With a WordPress website you are guaranteed to work with personal data. Consider, for example, the data that people have to leave behind when signing up for a newsletter, filling in a contact form, responding to a blog or ordering in a webshop.
What is the GDPR privacy law?
Since 2018, there has been a law in the Netherlands that deals with this personal data. This law, also known as GDPR (General Data Protection Regulation) has (had) major consequences for many companies and the use of personal data, and therefore still applies to your WordPress website. We explain why.
What should be in this?
First of all, it is important to know what exactly we mean by personal data and when this data is privacy-sensitive. Think of personal data as all data with which you can identify people individually. These are data such as: name, postal address, e-mail address, location data and IP addresses. Additional privacy-sensitive personal data are: BSN, religion, political preferences, medical information, sexual preferences. Company information (such as organization name e-mail address, postal address), on the other hand, are not personal data.
Cookie notification
The purpose of the GDPR privacy legislation is to protect the rights of individuals. They have the right, with this law, to obtain information about the fact that their personal data is being used. This even requires explicit permission. This is done, for example, by means of an agreement on a cookie notification or when subscribing to the newsletter. In addition, the option must also exist that users can also refuse this agreement later, by the possibility to log out or to adjust cookie settings again.
Rights of the user
In addition to the right that users must give permission themselves, they may also request their data at any time from parties that collect data about them. You even have to show this information within one month . Users may also ask to rectify or remove false information altogether.
Penalty or fine in case of default
The GDPR legislation is taken very seriously and is strictly controlled. If you do not comply with the rules of this law, you run the risk of huge fines, which can amount to 4% of the annual turnover or up to € 20 million. It is therefore really important to check yourself whether you comply with the GDPR.
What exactly are cookies?
Earlier in this blog we talked about cookies. Cookies are small text files that contain information about your behavior on the visited website. For example, on which pages you have been and what data you have left behind. The website owner can use this information for various purposes, for example to improve the website or to show advertisements that match your interests.
Clear communication
The rules are now such that a website must give a notification about which cookies are used and for what purpose. The website must then also, in a clear way, ask permission for the placing of the cookies. This consent is also stored in a cookie and applies as long as this computer is on your device. If you delete the cookie, you will have to give permission again on your next visit.
What do I need to do to comply with the GDPR?
When using WordPress, you must therefore also comply with the GDPR. WordPress itself has already made certain developments that automatically help you to comply with certain rules. So first make sure you update your WordPress website to the latest version. Follow the following step-by-step plan:
- Check what personal data you collect
Find out what data you collect, store and forward on your WordPress website. To help you get started, we have a list of features that may collect this information:
– Newsletters
– Contact forms
– Members
– Social media
– Google Maps
– Statistics from Google Analytics
– WordPress comments
– Photos
– Plugins (for example for security or making backups)
Make a list of these and think not only of your (potential) customers, but also of employees, relations and website visitors. - Document this personal data
Write down in a document, also known as the processing register, what you do with all personal data. This does not have to be done with all kinds of difficult terms, it is about being able to reason the following points:
– What personal data do you store?
– What is the purpose of keeping the data?
– Who is responsible for processing the data?
– Who has access to this data?
– How long do you keep the personal data?
– Is this data anonymous or is it published somewhere?
– How do you protect the personal data?
You do not have to publish this document, but you do need it if it is requested by the Dutch Data Protection Authority. So save it somewhere internally. Also, check this file regularly. If something changes in your business operations that also affects this data, it is therefore also necessary to adjust that in this documentation. - Inform your website visitors
Be transparent about what you do regarding personal data and publish a privacy statement on your WordPress website. Fortunately, WordPress has developed a template for a privacy statement that you can place on your website. This can be done via ‘Settings > Privacy’.
Also make sure that you give visitors the opportunity to view, modify, download or delete all their personal data. - Secure the personal data properly
Ensure good security of the personal data and document this as well. Incorporate a security plan for protecting all your data.
Also secure your WordPress website, for example by linking an SSL certificate to your website. Read more about the benefits of an SSL certificate here . - Conclude processing agreements with the parties with whom you cooperate
If there are other parties that work for you with personal data from your company, you must also make processing agreements with this. Think, for example, of your hosting company, webmaster, backup services, or storage applications.
Wondering how you can properly keep track of these components and arrange them for your WordPress website? Check out our blog about GDPR and the privacy law. Do you not want to take this into account? Take a Premium Maintenance Package from us and ask about the possibilities of AVG.
What about WordPress cookies and GDPR?
There are different types of cookies. Functional cookies, for example to remember your login details or your choice of language, may be placed on a website without a cookie banner. Cookies that analyze the behavior of your visitors may be limited, the privacy-friendliness you can set yourself. All other cookies are only allowed if you have permission from the visitor. Please note: you need this permission before you place the cookies.
Do you already use cookies?
Not sure if you use cookies on your WordPress website? Online there are various tools with which you can test whether you have cookies on your website. If you only use cookies that do not require permission, it is sufficient to inform your visitors about these cookies. Do this, because it is mandatory!
Contact us
Do you not have cookies yet or do the cookies of your website not work optimally? Our WordPress specialists can solve this for you and possibly improve it. You can contact us by starting the live chat, e-mail or by calling us on 030 20 72 488.