GDPR wants to address the new ways of exploiting personal data through the internet and cloud technology. It also wants to give businesses a clearer legal environment in which to operate throughout the EU.
The GDPR introduces new accountability obligations, stronger rights and restrictions on international data flows. It gives people more say over what companies can do with their data.
The data that is protected by this regulation is all information about an identified or identifiable person. This can be his name, address, e-mail, but also a cookie, photo or ip-address. When you can use the data to find out who the person is, it is personal data and therefore protected by the GDPR.
A lot of WordPress websites collect data through all kinds of forms.
When you want to store this data you need to have demonstrable permission from the person to collect his data and he needs to have the ability to view his stored data (Art. 15 GDPR – Right of access by the data subject), adapt (Art. 16 GDPRRight to rectification), request to delete (Art. 17 GDPRRight to erasure (‘right to be forgotten’) and transfer (Art. 20 GDPRRight to data portability) it.
Read the full regulation: https://gdpr-info.eu/
But what do you need to do in order to be compliant?
- You need to ask for consent to store the data.
- Make user data accessible through the frontend or have a channel where users can request access.
- Let users update their personal data.
- Let users remove their personal data.
- Let users download their personal data.
We are creating a plugin to handle these features.