Tomorrow new European Union regulations (called GDPR) will become active. All sites who have visitors from European Union will need to apply them. Failing to do so can have harsh consequences. Up to 20 million Euro or 4% of global annual turnover, whatever is higher.
Before a penalty will be charged the website owner will receive at least one warning and one reprimand. I am not sure if the EU will be able to penalize a person leaving outside EU, but if the person is planning to visit one of EU countries it is best not to check it.
Is GDPR a new repression tool?
I am getting quite a lot of questions along the lines Is WPAdverts GDPR compliant? and What are you doing to make your plugin GDPR compliant? I am wondering why are the website owners so concerned with GDPR? Maybe EU did a great job promoting it, maybe it’s the high penalties or maybe both?
The fact is that these regulations are nothing new. There is already California Online Privacy Protection Act (CalOPPA) which will charge $2,500 for each copy of the non-compliant application and Children’s Online Privacy Protection Act (COPPA) with a penalty of $40,000 per violation. It might not look like much but for multiple violations, this can quickly add up and these are only 2 regulations, there is also Personal Identifiable Information (PII), Federal Trade Commission Fair Information Practices, Can-Spam Act and probably some other regulations from outside EU and US.
Don’t get me wrong I am not saying ignore the regulations and pretend nothing happens. I am saying don’t get too paranoid about it.
GDPR is a good thing!
GDPR is a good thing (compared to stupid cookie law which will be removed soon). If i would have to sum the GDPR in a single sentence … i would copy it from EU website
Protect the rights of people giving you their data.
These regulations give users back control of their own data. What I mean by that is GDPR requires site owners to:
- The right to be forgotten – Allow users to delete their data at any time. Either directly from the site or by emailing the website owner.
- The right to take your data with you – Users should be able to export their data. Similarly as above directly from the site or by emailing the website owner.
Using a software you can automate all of these things. If you are using WP 4.9.6 you already have in wp-admin / Tools panel options Export Personal Data and Erase Personal Data. They will take care of points #1 and #2 (although by default the cannot export user Ads, we will be adding this feature soon).
- Explain who you are. Why are you processing the data, how long will it be stored and who will receive it.
- Explain how (via email or website update) and when (from 24 hours to 30 days) you will inform the users in case of a data breach.
- Tell the user which personal data you will be storing.
- Inform the user if you are collecting their data for legally-binding agreements (like a loan).
The best (free) generator I found is FreePrivacyPolicy.com, it requires filling a quite lengthy form but the generated policy will be custom tailored to your needs.
Tl;Dr; Is WPAdverts GDPR compliant?
Top Photo by Fernando Arcos from Pexels.