Preparing for the General Data Protection Regulation (GDPR)
Maintaining a website is hard work, and to do it right, you have to be skilled in many things: writing, editing, SEO, marketing (if you own a business) and perhaps even a bit of coding, to name but a few. But that’s not all. If you handle and collect the data of your site’s visitors, you should also familiarize yourself with relevant laws on data protection and privacy.
In April 2016, a new regulation on privacy and data protection was adopted by the European Parliament and the European Council. After a transition period of two years, the General Data Protection Regulation (GDPR) has become enforceable from 25 May 2018 onward. This means you can get a fine if you don’t comply with the GDPR.
It’s important to note that the GDPR doesn’t just apply to organizations located within the EU. It also applies to organizations located outside of the EU, if they offer services or products to, or monitor the behavior of people residing in the EU. The consequences of this law for you and your business depend on the kind of data you handle and if (and how) you get consent for that. So, what to do when preparing for the GDPR? Let me give you my take on the subject in this week’s Ask Yoast!
Joerg Gastmann emailed us his question on the GDPR:
At YoastCon 2017, Dixon Jones mentioned that certain plugins collect data about users and this might cause problems with the EU General Data Protection Regulation (GDPR). What should a webmaster do to avoid legal penalties for using plugins, like Jetpack, that process statistical/user data on their servers?
Watch the video or read the transcript further down the page for my answer!
Preparing for the GDPR
“Well, you don’t get a penalty specifically for the fact that these plugins are using that data. You get a penalty for not getting your user’s consent for doing that. So you should get your user’s consent, or stop doing that. Some of these things you can put into your general terms of service because they’re required for your business to work.
But if you’re doing things like profiling people based on what they visited, based on information they’ve given you them about them, then you should really dive into the GDPR. This is not something I can easily answer in a couple of minutes. It’s a lot of work. There are a lot of people that are very hard at work, making sure that we can do all the things in WordPress that you should be able to do under the GDPR. So yeah, dive in, consult a lawyer- I’m not a lawyer. Good luck!”
Ask Yoast series
In the Ask Yoast series, we answered SEO questions from our readers. Check out the other questions!
3 Responses to Preparing for the General Data Protection Regulation (GDPR)
Great article on GTPR. Like most of the articles on Yoast I read it and often print them out. we are having issues educating our clients on the complexities of GDPR. But I feel there is a real opportunity with this
1. Clients will need to attract more customers to their sites
2. Better SEO (Yoast)
3. Better giveaways – we are moving to getResponse for our marketing
I am an SEO and email marketing nut. I believe this is the way forward
Its an interesting time.
The consequences of the GDPR are huge for webdesigners and their clients as they need to be informed and helped along the way making their websites GDPR approved. Glad to hear Yoast (one of my standard plugins) is working on it too :)
I think the biggest problem with WordPress is that every plugin works in a different way. Let’s say I have plugins for the following systems that track users: Google Analytics, Facebook pixel, ActiveCampaign pixel. I can install a ‘cookie notice’ plugin to inform visitors about cookies, but at that moment the cookies/pixels are already placed.
Dozens of plugins are popping up in the WordPress repository claiming some sort of gdpr compliance, but I don’t think there is a system that can block all cookies from third party developers until the visitor approves. It would be best if WordPress would provide an option for that.