The European Union General Data Protection Regulation GDPR

by Lucas Díaz | Uncategorized

In this article, we’ll explain a little bit what the v is and we’ll give you some tips to be actively compliant with this new regulation in case you collect, store and share EU citizen’s information.

The EU General Data Protection Regulation hereinafter GDPR changed the rules for a lot of people over the internet, and we are not strangers to this. Many companies and online business has been forced to make changes to their structures, products, and activities regarding with the collection of data, which are basically almost every commercial or marketing activity on the internet.

On the GDPR.eu site, we can read the following:

“The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018. The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.

GDPR.eu is provided to you as a helpful resource to quickly find all 99 Articles and 173 Recitals of the Regulation, as well as helpful guides and checklists that walk you through how the Regulation may apply to you. Here you can find the official PDF of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version.”

(Source: https://gdpr.eu/what-is-gdpr/)

As we can read, GDPR is an active way to practice privacy and security of personal data by modifying the organization’s methods of collecting, storing, and sharing the information, with an emphasis on compliance

 

Details:

The GDPR defines a lot of legal terms to refer to the activities of the companies in regard to data collection. The most important ones are the following:

Personal data: Personal data is any information that relates to an individual who can be directly or indirectly identifies. Name and email address. Location information, ethnicity, gender, biometric data, religious beliefs, web cookies, and political standings. Pseudonymous can be considered personal data as well if it’s relatively easy to ID someone from it.

Data processing: Any action performed on data, whether automated or manual. These are: Collecting, recording, organizing, structuring, storing, using, erasing, or, basically, anything you do with the data.

Data subject: The person whose data is processed, these are your customers or site visitors.

Data controller: The person who decides why and how personal data will be processed. If you’re an owner or employee in your organization who handles data, this is you.

Data processor: A third party that processes personal data n behalf of a data controller. The GDPR has special rules for these individuals and organizations. They could include cloud servers or email service providers like Google.

(Source: https://gdpr.eu/what-is-gdpr/)

 

Data protection principles:

If you are a data processor you have to do it accordingly to seven principles:

  1. Lawfulness, fairness, and transparency — Processing must be lawful, fair, and transparent to the data subject.
  2. Purpose limitation — You must process data for the legitimate purposes specified explicitly to the data subject when you collected it.
  3. Data minimization — You should collect and process only as much data as absolutely necessary for the purposes specified.
  4. Accuracy — You must keep personal data accurate and up to date.
  5. Storage limitation — You may only store personally identifying data for as long as necessary for the specified purpose.
  6. Integrity and confidentiality — Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g. by using encryption).
  7. Accountability — The data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.

(source: https://gdpr.eu/what-is-gdpr/)

 

People’s privacy rights

You are a data controller and/or a data processor. But as a person who uses the Internet, you’re also a data subject. The GDPR recognizes a litany of new privacy rights for data subjects, which aim to give individuals more control over the data they loan to organizations. As an organization, it’s important to understand these rights to ensure you are GDPR compliant.

Below is a rundown of data subjects’ privacy rights:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision-making and profiling.

(Source: https://gdpr.eu/what-is-gdpr/)

 

How can affect you:

The GDPR applies when you process EU citizen’s information even if your company is not located in the EU.

The fines for violating the GDPR are pretty high and in accordance with the amount of money your organization generates annually maxing out at €20 million and with a minimum of €10 million.

It’s very easy to violate the terms imposed in this regulation especially if you use third-party software on your sites that you don’t know how it handles the information. For example, if you download a simple plugin to execute a function of displaying something visual if this asset is not stored locally and the request is made to another web, it’s possible for that web to collect all the ID direction of your visitors, as we will see in the next section. It’s that simple to be non-compliant. So to have awareness about this is paramount for medium and small companies.

 

How this affects us on Themekraft.

We have a plugin called TK Google Font which function is to display the Google Fonts on your web. To do this we created an Ajax request to Google to load the asset into the web, and that it’s loaded directly from the Google server in charge of storing the font families and other assets.

When the Ajax request is made Google is able to acquire the IP direction from where the request is being made and also all its visitors, violating the GDPR, by giving information about the user to Google, in this case, the IP direction.

Now, with the premium version of the plugin, this is no the case. With the new GDPR Compliant functionality, the web will download the assets and load them locally instead of from Google so they can’t acquire the IP, nor any other information, of your visitors. Now, the asses are stored in your backend and loaded from there as well, so no request is being made.

You can download TK Google Fonts plugin.

Read the TK Google Fonts documentation.

 

How can we help you with BuddyForms?

Within Buddyforms there is a GDRP Compliance feature for you to add to your forms and get a GDPR Compliant form in an instant, as you can watch our Youtube video BuddyForms – GDPR Compliant WordPress Form Builder.

Whit this function you can have a safe and compliant newsletter subscription form or any other kind of data collecting form you need.

