Tomorrow new European Union regulations (called GDPR) will become active. All sites who have visitors from European Union will need to apply them. Failing to do so can have harsh consequences. Up to 20 million Euro or 4% of global annual turnover, whatever is higher.

Before a penalty will be charged the website owner will receive at least one warning and one reprimand. I am not sure if the EU will be able to penalize a person leaving outside EU, but if the person is planning to visit one of EU countries it is best not to check it.

Is GDPR a new repression tool?

I am getting quite a lot of questions along the lines Is WPAdverts GDPR compliant?  and What are you doing to make your plugin GDPR compliant? I am wondering why are the website owners so concerned with GDPR? Maybe EU did a great job promoting it, maybe it’s the high penalties or maybe both?

The fact is that these regulations are nothing new. There is already California Online Privacy Protection Act (CalOPPA) which will charge $2,500 for each copy of the non-compliant application and Children’s Online Privacy Protection Act (COPPA) with a penalty of $40,000 per violation. It might not look like much but for multiple violations, this can quickly add up and these are only 2 regulations, there is also Personal Identifiable Information (PII), Federal Trade Commission Fair Information Practices, Can-Spam Act and probably some other regulations from outside EU and US.

Don’t get me wrong I am not saying ignore the regulations and pretend nothing happens. I am saying don’t get too paranoid about it.

GDPR is a good thing!

GDPR is a good thing (compared to stupid cookie law which will be removed soon). If i would have to sum the GDPR in a single sentence … i would copy it from EU website

Protect the rights of people giving you their data.

These regulations give users back control of their own data. What I mean by that is GDPR requires site owners to:

  • The right to be forgotten – Allow users to delete their data at any time. Either directly from the site or by emailing the website owner.
  • The right to take your data with you – Users should be able to export their data. Similarly as above directly from the site or by emailing the website owner.
  • Get clear consent – If you are storing the data for a user you have to get a clear consent. This means that at the end of the form you need the user to accept your privacy policy, terms of service and etc., what is important is that the checkboxes cannot be checked by default.

Using a software you can automate all of these things. If you are using WP 4.9.6 you already have in wp-admin / Tools panel options Export Personal Data and Erase Personal Data. They will take care of points #1 and #2 (although by default the cannot export user Ads, we will be adding this feature soon).

To be compliant with point #3 you just need to make sure no checkbox is checked by default in [adverts_add]. We also prepared a simple GDPR Compliance For WPAdverts code snippet which allows listing Privacy Policy, Terms and Conditions, Cookie Policy and etc. with links to correct pages at the end of [adverts_add].

GDPR Compliance for WPAdverts [adverts_add] shortcode.

Surprisingly, as far as WPAdverts is concerned this is pretty much everything you need. The other part of being compliant with GDPR is having a Privacy Policy which covers the important sections

What does my Privacy Policy need to contain?

The following information should be included in the privacy policy. Note that you should use a language that is easy to understand. Hiring your lawyer to write the Privacy Policy might not be the best idea.

  • Explain who you are. Why are you processing the data, how long will it be stored and who will receive it.
  • Explain how (via email or website update) and when (from 24 hours to 30 days) you will inform the users in case of a data breach.
  • Tell the user which personal data you will be storing.
  • Inform the user if you are collecting their data for legally-binding agreements (like a loan).

I suppose that for most of the readers all this sounds very confusing. Fortunately, there are already GDPR compatible Privacy Policy generators which will allow you to generate a Privacy Policy for your website.

The best (free) generator I found is FreePrivacyPolicy.com, it requires filling a quite lengthy form but the generated policy will be custom tailored to your needs.

Two other I can recommend are TermFeed Privacy Policy Generator and GetTerms Privacy Policy Generator, unfortunately, both of them are paid.

Note that your Privacy Policy should be easily accessible. In most cases, it is best to just put a link to the Privacy Policy page in your website footer.

Tl;Dr; Is WPAdverts GDPR compliant?

For the most part, it is. The only missing part is a “Agree to Privacy Policy” checkbox in [adverts_add] shortcode. The checkbox you can add using GDPR Compliance For WPAdverts snippet linked above or using the Custom Fields extension.

Whatever method you choose make sure the “i agree …” checkbox will link to your detailed and accurate privacy policy. Your privacy policy and how you will handle the user data is key to being compliant, not the plugins you use.

Top Photo by Fernando Arcos from Pexels.

3 Shares