Simplifying GDPR

Presented by Mike Clay on 05/21/2018 2:00pm

Data Security

In this webinar, we sort through the General Data Protection Regulation (GDPR) requirements, rant about some of the lunacy, and get down with some straight talk about how to make the best of GDPR. It is especially important to note: This is not legal advice. This is GENERAL information only. Every situation is different and you are responsible for seeking and retaining your own legal advice and counsel.

General Data Protection Regulation

GDPR is a European law addressing data privacy for all individuals within the European Union. The law covers any data relating to personally identifiable information (PII).

GDPR covers much more than basic identity information. It includes all of these statistical types of data, which, if collected electronically or otherwise, must be protected from being released or used without consent.

  • name address, ID, Driver's License
  • Web data such as location, IP address, cookie data and RFID tags
  • Health and genetic data
  • Biometric data
  • Racial or ethnic data
  • Political opinions
  • Sexual orientation

GDPR Non-Compliance and Liability

GDPR, if not addressed, can place you and your business at some serious risk and liability... regardless of where you live or do business from. What is Liability? Simply put Liability is any situation where you are responsible by law.

Penalties, fines and legal actions against you can amount to millions of Euros or a percentage of your Global worth (whichever is GREATER)! Interestingly, even if a third party company you use is not compliant then YOU and your business are at risk.

The fines for non-compliance of GDPR are downright scary! But the nightmare does not stop there…

With the GDPR you and your business are liable for protecting personal data. Interestingly, even if you are following all the rules and a third-party company that helps you with that data is unable to comply or has a breach, YOU are liable!

Let’s Not Panic

We must assume that the regulators who drafted GDPR had good intentions. In most cultures, respecting the privacy of individuals is morally right and from a business perspective, you might even agree is good business practice, too. Asking for permission before “borrowing” something is a lesson that should be learned in childhood and can easily be applied in business.

But that doesn’t necessarily mean that GDPR is good regulation. And now that it is being imposed on the rest of the world, there’s no time to re-examine all 99 articles of the regulation. It has become something that we simply must deal with – the best we can.

Does GDPR Apply to You?

Jurisdiction isn’t just about physical location. GDPR applies to any company that:

  1. Have an establishment in the EU
  2. Provide goods or services to EU residents,
  3. Monitor the behavior of EU residents.

It’s the last element of collecting data to monitor the behavior of EU residents that is causing the GDPR to have a worldwide impact on how internet businesses can conduct their business.

So, if you process data that is capable of identifying an individual (including cookies and IP addresses) wholly or partly through automated means or manually as part of a filing system, then GDPR applies to you!

GDPR Data Collecting Considerations

  • Has the Data Subject Given Consent?
  • Do you need the Data to perform what you say you are doing?
  • Can this be achieved in a way that the data is not needed?

Third-Party Transfer of GDPR Data

Are you using

  • Facebook Tracking Pixel
  • Google Analytics
  • Freshbooks – Sensitive Data
  • Active Campaigns

Third-party transfer information needs to be revealed in your Privacy Policy

3 GDPR Compliancy Documents

There are three primary pieces of documentation that you must have to begin to get your business GDPR compliant.

  1. Privacy Policy
  2. Terms and Conditions
  3. Cookie Policy

The Privacy Policy

  • Intro – Covers what the policy covers (Site URL, company name)
  • What Data Do we collect, Why We collect it, and how we use it
  • Sensitive Data Section
  • How we collect Data
  • How we communicate
  • Disclosure of Personal Data (3rd parties we share with and why)
  • Data Retention – how long will we keep your data
  • Your Legal Rights
  • Cookie Use

Terms and Conditions

Term documentation can be known as:

  • terms and conditions (T&C)
  • terms of use (ToU)
  • terms of service (TOS or ToS)

Terms are the rules by which one must agree to abide in order to use a service or website.

The Terms of Service Agreement is mainly used for legal purposes by companies which provide software or services, such as browsers, e-commerce, search engines, social media, etc.

A legitimate terms-of-service agreement is legally binding and may be subject to change. Companies can enforce the terms by refusing service.

A terms agreement typically contains sections pertaining to one or more of the following topics:

  • Disambiguation/definition of keywords and phrases
  • User rights and responsibilities
    • Proper or expected usage; definition of misuse
    • Accountability for online actions, behavior, and conduct
    • Privacy policy outlining the use of personal data
    • Payment details such as membership or subscription fees, etc.
    • Opt-out policy describing the procedure for account termination, if available
    • Arbitration detailing the dispute resolution process and limited rights to take a claim to court
  • Disclaimer/Limitation of Liability clarifying the site’s legal liability for damages incurred by users
  • User notification upon modification of terms, if offered

The Cookie Policy

  • Define a Cookie
  • How we use cookies

CONSENT popup needed ONLY if you use cookies that track data that can be used to ID the individual – and ONLY to EU traffic. This is the element that if implemented unnecessarily will result in a potential 80% loss of revenue.

Tools for Becoming GDPR Compliant

As it is with most things, GDPR is something you can take the time to do yourself. One of the easiest ways that you can do it yourself is with the help of Plugins designed to assist WordPress website owners.

Disclaimer: Using GDPR WordPress plugins will NOT guarantee compliance to GDPR – no plugin is going to accept that legal liability. The plugins are only designed to provide general information and tools to assist you in reaching compliance. They are NOT meant to serve as complete compliance package. Compliance with GDPR is a risk-based process that is ongoing and will involve your whole business moving forward.

