After four years of preparation and debate, the GDPR was approved by the EU Parliament on April 14, 2016 with an enforcement date of May 25, 2018. The GDPR replaces Data Protection Directive 95/46/EC, and according to EUGDPR.org, is “designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
Who is Affected by the GDPR?
Under GDPR, companies processing the personal data of any resident in the European Union are subject to new privacy requirements, regardless of their geographical location. For example, companies in the United States processing data for UK or French customers must abide by GDPR regulations.
Companies in the United States that process data for customers only in North or South America are not subject to these changes.
What Do I Need To Do?
We’ve compiled a list of online resources to help agencies determine their obligations under the new regulations and how to come into compliance.
European Commission: This website lays out the 9 key points of the regulation in an easy-to-read format.
GDPR Infographics: This website contains 7 downloadable infographics to use internally with your teams or externally to partners to provide further details on the new regulations and the steps needed to come into compliance.
WordPress: More than 28% of global websites employ the WordPress CMS, including many web agencies. This is a good resource to understand how GDPR will impact WordPress deployments in your organization. There’s also a WordPress plugin you can download to assist in determining what steps are needed for your website to be in compliance.
WooCommerce: Built With estimates that WooCommerce powers over 42% of all online stores. This link provides shop owners with information on what is needed to make their stores compliant. They’ve also posted an update here on what changes they are working on with core WordPress to provide tools to assist with compliance.
WHMCS: One of the most popular client management, billing and support systems for hosting businesses, WHMCS has provided a number of new features in the software to help web agencies comply with the GDPR. This website details how to access these features for your EU customers.
Google Analytics: It is estimated that up to 50 million websites use Google Analytics. If you use this on some or all of your websites, you’ve no doubt received emails about making modifications to data retention policies for each of your websites. Google has published this update on their changes to be in compliance with GDPR. The website Jeffalytics has also published more details on the impact of GDPR on your analytics data.
MailChimp: Almost 50% of email marketing software on the internet is powered by MailChimp. This resource outlines how to collect consent with GDPR friendly forms they provide in their software.
We encourage you to take stock of other plugins you may use on your websites and make sure you keep them up to date. Most popular software companies have posted blog or FAQ entries to advise their users on how to best to use their software to be in compliance, such as Contact Form 7, Gravity Forms (which we use at Webvolve), and others.