Maintaining a website is hard work, and to do it right, you have to be skilled in many things: writing, editing, SEO, marketing (if you own a business) and perhaps even a bit of coding, to name but a few. But that’s not all. If you handle and collect the data of your site’s visitors, you should also familiarize yourself with relevant laws on data protection and privacy.
In April 2016, a new regulation on privacy and data protection was adopted by the European Parliament and the European Council. After a transition period of two years, the General Data Protection Regulation (GDPR) has become enforceable from 25 May 2018 onward. This means you can get a fine if you don’t comply with the GDPR.
It’s important to note that the GDPR doesn’t just apply to organizations located within the EU. It also applies to organizations located outside of the EU, if they offer services or products to, or monitor the behavior of people residing in the EU. The consequences of this law for you and your business depend on the kind of data you handle and if (and how) you get consent for that. So, what to do when preparing for the GDPR? Let me give you my take on the subject in this week’s Ask Yoast!
Joerg Gastmann emailed us his question on the GDPR:
At YoastCon 2017, Dixon Jones mentioned that certain plugins collect data about users and this might cause problems with the EU General Data Protection Regulation (GDPR). What should a webmaster do to avoid legal penalties for using plugins, like Jetpack, that process statistical/user data on their servers?
Watch the video or read the transcript further down the page for my answer!
Preparing for the GDPR
“Well, you don’t get a penalty specifically for the fact that these plugins are using that data. You get a penalty for not getting your user’s consent for doing that. So you should get your user’s consent, or stop doing that. Some of these things you can put into your general terms of service because they’re required for your business to work.
But if you’re doing things like profiling people based on what they visited, based on information they’ve given you them about them, then you should really dive into the GDPR. This is not something I can easily answer in a couple of minutes. It’s a lot of work. There are a lot of people that are very hard at work, making sure that we can do all the things in WordPress that you should be able to do under the GDPR. So yeah, dive in, consult a lawyer- I’m not a lawyer. Good luck!”