in Europe – Why does GDPR apply to my website?
Businesses are embracing the new European regulations in the US by adopting GDPR as a matter of practice because it provides assurance to the consumer. People like to know that nothing bad is happening with their personal information. If you've watched any of Mark Zuckerberg's testimonials in front of Congress, you've probably noticed that many of the questions were about what information was collected and where it was going. This is why you get emails from everyone!
What does GDPR compliance look like?
GDPR is all about disclosure, so adopting GDPR as a guide, compliance begins with two words 'declaration and consent'. Best practice is to have a privacy statement and to ask for consent when using your website to obtain user information.
The privacy statement can be written from an example page that is in the latest version of WordPress (version 4.9.6). This new page is a guide and your own website may contain material that differs from this plan. This new page can then be added to your website structure, preferably through a link at the bottom of the website.
To demonstrate your consent, a checkbox may be added to any form that collects information from a web visitor. Checking the box confirms that they are aware that they are providing you with personal data.
It's time to get started. Placing these elements of the new regulations on your website will signal users that you are a good web manager!