The EU GDPR (General Data Protection Regulation) regulates data protection law across all 28 EU countries. Whereby, it imposes strict new rules on controlling and processing personally identifiable information (PII).
Bearing in mind, almost 60,000 Data Breaches (such as Facebook Data Breach and Yahoo Security Breach) are reported under GDPR. It also extends the protection of personal data and data protection rights by giving control back to EU residents.
In general, the EU GDPR replaced the 1995 EU Data Protection Directive and went into force on May 25, 2018. Additionally, it also replaced the 1998 UK Data Protection Act. However, the General Data Protection Regulation (GDPR) regulates data protection law across all 28 EU countries.
The General Data Protection Regulation (GDPR) comes into force today. Hence, its the biggest shakeup to data protection rules in decades.
Forcing companies to make significant changes to ensure GDPR compliance. By reshaping the way they approach data privacy. Online organizations (like jmexclusives) face the daunting task of restructuring all of the personal data they possess in a way by erasing, rectifying and accessing.
While adhering to robust security standards. Failure to do so threatens maximum fines of €20m or 4% of global annual turnover, whichever is higher. For some of the world’s largest companies, those fines could run into the billions.
What is the GDPR?
The EU’s move to enact the General Data Protection Regulation comes in response to an increasing number of highly publicized data breaches. Such as the most recent Facebook Data Breach and Yahoo Security Breach. And also, the misuse of personal information on several high profile retail, financial and social media sites.
The goal of the new EU legislation is to give EU citizens more control over when and how their personal data is used by online entities, but it also has the far-reaching effect of requiring all websites, no matter where they are based, to take a tougher stand on managing the privacy and safety of users’ personal data.
As stated, the GDPR mission is to help EU citizens protect their online data. Simply, because we’re living and doing business in a global marketplace in which a website can have visitors from all over the world.
The regulation effectively applies to all website owners, everywhere, that an EU citizen could potentially visit – not just to sites owned by companies located within the EU.
Why is GDPR important?
In reality, penalties for non-compliance with the GDPR can be stiff. But, first-time violators receive a warning and then after that comes a reprimand. So to say, if problems aren’t addressed, the site is slapped with a suspension of all its data processing activities.
And if that isn’t enough, stiff fines are imposed – up to 4 percent of a company’s annual global revenue, or 20 million euros, whichever is greater. The EU means business, so businesses need to protect themselves.
On the contrary, the GDPR does not prohibit sites from collecting and using visitor data. But, it does require them to give users clear and explicit control over how they do so. All in all, the GDPR covers actions that involve the collecting and managing of user information.
The General Data Protection Regulation (GDPR) Requirements Include;
- Email, physical, or IP addresses
- Financial information
- Health information
- Demographic information such as age, ethnicity, or gender identity
Until the GDPR took effect, many sites relied on “implied consent,” – that is, by the act of using the site in any way. In that case, you were consenting to allow the site to store and use your personal data for its own purposes.
Now, websites that collect any of these kinds of data need to get users’ explicit consent via a positive opt-in, such as a checkbox, and to inform them clearly how their data will be used.
What is Implied Consent?
Until the General Data Protection Regulation (GDPR) era, implied or assumed consent is an assumption of permission to do something that is inferred from an individual’s actions. Rather than what is explicitly provided.
In the context of commercial texting, for example, implied consent may be assumed by the senders. Simply, because the recipient purchased a product from the sender’s website.
Or even volunteered with the sender’s charitable organization recently. Implied consent is a fairly broadly-applied legal concept.
Here are a few examples in other contexts:
- Drivers are assumed to consent to blood alcohol testing. The inference is that the driver understands that driving under the influence is illegal and that they may be subject to testing.
- If an individual roll up their sleeve for an injection or to have their blood pressure tested, they are assumed to have given consent and have no legal grounds to claim it was done against their will.
- In court, if an individual fails to object to a line of questioning within a reasonable time span, implied consent is assumed and they will not be able to object to it in the future.
Implied consent contrasts with express consent, which is explicit verbal or written permission. Anti-spam regulations, such as CAN-SPAM and CASL, differentiate between implied consent and express consent.
As a rule, email senders have much greater latitude if recipients have explicitly consented to receive their mailings. Read also more about permission marketing, opt-in email, and unsolicited bulk email (UBE).
How does GDPR establish User-based Rights?
The GDPR also clearly establishes users’ rights to their own data. Along with clearly stating how, why, and where the site stores and uses data, websites must allow users to download the information the site is holding, and to request to have it deleted at any time.
For example, if you had subscribed to a particular site’s newsletter, but then closed your account, you must be able to have access to your information stored on the site and to ask the site to remove it as soon as possible.
Finally, the GDPR requires websites to inform authorities of any data breaches within 72 hours. And to immediately notify affected users that their personal information could be compromised. In past incidents. Such as a recent breach at Yahoo, users were not notified that a data breach had happened until well after the fact.
The provisions of the GDPR have website owners around the world worried – and because there are so many different ways in which information is exchanged, it can be easy to miss a crucial step and fall into noncompliance.
