Tomorrow new European Union regulations (called GDPR) will become active. All sites who have visitors from European Union will need to apply them. Failing to do so can have harsh consequences. Up to 20 million Euro or 4% of global annual turnover, whatever is higher.
Before a penalty will be charged the website owner will receive at least one warning and one reprimand. I am not sure if the EU will be able to penalize a person leaving outside EU, but if the person is planning to visit one of EU countries it is best not to check it.
Is GDPR a new repression tool?
I am getting quite a lot of questions along the lines Is WPAdverts GDPR compliant? and What are you doing to make your plugin GDPR compliant? I am wondering why are the website owners so concerned with GDPR? Maybe EU did a great job promoting it, maybe it’s the high penalties or maybe both?
The fact is that these regulations are nothing new. There is already California Online Privacy Protection Act (CalOPPA) which will charge $2,500 for each copy of the non-compliant application and Children’s Online Privacy Protection Act (COPPA) with a penalty of $40,000 per violation. It might not look like much but for multiple violations, this can quickly add up and these are only 2 regulations, there is also Personal Identifiable Information (PII), Federal Trade Commission Fair Information Practices, Can-Spam Act and probably some other regulations from outside EU and US.
Don’t get me wrong I am not saying ignore the regulations and pretend nothing happens. I am saying don’t get too paranoid about it.
GDPR is a good thing!
GDPR is a good thing (compared to stupid cookie law which will be removed soon). If i would have to sum the GDPR in a single sentence … i would copy it from EU website
Protect the rights of people giving you their data.
These regulations give users back control of their own data. What I mean by that is GDPR requires site owners to:
- The right to be forgotten – Allow users to delete their data at any time. Either directly from the site or by emailing the website owner.
- The right to take your data with you – Users should be able to export their data. Similarly as above directly from the site or by emailing the website owner.
- Get clear consent – If you are storing the data for a user you have to get a clear consent. This means that at the end of the form you need the user to accept your privacy policy, terms of service and etc., what is important is that the checkboxes cannot be checked by default.
Using a software you can automate all of these things. If you are using WP 4.9.6 you already have in wp-admin / Tools panel options Export Personal Data and Erase Personal Data. They will take care of points #1 and #2 (although by default the cannot export user Ads, we will be adding this feature soon).
To be compliant with point #3 you just need to make sure no checkbox is checked by default in [adverts_add]. We also prepared a simple GDPR Compliance For WPAdverts code snippet which allows listing Privacy Policy, Terms and Conditions, Cookie Policy and etc. with links to correct pages at the end of [adverts_add].
GDPR Compliance for WPAdverts [adverts_add] shortcode.
What does my Privacy Policy need to contain?
The following information should be included in the privacy policy. Note that you should use a language that is easy to understand. Hiring your lawyer to write the Privacy Policy might not be the best idea.
- Explain who you are. Why are you processing the data, how long will it be stored and who will receive it.
- Explain how (via email or website update) and when (from 24 hours to 30 days) you will inform the users in case of a data breach.
- Tell the user which personal data you will be storing.
- Inform the user if you are collecting their data for legally-binding agreements (like a loan).
I suppose that for most of the readers all this sounds very confusing. Fortunately, there are already GDPR compatible Privacy Policy generators which will allow you to generate a Privacy Policy for your website.
The best (free) generator I found is FreePrivacyPolicy.com, it requires filling a quite lengthy form but the generated policy will be custom tailored to your needs.
Two other I can recommend are TermFeed Privacy Policy Generator and GetTerms Privacy Policy Generator, unfortunately, both of them are paid.
Note that your Privacy Policy should be easily accessible. In most cases, it is best to just put a link to the Privacy Policy page in your website footer.
Tl;Dr; Is WPAdverts GDPR compliant?
For the most part, it is. The only missing part is a “Agree to Privacy Policy” checkbox in [adverts_add] shortcode. The checkbox you can add using GDPR Compliance For WPAdverts snippet linked above or using the Custom Fields extension.
Whatever method you choose make sure the “i agree …” checkbox will link to your detailed and accurate privacy policy. Your privacy policy and how you will handle the user data is key to being compliant, not the plugins you use.
Top Photo by Fernando Arcos from Pexels.
Comments (4)
Nice Article, thanks for this information.
Think an update from WPAdverts to export and erase data through the WP 4.9.6 export and earase function would be helpful and hope you can implement this soon.
Thanks a lot and regards
Patrick
I’ll second the request to integrate with wp 4.9.6 export/erase feature. Also, consider adding a built-in ad deletion feature (eg. retain an ad after it expires for a time period to allow renewal, then automatically delete).
Have spent some time looking through your Demo site.
With regard to GDPR compliance, I notice you are missing an acceptance checkbox on your Author “Register” form!
I see you have developed a “snippet” of code to add this requirement to the placing an Add form, but seem to have missed this on the registration form.
All signup forms that require personal data need this to be fully compliant.
Regards.
Hi, thanks for the comment i will look into updating the snippet, in the meantime you can make it work with the Author registration form by replacing line 25 in gdpr-compliance-for-wpadverts.php file that is
if( $form["name"] != "advert" ) {with
if( ! in_array( $form["name"], array( "advert", "author_profile" ) ) ) {