On the 25th of May 2018 (some sites say 26th) GDPR compliance will come into effect for all websites that capture Data via contact forms, purchases, email sign sups and even personal emails and on comments on blogs.
This truly does mean all websites that deal with European based users in any way shape or form.
So, what does it actually mean to us, you and the many websites out there?
In reality, nothing much has changed from the cookie law, can-spam or any other rules and regulations that control what data we as website owners collect in our day to day business. The GDPR simply attempts to roll all of them into one simple to use, simple to understand methodology and compliance advice guidelines. Yes, the EU has a big stick to wield on non compliance but as small businesses as long as you allow all your visitors to OPT IN – give a clear indication to them of how you intend to use their data. Give explicit instructions on how to get removed from a mailing list or your store data (remember, if you have details of a customer in your store and they want that deleted, you must for Tax purposes inform them that you will keep that data for up to 7 years in order to comply with your tax office but, will not use it for any other reason) .
Where GDPR advice is not clear is where you are being told by a lot of advisors, that you need a data officer or DPO- not quite true.
DPOs must be appointed in the case of: (a) public authorities, (b) organizations that engage in large scale systematic monitoring, or (c) organizations that engage in large scale processing of sensitive personal data (Art. 37). If your organization doesn’t fall into one of these categories, then you do not need to appoint a DPO. (Source) I.E PayPal, Amazon etc.
The basis of this directive is aimed at the Big Boys, just as the VATMOSS was aimed at companies registered in low VAT Euro States. GDPR must be observed but only as far as you need to observe it so, don’t panic, its all going to be OK.
EDIT Updated 8th of May 2018
After much research I am still of the opinion that you do not need to worry too much about the GDPR – here are some links that will help you comply – its always a good idea to make sure you read the manual right?
I have taken legal advice and the consensus is that as long as you are doing your very best to comply, the GDPR authority will be very accommodating. Remember, complying is all part of doing business and by demonstrating that you are making best efforts to protecting and using customer data responsibly and appropriately you will benefit in many ways, especially – trust!
Follow this link and spend some time getting to know what you need to do to comply – its the greatest myth buster there is as its from the horses mouth.
We also have a useful plugin that works with Bloom and the Divi Optin module – take a look here
Cookiebot is my go to on giving consent for cookies – (not an affiliate link)
Note: GDPR removes the ability for interpretation and is a law binding regulation “as is”. It will be the same across every affected state.
Hi @Andrew – just a quick question, what’s the cookie disclaimer api you’re using at the bottom of this page? That would see to do the trick, yes?
That’s only part of the story yes but you do have to take some internal measures as well. Go to cookiebot.com and follow the instructions to implement
That’s a great idea and we may have a solution arriving soon for all divi users.
nice post! Thank you for explaining this in so much detail and drawing attention to it.
Well, that optimism sounds a bit too good to be true.
For example, what about Google Analytics? What about Plugins like AntiSpamBee that send plain text to Google to check the language? What about Facebook Pixels that send data to Facebook Servers, effectively de-anonymising website visitors at (least to Facebook)?
As far as I understand the new legislation, visitors should be presented with the possibility to opt out of all of these data transactions not only with my server, but also with third party servers. But so far, I see none of the Theme or Plugin developers react.
With three months still to go, it’s a bit of a shame that so much is still in the unknown, isn’t it?
Any clarification on the above mentioned topics would be highly appreciated!