But, with new features in its latest version and a number of plugins with GDPR friendly tools, WordPress offers users a variety of ways to make a site GDPR compliant.
How is WordPress GDPR Compliance?
The new WordPress 5.3 Update expands and refines the block editor introduced in WordPress 5.0. With a new WordPress block editor, more intuitive interactions, and improved accessibility.
New features in the block editor increase design freedoms, provide additional layout options and style variations. Eventually, allowing designers to complete control over the look of a site.
This release also introduces the Twenty Twenty WordPress Theme giving the user more design flexibility and integration with the block editor. In the end, creating beautiful web pages and advanced layouts.
Not to mention, the latest version of WordPress 5.3, was released not long after EU GDPR privacy laws came into place. And includes several enhancements built into the source code for making WordPress sites GDPR compliant.
By all means, the WP AutoTerms plugin helps you with a wide range of legal requirements your WordPress website that might be required to keep up with. Such as the GDPR law or the requirement to have a disclosure for affiliate links.
You can simply Download WP AutoTerms plugin before you learn How WordPress is GDPR Compliance below;
1. Positive Opt-Ins for Commenting
WordPress comment options typically require users to register, leave an email address, or take similar action in order to validate the comment.
Now, each new comment text box includes a positive opt-in – a box users must check to allow the site to collect and store that information.
Site runners can edit these templates and add any other information that is relevant to their particular sites.
3. Data Management Features
To give users control over their data, WordPress also includes an “Export Personal Data” feature that can be accessed from the Tools tab on the site’s Admin dashboard.
This tool allows you to make user data available for download, or to delete it entirely, at a user’s request.
3. More Plugin Options
The new privacy features included in WordPress itself offer basic options for handling user data. But, depending on their nature, individual sites may need other tools, as well.
To meet those specific needs, a number of popular WordPress plugins (like WP AutoTerms) have added GDPR compliant features to plugins. Such as contact and subscription form creators, statistics and analytics trackers, shopping carts and payment portals, and email marketing managers.
For most sites, this is all that is really necessary in order to comply with GDPR, but sites that handle large volumes of information. Especially, sensitive data like personal health information may need more tools in order to be fully protected.
How Effective is EU GDPR compliance?
One of the effects of GDPR is driving innovation in artificial intelligence to provide solutions.
IBM, for example, has developed a programmed system that uses a type of AI known as cognitive computing. This helps to scan data caches and index findings. It then automatically completes tasks such as user data requests, which is now permissible under the new legislation.
AI programs can also save companies by programming the discovery of sensitive data. And risk analysis so as to address any gaps in compliance. GDPR makes direct reference to automation. Stating that an individual has the right to know when and how to makes decisions when processing their data.
This is to ensure they have robust security in place under GDPR organizations. In addition, report certain types of data breaches to the relevant supervisory authority within 72 hours. One of the effects of GDPR is driving innovation in artificial intelligence to provide solutions.
For instance, IBM has developed a programmed system that uses a type of AI known as the IBM cognitive computing.
What are the EU Non- Compliance fees?
Fines for noncompliance are large. They can be as high as €20 million or 4% of a company’s total global revenue, whichever is larger. This is the maximum fine for the most serious violations. For instance, not having sufficient customer consent to process data or violating core Privacy by Design concepts.
However, there is a class approach to fines. For example, a company faces a 2% fine for not having their records in order. Failure to notify the supervising authority and data subject about a breach. Or not conduct an impact assessment. It is important to note that these rules apply to both controllers and processors.
For example, Egnyte helps customers achieve GDPR compliance by placing industry-leading, content creation, and data governance at the core of their strategy. Our SaaS solution shows exactly where data resides across a network. Identifies personal/private and sensitive data, and reports information efficiently.
As can be seen, the GDPR compliance is a way to protect EU Citizens. Especially, from online identity theft and other threats. But, thanks to the global nature of the internet. Whereby, it also indirectly extends those same protections to everyone who does business online.
Today, making your website compliant for General Data Protection Regulation is a must, and WordPress has the tools you need. As well as providing extra data security to individuals. That was a subject of considerable attention in the wake of the Cambridge Analytica scandal.
GDPR creates opportunities for technology companies to provide services that simplify and secure data management. Technology may have created the need for GDPR, but many see it as the solution. There are many essential items in the regulation, including an increase in fines.
As a result, breach notifications, as well as Opt-in consent and responsibility for data transfer outside the EU impacts businesses huge.
This question originally appeared on Quora – the place to gain and share knowledge. Empowering people to learn from others and better understand the world. You can follow Quora on Twitter, Facebook, and Google+. More questions:
Having said that, I hope the above-revised guide was helpful. After all, you can Contact Us if you have more contributions, suggestions, recommendations or even questions in regards to the above profile guide or other related blog posts.
In addition, you can leave your insights and inputs in the comments box below this blog. As well as make use of the following links to find more related and useful topics.
- What is Social Warfare?
- What is the Envato Marketplace?
- Why is Video Marketing important?
- When is the End Support for Windows 7?
- How is AMP Plugin for WordPress useful?