May 25th is a big date for the data collection world, particularly for companies that have any European Union visitors to their site. GDPR (General Data Protection Regulation) is the new law that protects European Union users from unauthorized collection of their information. All sites that collect data from European visitors will require explicit consent. So you need to make sure that when a user fills out a form that they know their information is being collected and that they must check a box acknowledging that their information will be collected before any action is taken. Also, these user may request their collected data and have it removed from your database.
Do I need to be GDPR Complaint?
It depends. But being GDPR compliant wouldn’t hurt your business.
Business owners collect this data in many ways: Contact Form; Newsletter Sign Up; Cookies; Online Sales; etc. BKC often uses Gravity Forms, Woocommerce, or other plugins that will collect user data and store it on your servers.
How do I become GDPR Compliant?
For contact forms and email signups, the easiest way to comply with this law is to add a required checkbox that explicitly states that the user knows their information is being collected. Gravity Forms suggests something like this: “I consent to my submitted data being collected and stored”.
But this only covers one part.
The second part of being compliant is allowing users to see their data and request that it be deleted. The user will have to file a Subject Access Request (SAR) which is basically a note by email, fax or letter. The business will have within 30 days to comply with the request or file an extension of an extra two months if the requests are complex or numerous.
A business may provide the data electronically, through email, or you may create a portal where a user could sign in and access their info whenever they choose.
DIY
For those of you who want to do it yourself, here are links to terms a plugin that can help:
GetTerms.io
Terms of Service & Privacy Policy generator. I recommend using their comprehensive plan.
Iubenda
This is another Terms of Service & Privacy Policy generator. The advantage with this one is that you only have to manage it in one place. It can generate the terms in multiple languages, automatically update legal info based changing laws or better communication, and is created by a legal team.
WP GDPR
This will help you be compliant with comments on your site and generates a data request page along with a form for users wishing to retrieve their data from your site. If you use Gravity Forms, Contact Forms 7, and/or WooCommerce, they have an add-on that will allow users to access and delete data.
Gravity View
This is a simple plugin that will allow you to display user information if they request it.
If you use a plugin to generate forms, just remember to add required checkbox fields that explicitly state that you are storing your user’s data.
Do I have to do this by myself?
Even though there are plugins that can help you become compliant, we understand that setting them up might be a challenge. We know how your website works and will do our best to cover the obvious bases. But depending on your business, you should consult a lawyer to make sure that your compliance is air tight. We will implement any additional requirements coming from your legal team.