Recently we discussed user privacy and the GDPR; what it is and who needs to take note. The word’s getting around and some folks are wondering ‘now what do we do?’. So today we’re going to look into actions needed to take place to achieve GDPR compliance.
Here’s what you need to have in place to achieve GDPR compliance (which you must have if you ever collect data that could be used to identify an EU resident):
- Someone within your business who is in charge of privacy. If you’re a sole trader, that’s going to be you.
- Processes for dealing with:
- “Right of Access”, “Right to Rectification” and “Right to Erasure” requests; and
- Security breaches.
As a WordPress / WooCommerce user, you’re already off to a good start. The latest version of WordPress includes new privacy settings (under
As for access / rectification / erasure requests: WordPress has new tools that will help if a user requests a copy of all of their data, or asks you to update or erase all data that relates to them. Check out
Tools > Export Personal Data and
Tools > Erase Personal Data. Instructions on how to verify and process these sorts of requests are here and here.
You’ll also need a plan that outlines what you’ll do if you ever discover that your website has been compromised (i.e. if user data collected by your website has been accessed, or might have been accessed, by unauthorised users). For GDPR compliance, there are specific responses that are required, and they have associated time limits. To help you prepare your security breach action plan, check out the recommendations here.
For our regular marketing clients Mailchimp has already taken steps to ensure their systems are GDPR friendly, with contact tools that easily allow you to modify contacts’ personal data, and if you are required to delete a contact from your list you can replace all their identifying info into your reports with anonymized activity data.
Meanwhile, take practical steps to keep your site secure. Ask us about our maintenance plans to keep your WordPress, WooCommerce and other plugins up-to-date with the latest security fixes and GDPR tools; disable and delete unnecessary plugins and themes; use strong passwords; don’t share your login details with others (set up separate accounts instead); and ensure your entire website and database is being backed up daily (site backups are included if your website is hosted with HyperWeb).