GDPR, the new EU regulation, is coming and it will bring the requirements to build in a considerable amount of changes with it. In fact, if you already started to investigate the topic, you're probably aware of the required efforts you'll need to invest to make your WordPress website GDPR-compliant.
To spice up things a bit, the new EU regulation, although is primarily focused on technical aspects having to do with data collection, processing, and data storage, it will also require other important activities to be addressed.
Specifically, GDPR demands your attention on several areas and activities that have little to do directly with what you are required to develop to comply, but rather with third-party tools you're using and other areas that are closer to UX concerns.
So what are these 4 lesser-known yet key activities you need to take care of before May 25th?
1. Discuss the situation with third-party service providers
As GDPR is all about data and privacy, first and foremost you'll need to understand how all service providers managing user data you work with are going to approach GDPR. Especially, you should inquiry them on what is going to be done about as the GDPR becomes effective on May.
If you've some technical background and a good understanding of GDPR, you might want to jump on a one-to-one call with their developers and present them with their respective plugin/tool and just ask. If you're not feeling comfortable doing that, you can hire a developer do that on your behalf and report back to you. WordPress developer and Codeable expert Robin Scott explains how to go about it:
As part of this call, I'd suggest asking the developer of that tool, or the company behind that tool, something along the line of: 'We think your tool or this task within your tool is against GDPR. What measures are in place and what will follow?' It could be the case that they might satisfy you say: 'Well, actually here's the opt-in, it shows up on the screen just before checkout. If people opt-in, we store their data. If they say no, we turn it off.'
Third-party providers you want to engage with about GDPR compliance:
- Third-party scripts provider
- Shipping handlers and partners
- Plugin developers collecting and storing user data you currently use (or plan to use)
- Emailing service providers
Given how great the domain of GDPR is for a website or online store, a major revision of your current documentation around user data and privacy is also required. As Chapter #3, Art. 12 dictates, you should convey all of the information pertaining to how you handle and process user data in a way that's:
- In clear and plain language
- Easily accessible
- Free of charge
Here's a good example provided by the ICO:
3. Use consistent icons (and wait until standard icons are being implemented)
Explicit consent to obtain personal information is the cornerstone of GDPR, although not the only lawful basis you could use. Any website or store - yours as well - collecting personal data and information will have to carry icons that will facilitate your users understand in detail what consent they're about to give. Robin explains:
It's very specific in the GDPR: icons should be consistent. And what the creators of GDPR mean by this is they would like to see a global standard coming up for icons related to personal data. There is nothing in place yet but I think quite quickly we'll start to see it springing up because they want to create a standard.
The benefits of standard icons
Once people start getting accustomed to seeing a new set of icons for they privacy concerns, that is the right time to have a UX specialist and a designer have these icons designed and put on to your website or store allowing the users to know and be at ease with the change. Robin pitches in:
Visitors to your website will start to get used to them. They'll start to say: 'Okay, this is a consent about how my data is being used.' They will either pay attention to it, or they'll blindly tick the box because they're already used to it.
4. Embrace the trial and error approach until clearer guidelines are available
All the changes that accompany the new EU regulation are not going to be immediate. They will be implemented slowly and website owners, store managers, and developers themselves will have to see which ones are the most imperative to deploy first and which ones can be implemented afterward.
Since the EU hasn't provided any clear and factual guidelines businesses can refer to in a standard way. Many aspects covered by GDPR will require a different approach from your part, where temporary uncertainty and trial and error workflows to implementing the new requirements might temporarily drive your future choices.
As a result, you'll have to keep informed about the latest news and use cases about GDPR but also be ready to act fast into addressing what you ought to have to make your website or store GDPR-compliant.
GDPR is an important piece of legislation that is going to shake (actually is already doing it) a lot of what the market knows and used to do in its day to day flow of transactions, communications, data gathering and so on.
Your business, whether it is a WordPress website or a WooCommerce store, will be shaken as well by GDPR.
The earlier you start preparing for it, the least will be the impact of this earthquake on your business. At the same time, it will give you a tremendous advantage over your competitors who would have still to figure out what their priorities would be while in the middle of the shake.
This blog post features Robin Scott, an experienced WordPress developer who's also one of the founders of Silicon Dales, an agency focused on WordPress, WooCommerce, and a variety of other services. Robin has specialized in several areas such as Custom Plugins, Gravity Forms, Hosting Transfer, Maintenance, and WooCommerce Extensions, just to name a few.