Compliance

GDPR has been a hot topic here at Pingala Media. We’ve been working with our clients to assist them in becoming compliant over the last few weeks. We’ve been fixing forms as well as advising on future changes which may be needed.

We host numerous WP sites, and as the WP developer here it’s my job to keep on top of these things. I’ve been following development of the latest releases of WordPress for some time now and this is by far the most exciting one I’ve seen. WordPress, is now GDPR compliant out of the box. Yep, you heard it right.

Is it my site up to date?

If you’re a customer paying for a WordPress maintenance contracts, you will have received this update already and probably not even noticed! It’s a big update which added a number of GDPR related things to WordPress core, all of which can be seen here. The list is long, but should take about 10 minutes to see what they’ve done.

What about plugins?

This is a core update, meaning it’s still up to third party plugins such as WooCommerce to handle the GDPR compliance on their side of things.  If you run custom plugins, you’d need to contact the developers to ensure they make them GDPR compliant.

How can I become GDPR compliant?

If you’re not on a maintenance contract, the chances are your site is out of date. In order to update WordPress core to the latest, GDPR compliant version, we’d need to update everything. WP core, plugins and themes (If themes need updating of course). We can’t just update core as it is likely to break with plugins not built for the newest version. We’d also need to factor in the time we’d need to fix anything should it all go Pete Tong.

We’ve recently made a deal with a developer of a GDPR compliance WordPress plugin, which handles a number of third party plugins. With this, your WooCommerce installation, contact forms, Google Analytics, and several more third party addons can all be GDPR compliant.

This is why we offer WordPress maintenance contracts. Maintenance contracts ensure your site is kept up to date, is always online and is secure. The maintenance contracts also cover bug fixes should anything break in the process.

Private: Ash Scott

Ash is a front end developer who specialises in WordPress Development. With an interest in pixel perfect, modern designs he can put an entire site together on his own if needed. Ash works on a lot of projects at home, providing small business solutions to streamline their business. Doing this also enables him to keep up with modern Front End and WordPress standards and technology.

All things around data protection is changing on May 25th 2018.  There are lots of considerations that you need to think about as a business, however we will focus on your website and the changes you need to implement there.  Predominantly, websites are utilised to capture data around an enquiry for a product or service.  Contact and Enquiry forms generally capture information to enable you to then call or email a customer with information.  It’s the first step in engagement.

What’s key is that customers understand that this is the only thing that their data will be used for.  You want your customers to feel they are completing the forms knowing that their data will be used only for what they intend, and you won’t pass this on or use it to market 3rd party services or products.

So what are the key rules to follow on your website?

  1. Tick it!!! – It used to be common to pre-tick these boxes for customers to de-select.  Now it’s clear that this is unacceptable.
  2. Don’t hide it!! – You can’t just hide the GDPR info inside your T’s and C’s.  Make it obvious to people. Privacy notices are key here.
  3. There is no Blanket Consent – If you are asking permission to contact directly, plus pass on their details to a sister company make this clear with 2 boxes, don’t mix up the 2 and muddy the understanding.
  4. Make sure people can change their mind – If someone has opted in, make sure they can easily opt back out.  Withdrawing consent needs to be easy to find and carry out.  Don’t just rely on the unsubscribe on the actual mailer.
  5. If you are asking the customer if you can share, tell them who with – If you have partners or sister companies that data may have been shared with in the past, you will need to tell the customer who these companies are, so they can choose whether you can pass that information e.g. you are buying insurance, the insurance firm must ask permission to pass customer details to a recommended vehicle recovery company. You should also mention if those partners or sister companies are based outside of the EU.
  6. GDPR and terminology around this needs explaining – Make sure you set up a paragraph or 2 explaining the GDPR terminology and go into detail as to who the data controller is, what information you hold, what you do with the data, how you hold it and for how long.
  7. E-commerce – If you offer e-commerce you will no doubt capture data in addition to the data captured in the payment tool.  You need to tell people that you will hold this for a given period (Legislation doesn’t stipulate timescale so you need to determine a reasonable time frame, obviously if they tick to say you can send them info then that’s OK).
  8. 3rd party tracking tools – If you use 3rd party tracking like Lead forensics or similar tools you need to ensure they are compliant.  Google Analytics is fine, just make sure you know what you have and that they comply.

So what does the site need to make it compliant with GDPR?

  • We can review your site in accordance with the above guidance.
  • We can then make suggestions as to the changes required to make it compliant.
  • We would then apply the changes to the relative parts of your site creating a compliant environment.

Will there be a cost?

We will probably need to apply some technical changes to the site, which will have a small cost associated.  With most websites formats there will be a simple and advanced way to carry out the changes so we can outline the options and you can then decide how you would like to proceed.

What do we need to do now?

Give us a call on 01622 755 855 and we can set up a site review, then outline recommendations on the changes needed.

Private: Andy Vinnicombe

Andy has worked in web design and development since 2000 and over the years have built bespoke websites and systems for Governments, Charities, Restaurants, Telecoms, Retailers, Fire Authorities... pretty much any industry you can think of! He set up Pingala Media with Jon Spree in 2009 and now heads up the in house development team and also deals with all things financial in the business. Andy is proud to have received  The Global Business Excellence Award for Outstanding IT Initiative and a Webby Awards for his design work. He created the Pingala Content Management System which drives many of our website and can create full web applications from concept to delivery. Andy enjoys nothing more than relaxing in the hot tub with a glass of Cava, going on summer breaks away and spending time with his wife, daughter and new born son.