Everyone is getting privacy emails in response to the EU (European Union) enacting GDPR (General Data Protection Regulation) for websites. It may feel like a “house on fire” when you also start hearing fearful proclamations about getting your own website in compliance. So let’s take a deep breath and address the reality.
Why Website Privacy Laws?
The Internet has been mostly unregulated for the past 20+ years. There has been tremendous growth in companies. 60 Minutes did a segment last week titled “How Did Google Get So Big” (see https://www.cbsnews.com/news/how-did-google-get-so-big/). The Facebook relationship with Cambridge Analytica and the transfer of users’ personal data also brought attention to website privacy. The internet is now a booming industry used by just about everyone, so regulation is on the horizon.
A few months ago website owners were scurrying to obtain SSL certificates for their websites and make them look more favorable to users and the Google search. SSL not only changes your website from HTTP to HTTPS but it also offers a level of protection to the web visitor… the consumer.
So now the EU has stepped in with laws that require disclosure of how websites deal with personal data. Again, this is for the web visitor… the consumer. It offers a means of understanding if their personal data is being collected and how it’s being used.
I Don’t Live in Europe — Why Does GDPR Apply to My Website?
Companies are stepping up to the new EU regulations in the US in the form of adopting the GDPR as a matter of practice because it provides assurance to the consumer. People like to know that there isn’t anything nefarious going on with their personal information. If you watched any of Mark Zuckerberg’s testimony in front of congress you probably noticed that many of the questions were about what information is being collected and where is it goin. That’s why you’re getting emails from everyone!
What Does GDPR Compliance Look Like?
The GDPR is about disclosure, so adopting the GDPR as a guide, compliance starts with two words “statement and consent”. The best practices are to have a Privacy Statement and to ask for Consent when using your website to obtain information from users.
The Privacy Statement can be drafted from an example page that is in the latest version of WordPress (version 4.9.6). This is new page is a guide and your own website may contain elements that differ from this outline. This new page can then be added to the structure of your website, preferably through a link at the bottom of the website.
To demonstrate consent, a check-box can be added to any form that collects information from a web visitor. Checking the box confirms they are aware they are giving you personal data.
It’s time to get started. Having these pieces of the new regulations in place on your website will signal to users that you are a good steward of the web!