Privacy and your WordPress sites

Last night our local WordPress Meetup group hosted a round-table on privacy issues and the implications of the new EU General Data Protection Regulation (GDPR) that comes into force on May 25, 2018.

I think all of us rapidly became aware of how little we know and how complex it is becoming!

As a brief summary, GDPR is legislation that aims to protect the privacy of all EU citizens. It is a system of principles, rights and obligation which everyone who has a website needs to be familiar with.

If you have a website at all, it is very likely that you need to make some changes to it to comply with the legislation.

If you fail to comply with GDPR, you could be fined for up to 20 million euros or 4% of your yearly turnover, whichever is higher.

Key principles

  • Personal Data must be processed lawfully, fairly and in a transparent manner in relation to the individual
  • You must be honest, be open about who you are and what you are going to do with the personal data you collect
  • personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner incompatible with those purposes
  • personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed
  • personal data must be kept in a form which permits identification of individuals for no longer than is necessary for the purposes of the processing
  • personal data must be processed in a manner that ensures appropriate security of the data using appropriate technical or organisational measures

You may think that this doesn’t affect you or apply to your website. But if you ever ship or sell products to the EU or offer a digital service that’s used by EU-based customers, then it is likely that it will.

Examples of things to consider

  • You should already have a page that sets out your privacy policy on your website, but this in itself is not enough. Privacy information must be clear, concise and explicit.

Best practice suggests a ‘layered’ approach, with headings that can be expanded to provide more detailed information that is backed up by a dedicated Privacy Policy page.

Perhaps an even better alternative is clear pop-up notices whenever you are asking a user for personal information, explaining how this will be used and linking to further information. For example, if you collect an email address on a contact form, you might add an explicit message as to why you need this information and how you will use it, e.g. ‘to allow you to access your account and so that we may contact you with important information about any changes to your account’.

  • The default for any ‘opt in’ box must be un-ticked. Individuals must actively give consent.
  • If you use cookies, you will need users to opt in explicitly.
  • If you have pages, say on a blog, where people can comment, you will need to get their explicit permission to retain (store) a connection between their comments and their identity in the form of their email address.
  • If you are using analytics, there may be implications about what data you can legally collect and store.
  • If you are running an e-commerce store, you will need to be clear about what information you may legally hold. This gets complicated in that most countries require that you retain a copy of all invoices for a certain length of time. So you may find you have to delete copies of orders, but retain copies of invoices for the prescribed time, with an effective process for deletion when that time expires.

 

There is a great deal of good information available about GDPR and how to tackle compliance. Below are some links to resources we have found useful, including information about the work WordPress is doing to help users with compliance.

Links

Site Owner’s Guide to GDPR – a really excellent resource manual is available, whether or not you download the plugin it supports. (Codelight)

GDPR: How to write a Privacy Notice – Best Practices – very helpful article with some practical examples. (Hashed Out)

Worried about WordPress and GDPR? Start Here – a good starting point (Pagely)

GDPR Compliance Tools in WordPress – what WordPress is doing to support users with GDPR compliance. If you want to see a bit more of the background to this, you may want to look at Roadmap: tools for GDPR compliance

 

 

 

WordTechCon! Toronto 2018

WordTechCon

I’m delighted that WordTechCon has just announced that I will be speaking at their conference in Toronto, on May 4 2018.

WordTechCon describes itself as “a new premium conference that will allow WordPress Theme and Plugin Developers as well as hosting services to learn from industry leaders at a relaxed pace in a wonderful location”.

I will be be speaking on a pretty fundamental issue for all coders;

How can I know I am writing secure WordPress code?

WCUS – passion, democratization, accessibility, community

It was almost with trepidation that we took off for  WCUS in Philadelphia at the end of November 2016. In the wake of the Trump election victory, even before his inauguration and what followed, US travel already seemed somehow less appealing.

Justice, equality and freedom of the press

The Liberty BellIn the event, I am really glad that we were there in that moment. It was a reminder of so much that is good in America. To stand beside the Liberty Bell was particularly poignant. To read of past success in the struggle against injustice and inequality was a heartening reminder that there always have been and still are many who will fight for the best of what it is to be human.

We had a day together in which to explore. The Liberty Bell was a ‘must see’. Benjamin Franklin’s printing press resonated well with our attendance at WCUS. After all, WordPress specifically seeks to democratize publishing. Franklin’s grandson’s statement on the freedom of the press is as relevant now as it as ever been.

His Press Shall be Free

WCUS itself was a fascinating experience for someone who functions at the edge of the WordPress community. What stays with me is the depth of commitment to making WordPress accessible to all. In 2016 there were 115 WordCamps in 41 countries, with close to 90% of the costs (though not the travel) covered by sponsors.

WordPress is available in 50 languages and there is a strong push for internationalization and accessibility. All this exists in the context of a code-base  written by volunteers (Paul has ‘core commits’ in a number of WordPress releases).

The third day of the conference was ‘Contributor Day’. Hundreds of people gave a full day of their time to coding, bug fix, testing, review, documentation, translation and more. In five years, the WordPress market share has grown from 13% to 27% of the web and this effort is what underpins it. What a fantastic model for social co-operation!

While Paul focused on the more technical sessions and networking, I tapped into the wider content. Topics included ‘Version Control Your Life’, ‘Five Newsroom Tips for Better Website Content’, ‘Care and Feeding of Your Passion’, as well as a really helpful session on releasing a WordPress product.

‘Darth Vader wins over Yoda every time!’

Perhaps most pertinent to world events was a great talk on ‘The Dark Side of Democratization’. It seems that content that elicits emotional response is what goes viral, particularly if it arouses anger (hence the headline quote!). Therefore we all need to cultivate an ability to evaluate both our emotional response to content and the ‘facts’ in a post-truth world. An interesting suggestion was the importance of monitoring ‘news’ from sources that reflect the people who don’t think like you, engaging with understanding and tolerance, not judgement.

You can find’ the full 40 min session at https://dennis.blog/democratization/,  together with a great set of resource links including fact checkers.

Partying with dinosaurs

WCUS - partying with dinosaurs at the Academy of Natural Sciences

The ‘corridor stream’ is always a key element of any WordCamp and the after-party is a fun extension of this. In this case, we partied with dinosaurs at the Academy of Natural Sciences, making some useful contacts while were were about it!

 

(This review of WCUS 2016 was originally published as part of a longer article on Gina’s personal blog.)