Here is a free document I created a while back and which I feel hasn't…
How I’m Making My Website More GDPR Compliant
Updated on the 2nd May 2018
(You will read below that I installed the Google Analytics Opt-Out plugin. I found it didn’t do what I wanted i.e. enabled visitors to opt out of my use of the Google Analytics tracking. At the time I couldn’t find another plugin but since then I have. So I have replaced it with this new plugin called Surbma ā GDPR Proof Google Analytics, which seems to do the job I wanted, of enabling visitors to opt in or opt out.)
In the run up to the 25th May 2018, when the General Data Protection Regulation (GDPR) comes into effect, all of us have much to do. One of the challenges facing small and micro businesses, like mine, is what to do about our websites. Because there are certain requirements under the GDPR that affect the way the website works and the information we should provide to users and site visitors about how we use their personal data.
I’m not going to go into the details of the GDPR here, rather focus on four specific actions that I’ve taken on the New Frontiers site. Together, these move the site closer to compliance, although, as you will read later, it still doesn’t exactly meet the requirements as defined in the Regulation.
That said, based on my risk assessment and on the realities of what can be done by someone (me) who knows a reasonable amount about using WordPress and building websites based on it, but isn’t a teckie and doesn’t have a budget, the site is still much closer than it was…and I suggest much further advanced than the vast majority of others.
Just to be clear – my website is a hosted WordPress installation, where I have complete control over its use of plugins etc. The steps described below may not work for you if you don’t have the same flexibility.
Step 1 – Installed the WP GDPR Compliance Plugin
This Plugin is promoted by the authors as “assists website and webshop owners to comply with European privacy regulations (known as GDPR). By May 24th, 2018 your site or shop has to comply to avoid large fines. WP GDPR Compliance currently supports Contact Form 7, WooCommerce and WordPress Comments. Additional plugin support will follow soon.”
Thankfully, my site uses the Contact Form 7, Woocommerce and WordPress comments, so it was very simple to add the information to each of these.
You can see the results if you go to my Contact Form, decide to download one of my FREE documents, or want to make a comment below. So now, I do at least provide some information about where your personal data is being stored and give you the option to confirm you are ok with this, before you send it to me.
Step 2 – Installed the Google Analytics Opt-Out Plugin
This Plugin gives you (as a visitor) the option to ‘opt out’ of being tracked by Google Analytics. As with the previous Plugin, this one is very easy to install and get working, if you know a little bit about Google Analytics and your account. If you also know some CSS, then you can change the styling to suit your site.
There are a couple of issues – the most significant is that it is an ‘Opt-Out’ when to comply with the GDPR, it should really be an ‘Opt-in.’ However, until the authors make that change, there is nothing I can do and I am at least showing steps in the right direction.
The other issue is that ‘out of the box’ the words are at the bottom of the page and you need to figure out some CSS to make them appear at the top. It took me a while until I managed to work this out…but I’m no expert. So, some good learning for me. having done that, I found that I couldn’t get it to display properly on mobiles and tablets. So I’ve reverted to the bottom position.
I still need to figure out how to make it display properly on mobiles and tablets – a work in progress…
Step 3 – Add Text to the Mailing List Sign Up Form
You can see this on most pages (see Here for example), where I have added some explanatory text to the Form about my use of MailChimp as the email provider.
Step 4 – Updated the Privacy Page
If you go to this Page, you will see that it is a comprehensive document, with a, hopefully, simple and understandable description of our Privacy Policy. As with everything I’ve written here, the aim is to make things clearer and more understandable, and hence to build more trust and confidence.
Have I succeeded? Let me know in the comments section below…
And also if you have any more suggestions.
Cheers
John