Free WordPress GDPR Plugin Options

Right now there are only about 5 free WordPress plugins available that deal with GDPR which we have listed in the Plugins Resource section below.

One of them, in particular, stood out only because it actually matched another resource link. Combining the plugin and the guide could provide a working plan laid out in a system to follow and help you reach your GDPR compliance.

Easy to use tools to help make your website GDPR-compliant. Fully documented, extendable and developer-friendly.

 

For those of us in the United States and not targeting EU residents with our services and products, it would seem one of the simplest options might be to block EU users from visiting our sites.

With many smaller freelancing companies already struggling to survive, implementing a law which does not apply to 100% of our target markets may not be the responsible business decision. Sure, we could just get the consent for anyone that visits, but sadly, the initial statistics that have returned reveal an 80% loss of potential sales in doing so. That is not a healthy business decision at all.

For those of us that do have EU visitors and to become compliant with the GDPR, it would be ideal to limit the strict GDPR limitations to those that it is required for. This means ensuring we will be able to acquire the required consent from those EU residents.

So how can we apply the law and keep our businesses running without losing 80% of our future sales?

WordPress core may eventually add additional built-in GDPR tools as it continues to evolve but we don’t expect to see anything like that until the law has some time to be implemented and the unknowns and repercussions of enforcement start to appear.

Unfortunately, during our research, we also found that none of the free Plugin options offered geo-location segmentation.

Premium WordPress GDPR Plugin Option

Affiliate Link Disclosure StatementThere is one plugin that we found that seems to provide the best combination of current options to assist you in getting set up to comply with GDPR quickly. It is called WP GDPR Fix.

Why do we like this plugin in comparison to the others?

  • It works with WordPress – all standard or customized installations including e-commerce stores.
  • It installs and configures in less than 3 minutes for faster GDPR compliance.
  • It ensures your EU visitors are briefed about your cookie policy fulfilling the Cookie policy compliance.
  • It gets your visitors consent to your Terms and Conditions fulfilling the T&C policy compliance.
  • It creates consent requirement for your privacy policy fulfilling the Privacy policy compliance.
  • It lets you delete user data manually fulfilling the Right to forget compliance.
  • You can set it to refuse to accept EU traffic on your site (Built into the plugin) And this one may just hold the most weight for many freelancers in the US.

Note: Although this product is sold through JVZoo and is part of a sales funnel with 8 other products offered as cross-sell and upsell offers during your purchase process it does not negate the effectiveness that this particular product can offer alone.

We are aware of at least 2 OwnWP members that have purchased this product for their own use.

WP GDPR Fix ensures compliance with 7 Key GDPR Requirements

  1. Cookie Consent
  2. T&C Acceptance
  3. Privacy Policy
  4. Right to be forgotten
  5. Data Access
  6. Data Breach Notification
  7. Data Rectification

Get WP GDPR Fix

GDPR Compliance Plan

  1. Conduct a Risk Assessment: Inventory all platforms and tools you use that:
    • collect,
    • process,
    • store data about your clients, customers, (and team members).
  2. Have a lawyer-drafted contract and the contract clearly details data collection & processing.
  3. Ask your attorney to review your existing third-party vendor contracts for GDPR compliance.
  4. Update indemnity clauses and liability waiver clauses.
  5. Update your Privacy and Data Collection Policies.
    • Decide if you want to have EEA based visitors or EEA based subscribers
    • Inform current and future EU based customers of their rights under GDPR.
  6. Limit collection of sensitive data.
  7. Set up a process for ongoing compliance monitoring.
    • Test Incident Response plans
    • Report breaches within 24 hours
  8. Consider purchasing data breach insurance

It is up to YOU to make the decisions as to how to handle GDPR within your business. Data protection is a good thing, we just need to find the path to protection without destroying technological advancement and profitable businesses for freelancers.

Helpful GDPR Resources

The Guide to the GDPR explains the provisions of the GDPR to help organisations comply with its requirements. It is for those who have day-to-day responsibility for data protection.
Overview of the right to protection of personal data, reform of rules and the data protection regulation and directive.

GDPR WordPress Plugins

 

EU’s GDPR regulation applies to everyone. Even bloggers. Are you ready for GDPR? This plugin will help you be more compliant.
This plugin assists website owners to comply with European privacy regulations (GDPR). By May 24th, 2018 you have to comply to avoid large fines.
This plugin is meant to assist with the GDPR obligations of a Data processor and Controller.
Easy to use tools to help make your website GDPR-compliant. Fully documented, extendable and developer-friendly.
Make your website GDPR compliant and automate the process of handling personal data while integrating with plugins.
GDPR is an EU wide legislation that specifies how user data should be handled. This plugin has settings that can assist you with GDPR cookie complianc ?

 

Presenter Bio: Mike Clay

Mike Clay is a Digital Marketing Consultant. Mike founded Clay Digital Consulting - an Atlanta based firm of Marketing Consultants, in 2013. His team is highly trained in Digital Marketing and Branding. With skills ranging from graphics design to Neuro-Marketing, they push the limits to the cutting edge and work to be the innovators in the Digital Marketing industry.

×

Connect. Network. Thrive! - 24 / 7 / 365 Request Slack Invite!

s2Member®