eCommerce

Ask Yoast
Preparing for the General Data Protection Regulation (GDPR)

Ask Yoast: Preparing for the General Data Protection Regulation (GDPR)

Maintaining a website is hard work, and to do it right, you have to be skilled in many things: writing, editing, SEO, marketing (if you own a business) and perhaps even a bit of coding, to name but a few. But that’s not all. If you handle and collect the data of your site’s visitors, you should also familiarize yourself with relevant laws on data protection and privacy.

In April 2016, a new regulation on privacy and data protection was adopted by the European Parliament and the European Council. After a transition period of two years, the General Data Protection Regulation (GDPR) will become enforceable from 25 May 2018 onward. This means you can get a fine if you don’t comply with the GDPR.

Improve the sharing experience of your products on social media with the Yoast WooCommerce plugin! »

Yoast WooCommerce SEO plugin Info

It’s important to note that the GDPR doesn’t just apply to organizations located within the EU. It also applies to organizations located outside of the EU, if they offer services or products to, or monitor the behavior of people residing in the EU. The consequences of this law for you and your business depend on the kind of data you handle and if (and how) you get consent for that. So, what to do when preparing for the GDPR? Let me give you my take on the subject in this week’s Ask Yoast!

Joerg Gastmann emailed us his question on the GDPR:

At YoastCon 2017, Dixon Jones mentioned that certain plugins collect data about users and this might cause problems with the EU General Data Protection Regulation (GDPR). What should a webmaster do to avoid legal penalties for using plugins, like Jetpack, that process statistical/user data on their servers?

Watch the video or read the transcript further down the page for my answer!

Preparing for the GDPR

“Well, you don’t get a penalty specifically for the fact that these plugins are using that data. You get a penalty for not getting your user’s consent for doing that. So you should get your user’s consent, or stop doing that. Some of these things you can put into your general terms of service because they’re required for your business to work.

But if you’re doing things like profiling people based on what they visited, based on information they’ve given you them about them, then you should really dive into the GDPR. This is not something I can easily answer in a couple of minutes. It’s a lot of work. There are a lot of people that are very hard at work, making sure that we can do all the things in WordPress that you should be able to do under the GDPR. So yeah, dive in, consult a lawyer- I’m not a lawyer. Good luck!”

Ask Yoast

In the series Ask Yoast, we answer SEO questions from our readers. Have an SEO-related question? Maybe we can help you out! Send an email to ask@yoast.com.

Note: please check our blog and knowledge base first, the answer to your question may already be out there! For urgent questions, for example about our plugin not working properly, we’d like to refer you to our support page.

Read more: ‘Yoast and the GDPR’ »


3 Responses to Ask Yoast: Preparing for the General Data Protection Regulation (GDPR)

  1. peter meehan
    By peter meehan on 12 April, 2018

    Great article on GTPR. Like most of the articles on Yoast I read it and often print them out. we are having issues educating our clients on the complexities of GDPR. But I feel there is a real opportunity with this
    1. Clients will need to attract more customers to their sites
    2. Better SEO (Yoast)
    3. Better giveaways – we are moving to getResponse for our marketing

    I am an SEO and email marketing nut. I believe this is the way forward

    Its an interesting time.

  2. Joep
    By Joep on 12 April, 2018

    The consequences of the GDPR are huge for webdesigners and their clients as they need to be informed and helped along the way making their websites GDPR approved. Glad to hear Yoast (one of my standard plugins) is working on it too :)

  3. John-Pierre Cornelissen
    By John-Pierre Cornelissen on 9 April, 2018

    I think the biggest problem with WordPress is that every plugin works in a different way. Let’s say I have plugins for the following systems that track users: Google Analytics, Facebook pixel, ActiveCampaign pixel. I can install a ‘cookie notice’ plugin to inform visitors about cookies, but at that moment the cookies/pixels are already placed.
    Dozens of plugins are popping up in the WordPress repository claiming some sort of gdpr compliance, but I don’t think there is a system that can block all cookies from third party developers until the visitor approves. It would be best if WordPress would provide an option for that.


Check out our must read articles about eCommerce