Presented by Mike Clay on 05/21/2018 2:00pm
In this webinar, we sort through the General Data Protection Regulation (GDPR) requirements, rant about some of the lunacy, and get down with some straight talk about how to make the best of GDPR. It is especially important to note: This is not legal advice. This is GENERAL information only. Every situation is different and you are responsible for seeking and retaining your own legal advice and counsel.
General Data Protection Regulation
GDPR is a European law addressing data privacy for all individuals within the European Union. The law covers any data relating to personally identifiable information (PII).
GDPR covers much more than basic identity information. It includes all of these statistical types of data, which, if collected electronically or otherwise, must be protected from being released or used without consent.
- name address, ID, Driver's License
- Web data such as location, IP address, cookie data and RFID tags
- Health and genetic data
- Biometric data
- Racial or ethnic data
- Political opinions
- Sexual orientation
GDPR Non-Compliance and Liability
GDPR, if not addressed, can place you and your business at some serious risk and liability... regardless of where you live or do business from. What is Liability? Simply put Liability is any situation where you are responsible by law.
Penalties, fines and legal actions against you can amount to millions of Euros or a percentage of your Global worth (whichever is GREATER)! Interestingly, even if a third party company you use is not compliant then YOU and your business are at risk.
The fines for non-compliance of GDPR are downright scary! But the nightmare does not stop there…
With the GDPR you and your business are liable for protecting personal data. Interestingly, even if you are following all the rules and a third-party company that helps you with that data is unable to comply or has a breach, YOU are liable!
Let’s Not Panic
We must assume that the regulators who drafted GDPR had good intentions. In most cultures, respecting the privacy of individuals is morally right and from a business perspective, you might even agree is good business practice, too. Asking for permission before “borrowing” something is a lesson that should be learned in childhood and can easily be applied in business.
But that doesn’t necessarily mean that GDPR is good regulation. And now that it is being imposed on the rest of the world, there’s no time to re-examine all 99 articles of the regulation. It has become something that we simply must deal with – the best we can.
Does GDPR Apply to You?
Jurisdiction isn’t just about physical location. GDPR applies to any company that:
- Have an establishment in the EU
- Provide goods or services to EU residents,
- Monitor the behavior of EU residents.
It’s the last element of collecting data to monitor the behavior of EU residents that is causing the GDPR to have a worldwide impact on how internet businesses can conduct their business.
So, if you process data that is capable of identifying an individual (including cookies and IP addresses) wholly or partly through automated means or manually as part of a filing system, then GDPR applies to you!
GDPR Data Collecting Considerations
- Has the Data Subject Given Consent?
- Do you need the Data to perform what you say you are doing?
- Can this be achieved in a way that the data is not needed?
Third-Party Transfer of GDPR Data
Are you using
- Facebook Tracking Pixel
- Google Analytics
- Freshbooks – Sensitive Data
- Active Campaigns
3 GDPR Compliancy Documents
There are three primary pieces of documentation that you must have to begin to get your business GDPR compliant.
- Terms and Conditions
- Intro – Covers what the policy covers (Site URL, company name)
- What Data Do we collect, Why We collect it, and how we use it
- Sensitive Data Section
- How we collect Data
- How we communicate
- Disclosure of Personal Data (3rd parties we share with and why)
- Data Retention – how long will we keep your data
- Your Legal Rights
- Cookie Use
Terms and Conditions
Term documentation can be known as:
- terms and conditions (T&C)
- terms of service (TOS or ToS)
Terms are the rules by which one must agree to abide in order to use a service or website.
The Terms of Service Agreement is mainly used for legal purposes by companies which provide software or services, such as browsers, e-commerce, search engines, social media, etc.
A legitimate terms-of-service agreement is legally binding and may be subject to change. Companies can enforce the terms by refusing service.
A terms agreement typically contains sections pertaining to one or more of the following topics:
- Disambiguation/definition of keywords and phrases
- User rights and responsibilities
- Proper or expected usage; definition of misuse
- Accountability for online actions, behavior, and conduct
- Payment details such as membership or subscription fees, etc.
