The General Data Protection Regulation is or GDPR have a lot of people running since May 25 of this year. The application of this law, despite having occurred in the European Union, affects all web pages due to the traffic they can receive from anywhere in the world. The most important thing about this norm is that the user must have available all the possible data on the activities that are carried out with the information that users leave in the web pages.
In summary, being explicit and transparent is the basis of all the actions you perform on the web and refer to the collection of data by users, who not only must know what is done with their data but must also state your consent so you can store them. You must also store the proof of consent, in case you need it in the future. Users must be able to access their own data to download, modify or delete them; They must also be informed with total transparency if a leak of said data occurs.
Fortunately, many of the most famous WordPress plugins have already made modifications related to the GDPR and it’s becoming easier to make your WordPress up to date. Let’s see what details you should take into account and modify on your own.
With an opt-in, users of a website, platform or application express their desire to subscribe or register, that is, to submit their data to said platform. With an opt-out, users say they want to stop belonging to the database of a platform, stop receiving updates, etc.
What happens with the opt-ins under the implementation of this law is that the user must explicitly state that he does want to subscribe to a newsletter when registering on a page. Generally, the “Yes, I wish to subscribe to the email list” box is selected, under this new law, it shouldn’t be.
Any type of automatic subscription to threads of comments or interactions that aren’t at the initiative of the user must be eliminated. Basically, no subscription or contact with the customer should be predetermined.
The RGPD requires you to add a message to the recipient about why you are receiving that email, the confidentiality terms that you will follow for your data and the possibility of unsubscribing from the mailing list.
Advise yourself correctly to know what variations the terms may have according to the country and what third-party applications you must mention within the terms so that all the information is completely transparent.
The terms of service must also be deeply detailed. You must add information on how to request and download a complete record of all the data you have about the user, how they can erase your data completely, how they will be informed if any type of information leak occurs and how long you will retain that data.
This document will help you to leave in writing the rights and licenses of the content of your web page, with the data of the owner of said contents. If you have other authors or owners of the content, you must also make explicit and indicate the conditions of such content. You can also indicate the contact procedures that a user must follow in the case of a conflict or suggestion.
Do you need so much information?
Have you encountered applications that request permissions to access information that technically shouldn’t need? With the GDPR you will have to inform the users why you need every detail of their data, so think very carefully about these details since you will not be able to accumulate data “just in case”.
Are they going to punish you?
Failure to comply with the RGPD can result in very harmful penalties such as 4% of your billing and fines of up to 20 million euros. There probably will not be a hunt for websites that don’t comply with this rule, but in the case of a complaint or claim, it’s better to protect yourself. In addition, we like professional work, so ethics must be maintained.