Starting 25 May 2018 all companies that process personal data of EU citizens are obliged to be GDPR compliant, this document serves as a guideline on how to make your clients GDPR aware.
What is GDPR?
GDPR wants to address the new ways of exploiting personal data through the internet and cloud technology. It also wants to give businesses a clearer legal environment in which to operate throughout the EU.
The GDPR introduces new accountability obligations, stronger rights and restrictions on international data flows. It gives people more say over what companies can do with their data.
The data that is protected by this regulation is all information about an identified or identifiable person. This can be his name, address, e-mail, but also a cookie, photo or ip-address. When you can use the data to find out who the person is, it is personal data and therefore protected by the GDPR. An organisation must do everything in its power to secure the data and have required procedures in place.
No panic! Just be aware and work towards being compliant
What can I do for my client?
Check with your client whether he collects and stores personal data. When he stores the data you need to make your client GDPR aware.
Your clients needs to understand the changes in collecting, storing and managing personal data and what they need to do in order to keep this data safe. The new regulation attaches great importance to transparency and holds companies responsible for safeguarding the collection, use and storage of individuals’ personal data. Personal data must be processed fairly and accurately, and can not be kept longer than necessary.
Companies are advised to ensure that they have detailed procedures to detect, report and investigate a personal data breach.
Use this roadmap to make your clients website GDPR Ready or use it as a plan to make your client GDPR aware :
- Audit his data: Find out what personal data is already held. Check for adequate consent. If not, delete the data or ask for consent. Keep in mind that pre-ticked boxes and soft opt-ins no longer count with GDPR. Show that you are doing your best to protect the personal information of individuals and minimize the chance that it will end up in the wrong hands.
- Update consent boxes: Create opt-in boxes to ask consent to store personal data. Explain very clearly why this data will be collected, how and for how long the data will be kept for. Start campaigns that will run to get people to opt-in again.
- Know your visitors rights: Make sure a visitor can view, edit, download and delete his personal data. Use our core plugin our on of our addon’s to help your clients with this step.
- Prepare for a data breach: Ensure the correct procedures are in place to detect and report loss or theft of personal data.
- Keep personal data safe: Make sure the data is kept on a secure server. When the data is also mailed or can be exported, make sure the person getting this info knows GDPR and keep a policy for this offline data.
- Appoint someone to own GDPR: Regardless of whether your client needs one, have someone take ownership of GDPR.
If you have any questions regarding GDPR just ask your question through our live chat support.
After releasing our first add-on (Gravity Forms integration) for the WP-GDPR core plugin it’s time to expand integrations to other plugins in the WordPress plugins directory.
One of the most used plugins is Contact Form 7. This plugin doesn’t store any data that’s send through the forms but CFDB7 hooks into Contact Form 7 to store that data.
Since this plugin is commonly used, we started to develop an add-on ( WP GDPR CFDB7 add-on) to make all features from the WP GDPR core available for Contact Form 7 entries.
We expect this add-on to be released this month.
You probably have noticed the many updates we released in the past week.
We are happy to announce the first add-on to the WP-GDPR core plugin.
When you use Gravity Forms in your WordPress website, all entries are stored in the database. According to the GDPR a visitor must be able to manage his/her personal data. With this add-on we add the Gravity Forms entries to the personal data overview.
When you request to delete an entry, according to the GDPR, the website admin can handle this analogue to the workflow of the WP-GDPR core plugin.
We released a first version of the WP-GDPR-core plugin through the WordPress Plugins directory.
Don’t hesitate to download and install the plugin.
We’re looking forward to your feedback! (and reviews of course!)
If you have any question or remark on the WP-GDPR plugin, please put it on the support forum
We plan to add some extra features and updates to the interface soon.
Since 25th of May is there soon, we’ll try to keep up the pace and will release on a regular basis.