What is the GDPR and how to prepare your site

Transcript

1. General Data Protection Regulation THE WHO • WHAT • WHEN

   • WHERE • WHY •HOW FOR US BASED ORGANIZATIONS GDPR Happening May 25, 2018

2. WE ARE NOT LAWYERS Susan Hayse Milkweed Web @susancycles Heather

   Acton Helio Interactive @HeatherActon The GDPR is complicated. Seek expert legal advice if you're in doubt.

3. What is it? The General Data Protection Regulation (GDPR) (EU)

   2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. (Wikipedia) This includes the UK.

4. Why Should I Care? I'M NOT AN EU BUSINESS AND

   I DON'T SELL OUTSIDE THE US The regulation protects the personal data of EU residents wherever they go online. It does not require national governments to pass any enabling legislation and so it is directly binding and applicable. (InfoLawGroup) This means you!

5. What Is "Personal Data"? I DON'T COLLECT ANY PERSONAL DATA!

   You may not deliberately collect personal data from EU residents, but your plugins probably do. Personal data, as defined by the GDPR is: "Name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;" The obvious personal data is name, address, email, phone. The not so obvious personal data is location, RFIT, cookies, IP address, race, ethnicity, political or religious views, sexual orientation, etc.. (When cookies can identify an individual via their device, it is considered personal data.)

6. What Rights Do Data Subjects Have? The right to be

   informed The right of access The right to rectification The right to erasure The right to restrict processing The right to data portability The right to object Rights in relation to automated decision making and profiling. More info at ico.org.uk

7. How Can I Get Prepared? A group of WordPress geniuses

   at the Making WordPress #GDPR- Compliance Slack channel are working feverishly to bring key GDPR elements into WordPress Core. They hope to have these features included in the next release, 4.9.6 sometime in mid-May. Many of the big plugin developers are also working hard to bring GDPR elements into their products. But you will still need to take some steps now. Don't Panic!

8. What Happens If I Don't? Maybe you won't get caught,

   but it's the right thing to do. Fines of up to €20 million, or 4% of the worldwide annual revenue Amazon, Google, Apple, Facebook, on the other hand, will probably get caught. I'M NOT GONNA LET THEM CATCH THE MIDNIGHT RIDER

9. Things You Can Do Right Now To Get Ready 5

   1. Determine what personal data you are gathering or your third-party plugins are gathering IDENTIFY WHAT YOU COLLECT 2. Write separate Privacy Policy and Terms of Use or modify the ones you have to meet GDPR standards CREATE A PRIVACY POLICY 3. Reconfirm your email subscribers if you have an email marketing program RECONFIRM YOUR SUBSCRIBERS 4. Modify your site forms to collect permission (including email signup, contact form, shopping cart checkout, etc.) ADD CONSENT TO YOUR FORMS 5. Stop gathering personal data you don't really need REDUCE THE DATA YOU GATHER DEFINITELY NOT A COMPLETE LIST 6. BONUS: UPGRADE TO 4.9.6 And 4.9.7 which should follow shortly. Baked-in tools to become compliant! Yay!

10. Go Forth and Do Good. RESOURCES Official GDPR Portal: https://www.eugdpr.org/

    Plugins: https://wordpress.org/plugins/gdpr/ (there are a number of these) Slack: Making WordPress #GDPR-Compliance Trac: https://core.trac.wordpress.org/ GitHub: https://github.com/gdpr-compliance Cool Infographic: http://ec.europa.eu/justice/smedataprotect/index_en.htm Helpful UK agency: https://ico.org.uk Cookies: https://www.cookiebot.com

11. summary IT'S A LOT TO THINK ABOUT, BUT WORDPRESS HAS

    YOUR BACK. thank you!