INSIGHTS - June 2018

The GDPR, Better Privacy and You

privacy policy website updatesPrivacy has been the buzzword for June 2018 and inboxes are jammed full of privacy policy updates. This is due to the new online privacy laws introduced in Europe on May 25th. The GDPR or General Data Protection Regulation is a step in the right direction towards personal privacy.

Privacy policy documents have always been painfully long and written in a micro font – designed specifically not to read. Agreeing to them has also been a prerequisite for the use of the site or service – e.g. “By subscribing to this site, you agree to our terms and conditions.” They didn’t have to tell you your personal information would be shared with a multitude of third parties who will spam the daylights out of you. They didn’t have to tell you anything.

The details of the GDPR are almost as long and convoluted as those policy documents. However, it has some basic guidelines that, if implemented with some common sense, make it easy to comply with.

1. Consent and Control

  • Explain your personal data usage up front in clear, plain language
  • Allow users control over how and where their data is used and shared
  • Allow users to request access to all data you have stored on them
  • Data collection of children under 16 requires parental consent.

2. Transparency

  • Complete transparency around changes to terms and policies

3. Right to be Forgotten

  • Allow users to erase themselves completely from your records

4. Data Breach

  • If you experience a data breach, you are required to notify your contacts within 72 hours.

Who does it affect?

It’s an EU regulation. Local businesses outside the EU that only serve their local community don’t need to worry too much about all this. It is, however, good practice to tell people what you are doing with their information and give them control over it.

However, the GDPR has a surprisingly long reach. For example, if people in the EU browse your website and you use marketing automation or lead tracking software to collect IP addresses and locations, you’re affected.

You also need to let people know if you use cookies on your site or track site traffic with Google Analytics or Facebook pixel tracking.

New WordPress GDPR Features

WordPress has added a few features to help you comply with the GDPR. Under Settings, there is a new Privacy section that encourages you to nominate or create a privacy policy.

wordpress privacy

It also has two more features under Tools that enable you to Export Personal Data and Erase Personal Data. This allows you to quickly respond to these requests with a few clicks.

So, adding somebody to your mailing list just because they’ve bought something from you is not allowed anymore. We’ve been guilty of that. What!? Our newsletters are a community service and everyone loves them!!

However, it’s time to spring clean the old database.

  1. Update your policies and terms
  2. Make them easy to understand
  3. If you collect contact details, tell people what they are used for, how they are shared and how to access or erase them
  4. And, offer your mailing list a way out – either by way of a big UNSUBSCRIBE link or you could get really serious by making no response trigger a database removal.

Please respond to this article in 50 – 100 words why you should be taken off our mailing list. Gifts accepted.