You’ve probably been inundated with notifications about updated privacy policies and information on the GDPR the last few weeks and months, which actually went into effect back in April of 2016. But come May 25, 2018, the law becomes enforceable. While little changes for U.S. and Commonwealth countries, this is the European Union’s new legislation relating to personal data and how it’s stored; it’s called the General Data Protection Regulation, and applies those customers living in the European Union.
Export Personal Data
There are two new menu items added under the Tools section of the store, once you’re logged in. The first is Export Personal Data which provides a way for logged in users to request an export file of the personal data that WordPress stores on them. A user enters his/her email address, a site admin must approve, and then an email is automatically sent with a .zip file that includes an html file of the exported information.
Here’s an example of what that export file looked like for me on a test install.
Erase Personal Data
The second menu item added under the Tools section is Erase Personal Data. Similar to the exporting feature in how it works, this creates a request that once approved by a site administrator will delete or anonymize all user personal data.
Comment Consent Box
With this update, a new ‘consent’ statement will automatically be added above the submit comment button for logged out users which asks commenters if they want to, “Save my name, email, and website in this browser for the next time I comment.
On our site it is required commenters to be logged in, however, we don’t allow any comments on the site. So this doesn’t apply. This segways us nicely too…
- Nothing in the GDPR has really changed our processes or practices – we’ve been privacy conscious and pro-active when it comes to security and data protection from the beginning. For us, the GDPR has provided us with a useful reminder to be more transparent in these practices, and provide better documentation and opt-ins for our visitors and members.
- Nothing in the GDPR requires that visitors or customers in the EU not be hosted outside of or have data leave the EU. Full stop. Hosting EU customer’s data in other countries, including the US, is perfectly fine, as long as the GDPR is followed.
- There are specific legal reasons why businesses can continue to store certain types of personal data even if an individual has requested that all data be deleted. More on that here.
We worked hard to list out all of the different ways that individuals interact with our services and what we do with any data that is shared. The end goal here was to be transparent and easy to read with less legalese and more detailed examples.
If you have any questions about the GDPR and your site, drop us a line. We’re here to help.