GDPR Compliance For WordPress – A Website Developers Goldmine

In this video were to talk about the GDPR and what it means for you hi my name is Adam from WPCraftercom where I'm at WordPress tutorial videos for non-techies if you knew your consider clicking on the subscribe button to not miss a video click on the bell and YouTube let you know when I have a new video appear available for you so I have to start this video with a should be obvious disclaimer that I am no attorney this is not legal advice as a matter fact that a little but humor you should listen to anything I say in this video because it has not been reviewed by an attorney and I am not an attorney so just go with that of course about the GDPR in this video because it is coming up in May 25 and that's not that far away I mean it's coming up really quick and for those you that are not familiar with what this is it's a new law a very extensive law that's going into effect in the EE you but it has effects on anyone that is collecting data on EU citizens or anyone that has a website that has EU citizens and visiting get it's going to affect you and since this is a channel about WordPress it's definitely conversation that we need to have it simply one that I would hope that you would pay attention to so the GDPR stands for general data protection regulation and it's a very comprehensive document and the onboarding process for this is about been going on for the last two years however the date that it's going to affect is coming up soon and there's a little bit of scrambling going on so in this video what I hope to do is actually have a series of videos but in this video I just want to go over some of the basics of GDPR some of the questions that still remain about it primarily to get it on your radar and I'll probably have maybe another one or two videos about the GDPR here to greatly come up with this in the video description down below Lee Jackson from the agency trailblazer podcast put up a podcast episode today based upon his research into the GDPR it was pretty good I listen to it and I thought it's about time I start talking about this on this channel I'll put a link to this download suddenly worth a read and also worth a this into so I wanted to talk about some of the points of the GDPR I got some of it from here but I've actually been following this for the past three months and also a side note if you are a website developer you have clients I actually think the GDPR is going to be amazing for you because this is something that you number one need to have all dialed in because you have customers so you have clients that you build websites for or you manage websites for and there should be a service offering to do a proper audit for GDPR regulation and compliance and I think it's a good opportunity for you to reactivate old clients and also have it be a services that you provide to all of your existing clients I think it's going to be great for you you could do an audit you can go over compliance you can add disclosures there's all of the services that revolve around it's okay not to start going fast through the video okay so the first thing you need to look at for GDR compliance is what data are you capturing so you need to know the most basic form you might have a contact form on your website someone fills out that contact form and hits enter where does that gate data go where is that data is stored as so you need to go through everything that you use in find out what data are you apps actually collecting and then what you need to do is ask are you collecting identifiable information so that is defined differently in different countries and the United States an IP address is not identifiable information unfortunately in the EU it is so if you are collecting any identifiable I mean there's obvious identifiable information write someone's name and address that's identifiable in the list goes on but also IP addresses are added to that next you need to look at all of the or do an audit of all of the products and services that you may be using that is collecting this identifiable information and then you need to go to those services and find out what they are doing to be compliant so this would be and I have a short list here if you have an e-commerce website what are they doing to be compliant, talk about WooCommerce in a moment if you're using that enema talk about WordPress in a moment if you're using that if you have an e-learning platform or a learning management system what are they doing to be compliant dominant touch on that here in a moment as well your contact forms some of them don't store the data in your WordPress database some of them do what are they doing to make it easy so that you either are storing it or you have an easy way to not store it's that's one less thing that you have to be concerned with what business communications are you having and I know for me specifically have a live chat tool what is being collected by that live chat tool I need to know also any marketing tools are marketing automation if you're using any marketing automation platform there are usually checked checked the tracking everything someone dues does on your website where they're going the pages are going to hell longer on those pages for are they doing it in a way that is capturing personally identifiable information before the person has even given you personal identifiable information perhaps like an IP address if they're doing it that way and this would also apply to remarketing then you've got to look at data retention how long you're retaining that data for you have to make sure that you're storing all data in as height of a security measures as possible taken all security measures that you should responsibly be doing and then once you've done all of that stuff then you actually have to disclose all of it in disclosure forms for your website in plain easy to understand English now the problem is you have to do this for EU citizens but there is no reliable way to know if someone that's on your website is an EEE you citizen it doesn't matter where the visitor physically is if there in the EU or in Canada are in the United States or in India if they are in EE use citizen you have to be compliant some of the main things that we like make this all kind of makes sense you have to look at all of this stuff disclose all of this stuff and then there's issues of consent that I'm in a talk about a moment but then you have to have a mechanism in place where if an EU citizen wanted