- Opt-out policy describing the procedure for account termination, if available
- Arbitration detailing the dispute resolution process and limited rights to take a claim to court
- Disclaimer/Limitation of Liability clarifying the site’s legal liability for damages incurred by users
- User notification upon modification of terms, if offered
- Define a Cookie
Tools for Becoming GDPR Compliant
As it is with most things, GDPR is something you can take the time to do yourself. One of the easiest ways that you can do it yourself is with the help of Plugins designed to assist WordPress website owners.
Disclaimer: Using GDPR WordPress plugins will NOT guarantee compliance to GDPR – no plugin is going to accept that legal liability. The plugins are only designed to provide general information and tools to assist you in reaching compliance. They are NOT meant to serve as complete compliance package. Compliance with GDPR is a risk-based process that is ongoing and will involve your whole business moving forward.
Free WordPress GDPR Plugin Options
Right now there are only about 5 free WordPress plugins available that deal with GDPR which we have listed in the Plugins Resource section below.
One of them, in particular, stood out only because it actually matched another resource link. Combining the plugin and the guide could provide a working plan laid out in a system to follow and help you reach your GDPR compliance.
For those of us in the United States and not targeting EU residents with our services and products, it would seem one of the simplest options might be to block EU users from visiting our sites.
With many smaller freelancing companies already struggling to survive, implementing a law which does not apply to 100% of our target markets may not be the responsible business decision. Sure, we could just get the consent for anyone that visits, but sadly, the initial statistics that have returned reveal an 80% loss of potential sales in doing so. That is not a healthy business decision at all.
For those of us that do have EU visitors and to become compliant with the GDPR, it would be ideal to limit the strict GDPR limitations to those that it is required for. This means ensuring we will be able to acquire the required consent from those EU residents.
So how can we apply the law and keep our businesses running without losing 80% of our future sales?
WordPress core may eventually add additional built-in GDPR tools as it continues to evolve but we don’t expect to see anything like that until the law has some time to be implemented and the unknowns and repercussions of enforcement start to appear.
Unfortunately, during our research, we also found that none of the free Plugin options offered geo-location segmentation.
Premium WordPress GDPR Plugin Option
There is one plugin that we found that seems to provide the best combination of current options to assist you in getting set up to comply with GDPR quickly. It is called WP GDPR Fix.
- It works with WordPress – all standard or customized installations including e-commerce stores.
- It installs and configures in less than 3 minutes for faster GDPR compliance.
- It gets your visitors consent to your Terms and Conditions fulfilling the T&C policy compliance.
- It lets you delete user data manually fulfilling the Right to forget compliance.
- You can set it to refuse to accept EU traffic on your site (Built into the plugin) And this one may just hold the most weight for many freelancers in the US.
Note: Although this product is sold through JVZoo and is part of a sales funnel with 8 other products offered as cross-sell and upsell offers during your purchase process it does not negate the effectiveness that this particular product can offer alone.
We are aware of at least 2 OwnWP members that have purchased this product for their own use.
WP GDPR Fix ensures compliance with 7 Key GDPR Requirements
- Cookie Consent
- T&C Acceptance
- Right to be forgotten
- Data Access
- Data Breach Notification
- Data Rectification
GDPR Compliance Plan
- Conduct a Risk Assessment: Inventory all platforms and tools you use that:
- store data about your clients, customers, (and team members).
- Have a lawyer-drafted contract and the contract clearly details data collection & processing.
- Ask your attorney to review your existing third-party vendor contracts for GDPR compliance.
- Update indemnity clauses and liability waiver clauses.
- Update your Privacy and Data Collection Policies.
- Decide if you want to have EEA based visitors or EEA based subscribers
- Inform current and future EU based customers of their rights under GDPR.
- Limit collection of sensitive data.
- Set up a process for ongoing compliance monitoring.
- Test Incident Response plans
- Report breaches within 24 hours
- Consider purchasing data breach insurance
It is up to YOU to make the decisions as to how to handle GDPR within your business. Data protection is a good thing, we just need to find the path to protection without destroying technological advancement and profitable businesses for freelancers.
Helpful GDPR Resources
GDPR WordPress Plugins
Presenter Bio: Mike Clay
Mike Clay is a Digital Marketing Consultant. Mike founded Clay Digital Consulting - an Atlanta based firm of Marketing Consultants, in 2013. His team is highly trained in Digital Marketing and Branding. With skills ranging from graphics design to Neuro-Marketing, they push the limits to the cutting edge and work to be the innovators in the Digital Marketing industry.