GDPR Compliance and why you don’t need to worry – too much

On the 25th of May 2018 (some sites say 26th) GDPR compliance will come into effect for all websites that capture Data via contact forms, purchases, email sign sups and even personal emails and on comments on blogs.

This truly does mean all websites that deal with European based users in any way shape or form.

So, what does it actually mean to us, you and the many websites out there?

In reality, nothing much has changed from the cookie law, can-spam or any other rules and regulations that control what data we as website owners collect in our day to day business. The GDPR simply attempts to roll all of them into one simple to use, simple to understand methodology and compliance advice guidelines. Yes, the EU has a big stick to wield on non compliance but as small businesses as long as you allow all your visitors to OPT IN – give a clear indication to them of how you  intend to use their data. Give explicit instructions on how to get removed from a mailing list or your store data (remember, if you have details of a customer in your store and they want that deleted, you must for Tax purposes inform them that you will keep that data for up to 7 years in order to comply with your tax office but, will not use it for any other reason) .

Where GDPR advice is not clear is where you are being told by a lot of advisors, that you need a data officer or DPO- not quite true.

DPOs must be appointed in the case of: (a) public authorities, (b) organizations that engage in large scale systematic monitoring, or (c) organizations that engage in large scale processing of sensitive personal data (Art. 37).  If your organization doesn’t fall into one of these categories, then you do not need to appoint a DPO. (Source) I.E PayPal, Amazon etc.

So, basically, if you are a small business who takes orders from the general public using an outside payment processor or other small business where personally identifiable information is submitted and kept, all you need to do is explain this in plain English on your website within your privacy policy – which hopefully, most of you have already.

Remember to add to your privacy policy that commenting is also included in GDPR.

The basis of this directive is aimed at the Big Boys, just as the VATMOSS was aimed at companies registered in low VAT Euro States. GDPR must be observed but only as far as you need to observe it so, don’t panic, its all going to be OK.

We are hoping Elegant Themes and others that provide pop ups or interstitials will add a field for GDPR compliance in the form of  agree to optin and a place to put a link to a privacy policy on Bloom and any and all contact forms. Or, alternatively, we are sure a third party Divi Developer will come up with a solution soon enough 😉

Note: GDPR removes the ability for interpretation and is a law binding regulation “as is”. It will be the same across every affected state.

A little about the author, Andrew Palmer

Andrew Looks after the Developers, product updates and general maintenance of the Elegant Marketplace Website. He also runs his own Online Consultancy in the UK under the banner of Somebody's Hero.

5 Comments

  1. Natalie

    Thank you for this post Andrew! I must say I still don’t completely understand. Is a privacy policy not enough anymore? Should I make like a popup that they need to agree with first, before they can get to my (and my clients’ websites)?

    • Andrew Palmer

      That’s a great idea and we may have a solution arriving soon for all divi users.

  2. Bruno Bouyajdad

    Hello Andrew,

    nice post! Thank you for explaining this in so much detail and drawing attention to it.

  3. Christian Einsiedel

    Well, that optimism sounds a bit too good to be true.

    For example, what about Google Analytics? What about Plugins like AntiSpamBee that send plain text to Google to check the language? What about Facebook Pixels that send data to Facebook Servers, effectively de-anonymising website visitors at (least to Facebook)?

    As far as I understand the new legislation, visitors should be presented with the possibility to opt out of all of these data transactions not only with my server, but also with third party servers. But so far, I see none of the Theme or Plugin developers react.

    With three months still to go, it’s a bit of a shame that so much is still in the unknown, isn’t it?

    Any clarification on the above mentioned topics would be highly appreciated!

    • Andrew Palmer

      I see where you are going with this. But having read the GDPR extensively, there are some allowances for non compliance if the data controller (the website owner) is not in a position to control the Data Processor (Facebook et al) As always with the EU though, there is so much ambiguity and frankly, all the advice out there is based on assumptions of the directive rather than facts. If you tell your users what you are going to use that data for and stick to it, you will have no issues. There is also onus on a user when parting with their info, hence the double optin – they share responsibility with the Data Controller, no more can a user say, I didn’t read the privacy policy and did not realise what I was signing as they will have been communicated with properly -which in my view, is fair enough.

Submit a Comment

Divi is a registered trademark of Elegant Themes, Inc. This website is not affiliated with nor endorsed by Elegant Themes.

External links on this website may be affiliate links that could result in us receiving compensation (payment) when you purchase a product or service from that link. For example, we may receive pay per click revenue or commission on sales of products. This helps us to pay the bills and deliver great content for you to enjoy when you are browsing these web pages. You do not pay any extra fees for these items. Please be aware that you will need an amount of experience in WordPress to take advantage of our themes and plugins. Please make your decision to purchase based upon your skill level to see if our products fit your needs. Due to the nature of Digital Downloads. We do not offer refunds under any circumstances. If you feel that there is an issue with a product please get in touch with the developer of the product through their contact details which can be found within the plugins Dashboard, themes and documents we sell on their behalf. Rudeness to our developers or support staff will not be tolerated and support may be refused. By purchasing a product from The Elegant Marketplace you are agreeing to these terms. We do not offer custom support queries, although suggestions will be accepted and acted upon if possible. We do hold data that allows us to connect with you for product updates when you purchase a product. This is not an email marketing list. Should you wish to sign up to our marketing list, please visit our homepage where you will see an optin - we send out around two emails a week to keep you informed of product updates, WordPress News and Developer advice. You may opt out of our marketing communications at anytime by using the unsubscribe facility found at the bottom of each email. (Amended. February 6th 2018)

Get the latest news!

Join our mailing list to receive the latest news and updates from our team.

Thanks, we appreciate your support

Pin It on Pinterest