access to the information that you have on them that you can supply that to them that's where this actually gets really tricky because if you're like me you're using several products and services that aren't all unified and getting that data to someone could be a burden now if you're not compliance whether or not your business is based out of Europe or someplace else they date the EU law states that they can find you up to 4% of your global revenue and that would max out and I believe '8020 million now there is some questions of how enforceable that is right so can they actually enforce that on a US-based business does international law apply in all of that in these are all things that we don't really have the answers to on the surface there is no with a can't apply a fine if you're in the US they can't just fine you in a way that a government agency in the government of the country that you're in can just find you so it is a little bit questionable how they would actually collect or enforce that and these are all things where the dust is going to have to settle there's a lot of parts of this law that are written in a very ambiguous way so really the product some of the practical effects of the GDPR really not gonna know until some of these things are actually tested in a court of law so here's how it affects you and me and here's where you want to be concerned first of all I actually like personally like the spirit of the GDPR I'm all for disclosure if you visit my website there is in fact there's a transparency report that discloses all kinds of stuff I don't have to trade disclose but I like to do that I think transparency is a great thing so for me it's going to be very easy to go and audit everything and kind of write out what I'm collecting and how it's being used and how long it stored for in the purpose of all that and adding a disclosure so first of all I want to be adding a discloser everyone should really be adding a disclosure I almost think you should be adding a disclosure even if you're not collecting any identifiable information on someone you should still add a disclosure to your website disclosing that you're not collecting any personally identifiable information the next common aspect of this law that it's actually a little vague and how it needs to be interpreted and that has to do with if your have say an opt in form your collecting someone's name and email address because there's an issue of consent so this is actually the one thing right I actually personally don't really agree with a lot of what I'm seeing written out there and that's why say don't follow my and when anything I'm saying as legal advice I really don't agree with that so what a lot of tools are using so like Beaver Builder I'm sure it's or you might be a feature in Elementor Thrive Architect in Thrive Leads has it where you can if someone is going to opt in or submit a contact form there's a checkbox that you can have where they would the visitor would actually have to check on the box to give explicit consents that they're agreeing with the say you link to the GDP our policy slur given that explicit extent were they have to move their mouse and click the given X was called explicit extent of consent when they give you this information but here's the thing collecting someone's name and email address it die from what I've been reading from the law it does not require this term called explicit consent let me read to you what explicit consent is defined as in the law under the GDPR article 9 explicit consent is required for the processing of certain special types of personal data not all types certain types of personal data an example would be racial or ethnic origin I don't ask that my contact forms political opinions religious or philosophical beliefs or trade union membership and the processing of generic data biometric data for purposes of uniquely identifying a natural person data concerning health and data concerning a natural person sex life or sexual orientation I'm not asking you for that if I have a spot to put your name in your email in and it just you putting your peanut the person being on my website put in their name and their email and then giving me consent not explicit consent but consent and then they click a button so for me I think some of what I've read is that on this points if you have a form where you're getting some as name and email you can have a one line there without a checkbox saying that you are consenting to give this information to me or something along those lines you by clicking on yes submit or yes I'm in or whatever button there to actually submit that information they are giving you consent and so that's probably how I'm going to roll until I get additional information so if you are collecting leads for any purpose you might want to look into our is explicit consent required now if you're a doctor or doctors office and you're having them give all kinds of sensitive information oh yeah explicit consent is definitely required so there's that issue so some other things I want to talk about is so what that the trickiest part of this I think is not necessarily fixing your opt in forms and putting a line of text or doing the audit to find out where all the state is coming from I think the biggest challenges how the heck are you going to be able to deliver to a EU citizen all the data you have collected on them and so in with WordPress here's a great article and I'll put a link to it down below and this is really coming from WooCommerce but it's talking about what WordPress's actually doing for GDP or current PR compliance and their actually taken it very serious and they should because 30% of the Internet's on this thing they really need to give us their tools in the core of WordPress to be able to be as compliant as possible so what they're doing is and you can read through this so someone using WooCommerce obviously of some places an order you're collecting their information but also if someone's leaving a comment on your website your collecting information of someone is say you're using a learning management system and the registering for a course your collecting information so there's so there's a lot of functions in WordPress you are actually collecting identifiable information in WordPress does need to provide a way that plug-in developers and theme developers can hook into to be able to have a system where you can give that data to someone upon request and also give them the option to have it all deleted and wiped