As your trusted web partner, we thought we’d give you the breakdown of what Europe’s GDPR (General Data Protection Regulation) might mean for your business.
At the moment only businesses operating in or with individuals in Europe have to disclose to its users how their business collects, uses and stores users’ personal and sensitive data, such as names, home addresses, the users’ IP address, location data, cookies, etc. Users are also able to ask those same companies to delete their data.
While you may not be doing business in the EU, you should note that the GDPR compliance is a complex process and is likely to influence US privacy laws, such as HIPAA, in the near future. And while complying with the GDPR is preparation for what’s likely to come, it also helps to foster a safer internet.
Below are some practices that we already have in place, as well as, some practices that you may want to put in place if you would like to make your website more GDPR compliant.
How Our Data Centers Handle & Protect Data
HTTPS and SSL Certificates to encrypt information as it travels from the user’s computer to our server
Utilizing pseudonymization by obfuscating entries of PII (personally identifiable information) from other identifying information
Utilizing encryption to protect data in use and at rest
Controlled methods of access (logins, facility access) for individual users
Compartmented, or need-to-know, access to information and all additions, changes, or deletions of data is logged
Redundant systems such as internet services, utilities, HVAC, and hardware with no single point of failure
Reviews and audits of hardware and infastructure to ensure that it is capable under expected loads
Continuous internal and external audits of compliance with common security and privacy standards such as HIPAA, FERPA, SOX, SOC, or PCI DSS, all of which have similar requirements to the GDPR
Not receiving or storing information unless it is absolutely necessary
A user data request, export, and deletion option has been added for WordPress. An admin may input an email address into a field prompting WordPress to send the user their data (only including registered user information and comments) through email and confirm deletion if necessary. This may not include 3rd party plugin information such as form data.
Users now have the option of hosting Google fonts locally to reduce transfer of IP address information.
Privacy settings have been added for embeds such as YouTube, Facebook, Twitter, etc. This will help users to opt into these cookies collected by these services before interacting with videos or feeds.
A custom registration message option has been added for new user registration forms so that an opt-in statement may be included.
More transparency has been added by the theme about when your data as a theme user is being collected.
If you have one of these in place on your website, but do not have access to these capabilities in the new updates, get in touch with us and we will help you make use of these new features.
Updates That Can Be Made To Your Existing Website
Add Opt-in Check Boxes to Existing Forms
If you have existing contact, career, or other forms existing on your site, a checkbox can be added to the existing form enabling users to opt-in to their data being stored when the form is submitted.
Set Up Google Analytics to Track Only After Explicit Consent Has Been Given
If you have Google Analytics on your website, users need to be able to opt-in to their data being tracked as well as have the right to request it be deleted. Google recently made some updates to make this easier, but it also requires a more integrated approach to tracking with tag manager and an opt-in form involved. Meet with a developer to better integrate google analytics in an opt-in friendly format as well as a legal counsel or a GDPR expert to identify all the changes your company needs to make.
Plugins That May Be Utilized to Make Your Site More GDPR Friendly
This plugin can help you in the process of identifying cookies and third party communications on your site through their documentation and setup.
It allows users to request download and deletion of their personal data through forms on the website and allows you to automate the process through WordPress. *However, this may not help you identify all data, associated with a user if you collect data through 3rd party plugins such as forms.
Allows for mass emails to users when a data breach occurs as well as adding version control to privacy policies for updated consent.
***Using these plugins alone does not guarantee that your site is GDPR compliant. These plugins are simply helpful suggestions to push companies in the right direction and will require the assistance of a web developer, legal counsel, or GDPR expert.
Likewise to Forbes, we at Firefly Marketing Inc. believe that
It all comes down to trust and transparency. Customers want to know they can trust companies to take care of their personal information and not sell it or use it inappropriately. Companies that can demonstrate customer trust will be much more successful than unprepared companies inundated with customer deletion requests.
Slash – The Trifecta: part Developer, part sympathetic ear, and part water cooler attendant, Scott has been earning his Slash at Firefly since 2001. The voice of reason with an infectious laugh, “Dr.” Scott’s empathetic instincts add needed balance to logical thought with his approach to problem solving. Proud enforcer of the Scott Effect, tech troubles are resolved just by his mere presence! Combining candor and wit, he has rightfully earned his place as the office Right Hand Man.