As mention in the video, all the information input into those forms is locally stored and there is no third party involved in it.

You can download BuddyForms plugin.

And you can read the BuddyForms documentation available.

 

Tips:

We can give you some tips so you are GDPR Compliant and ready in case any of your clients, customers, or subscribers demand their information or their right to be forgotten.

  1. First of all, allow people to “positively opt-in” to sharing their information ad to you storing it. People have to take explicit action to allow you to collect and use their data. Have evidence when someone opted-in to you collecting the data, like an email or some other method.
  2. Write a fair processing policy, easy to read and understand and have it in an easily accessible place on your site, or even better, sent it as soon as you have a new email address. In this policy you should state which data are you collecting, how are you collecting it, how are you storing it, how are you using it, why are you collecting the data, and whit whom you’ll share the data.
  3. Have a process for providing the information you have on a person. you have to provide the information in one month’s time and free of charge, according to this new regulation.
  4. Have a process in place to erase all the information you have on a person if they demand it. Remember they have the “Right to Be Forgotten” now. This process should be straight forward and it should be done by someone with technical knowledge and access to the information. Don’t assign this task to someone who is not prepared to do it because the consequences can be fatal for a small or medium-sized company. Basically, make it easy to opt-out
  5. Organize the data as soon as you collect it, so you know which information you have on who and where. this way you’ll never forget, misplace or erase data by mistake.
  6. Store the data in a secure location. If you have a lot of information, and especially if it is sensitive, you better have a secure location, either in a cloud or in a physical place such as your own server or an external hard drive, you should have a protocol in place to access, erase or copy the information.
  7. Record the safety measures you have in place and create a document, written or recorded in video, so every employee of your company is aware of the importance of keeping this information secure and organized.
    Don’t store unnecessary data, not all data is useful for you or your goals, only store the data you may use. For this, you should have a clear vision of your objectives and how to accomplish them.
  8. Finally, make your team aware of the new GDPR laws. If you have a lot of information, especially if it’s sensitive, appoint a Data Protection Officer (DPO), to take care of all the tasks described above. This way you are sure these measures are carried out by someone who is technically prepared to do it. The DPO should read the entire 88 pages document and consult with an attorney.

Thanks for taking the time to read our perspective about this important and interesting subject. Please, if you have doubts about this subject or any of our products or services, reach out to us at [email protected]. We are more than happy to answer all your questions.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

More from the Magazine

What is Web hosting?

Web hosting is a type of service that helps Individuals and big venture to make their website accessible via the internet. Web Hosting is the combination of hardware and software just like CPU which helps any website or its webpage to be live over World Wide Web....

Which Is Better, A Custom Website Design Or WordPress Themes?

Should you opt for a custom website design or a WordPress Theme when it comes to your website?  You’ve already decided that it’s time to get a website for your company, but now you need to choose between a custom design and a WordPress theme?  In this article, we...

Why It’s Easier to Succeed with WordPress than Might Think?

Creating awesome CMS goes a long way, but making sure the content is showcased the most impactful way is the key to your website’s success. Visitors should feel engaged with the content and it should gently nurture them towards the intended objective. To achieve these...

The Importance of Good Product Documentation.

The goal of this blog post is to reflect on the importance of having good documentation available to your users, so they can solve their problems themselves and thus decongest your developer's team in the support inbox. In ThemeKraft we are always trying to develop...

10 reasons why WordPress is the best CMS for SEO

WordPress is the world's most standard content management framework (CMS). Great numerous organizations base their online presence on a WordPress platform, because of its great SEO potential. Since its dispatch in 2003, WordPress has been on the up, so much that it...

How to update WordPress?

WordPress updates are very important, for the reasons we have explained in a previous article and in this article we'll explain the ways you have to update WordPress, but first, we'll tell you what you should do before the updates. We invite you to read this article...

Precautions for updating WordPress

In a previous article, we talked to you about the importance of keeping WordPress up to date, now we want to ask you what are the precautions to update WordPress, in that way you will avoid making mistakes that are serious for the operation of your website. Here are...

The benefits of creating a blog

By knowing the benefits of creating a blog, you will know why you definitely need one. Our intention is that you make the most of the online resources that are at your disposal, so you can achieve your goals. So, keep reading and discover what are those benefits that...

Top 10 Best WordPress Hosts Reviewed & Compared 2020

Do you want to host your WordPress site? Then this is the right blog post to read. This article will show you the Top 10 Best WordPress Hosts Reviewed & Compared 2020. Which WordPress Host you choose will be crucial for SEO, ranking on search engines, and...

Importance of updating WordPress

Knowing the importance of updating WordPress will allow you to stay alert to this important action and always do it on time. Some people think that if their WordPress business has not been updated for so long, and nothing happens, then why to bother with it. However,...
Share This