away and that's what they're doing in WordPress so essentially someone's going to be able to go to a form and are to be able to request all the information the system will WordPress will then email them that information so they can download it and they'll also have an opportunity to delete their account from your WordPress website and here's an example of what all that personal data would actually look like that can automatically be emailed out and this is something that WordPress developers are going to be hooked be able to hook into so if you go to see the LifterLMS website and you go to their blog they have a blog post also talking about this at there just waiting for since all the data is in WordPress and they know WordPress's billing this they are there just waiting on WordPress to release this functionality and then there immediately going to hook into it so they could be compliant so a lot of the WordPress developers they are going to be able to leverage this what's already going to be added to the core of WordPress most likely but then it's a little bit more challenging right so if you're using for me I use ConvertFox it's an instant messaging application I've gotta go and make sure they are compliant and how I'm going to be able to deliver someone's information there so there is a lot of loose ends with the GDPR I wouldn't be losing sleep over it I mean for me in the spirit of the law I want to be 100% as compliant as possible I'm in a put every effort to do that however I don't you lose sleep over it so if you are you say a small business owner you only do business you don't explicitly do business with European Union citizens or in Europe itself you really don't have a ton to worry about if you have a website where you're literally collecting no personally identifiable information yet nothing to worry about at all either so a local plumber down the streets you probably don't have anything to worry about at all the only area where you might want to just just double check to look into it don't use a contact form that stores the data in your WordPress website but even you should have a disclosure I think every website is going to have to add this to a disclosure and one of things I actually forgot to mention right here is that it's WordPress is also adding a disclosure generation tool so will generate the disclosures that you need to add to your website and thinkers to something in this article here which I think is actually very good to be in the core of WordPress to help people generate privacy policies terms and conditions and also GDP our complaints I don't know was going to do all that but it should do some of that stuff or have the faculties to do something like that and so the one thing that I hope does not happen and you're starting to see this and you might've already seen this on some websites and that is here I will II don't know how I ended up on this website the other day it's elegant marketplace they I must've been looking at some kind of a Divi add-on or whatever and I ended up here and this is the pop-up that I saw in this are actually propping up on a lot of websites it's generated by a website called cookie bought and so this is the most this is an example of explicit consent where someone comes here and this is literally the first thing that pops up now most people just might click okay but it's just so overly complex it's in them not digging make it to dig out on elegant marketplace at all they're just doing what they're there doing and I got to commend them for doing this but it's just this stuff like this really kills the experience someone has on your website when they visited and this is the first thing that they see you can check this out if you wanted to its cookie bot and there's also a plug-in that will allow you to add this to your WordPress-based website but for me I don't want this so I would rather use the right plug-ins and the tools that are not collecting identifiable information information that can be linked to any actual person I would rather instead of having something like this just not use those tools to be honest so if it means that I can't use my marketing automation tool until they modify it so it's not collecting IP addresses hey I'm all for that because I would rather not have people have to see this the first time they come to my website and every time they do it in a new fresh browser so I know this video is a little all over the place about the GDPR I do think it's something that needs to be on everybody's radar I do think if you're an agency owner you have web design the design clients it would be good for you to if you have a blog on your website put together a blog post that talks about it email all your customers tell him to read that blog posts and start taking appointments on how you can get them GDPR compliant just the website that they have theirs it's a whole another can of worms on what they do with the data after it comes through a website or the website that collects it so I do think there is a huge opportunity for developers to have services related to GDP our compliance I do think every website is going to need at the very least a page added with disclosures to whether you're collecting data or not I think at the very least that's what needs to happen I just wanted to start having a conversation with it and also tell you some of the plans that I have about the GD put PR so this and by no means nothing in this video as legal advice in this video is nowhere know me that this video is not like the most comprehensive resource on the GDPR I am going to be following I'm going to be make doing a lot more research into it to kind of maybe put together some resources that I can provide here on the channel to people maybe some templates for disclosures or things like that but I just wanted to open up the conversation get it on your radar we do have plenty of time a lot of it's really doesn't really fall on your shoulders other than doing the audits it really falls on plug-in and theme developers and the developers of the services that you use on your website so we have any questions for a future GDPR video or discussion leave them in the comments section down below ouch also see about getting an expert in the GDPR to come here on the channel to talk further about the GDPR and what it means for you hey thanks for taking the time to watch this video and I will see you in the next one

Free Email Updates
We respect your privacy.

affiliate marketing for dummies

affiliate marketing