In this article we have to “face” one of the parts of WordPress that bothers us the most (at least to me) but which is also necessary to see, since it is about compliance with an important regulation.
The way I have to deal with it is to put myself in the place of whoever visits my pages , and demand that said protection of my privacy be met.
Today, and in a world as globalized as ours, everything related to privacy and the rights of Internet users has to be taken very seriously .
Throughout this article I am going to try to gut this topic a bit, and approach it in a more popular way and without so many brushstrokes that sound like Chinese .
What is the famous GDPR or RGPD?
GDPR is the acronym that is equivalent to General Data Protection Regulation (or what is the same in Spanish: RGPD – General Data Protection Regulation ).
This law was approved on April 14, 2016 by the European Commission, and protects the rights and personal data of all citizens of the European Union.
Since May 25, 2018, all websites that are located within the European Union (whose servers are hosted within the EU) must comply with said RGPD (if you want more information in this link you can find what is published by the Official State Gazette (from Spain)).
Instead of blurting out another rant explaining why, I’m going to focus more on the what.
But do not worry because in the next section I will tell you what you have to put, so as not to make a mess.
If you have WordPress comments activated on your website …
When someone makes a comment on any article on your blog, they must give their name and email.
From that moment you are already collecting certain information from that user.
If you have any type of form on your website
Whether it is a contact form, a participation form, a purchase made on your website (payment form), etc., you are collecting all the personal data that the user decides to give you in the fields that you indicate.
If you have a newsletter subscription opt-in
If you have the typical banner, pop-up or similar, asking visitors to subscribe to your newsletter, and they do so, then you are already collecting at least their email.
If your website uses Google Analytics or any other analysis tool
Whether Google Analytics (the most common) or any other type of tool to track your visits and their behavior, you will be collecting private information.
For example, you are compiling which pages they visit the most, from which city and country, the language they speak, the device they use to view your website …
If you use plugins that connect with Facebook, Twitter, Instagram, etc.
If after viewing the information of your social networks on your website (the embedded timelines , the like button on your website, etc.) and the visitor has any type of interaction with these elements, you will already be collecting their personal data (their social profiles) .
We now turn to the most practical part.
We are going to see in the next section what you should include (I can tell you that it is not too complicated, it is more common sense than anything else! ).
What should I put?
I know you think that it doesn’t matter what you put on this specific page on your website, because nobody reads it.
But there is the double side of the coin.
This page is so important, because whoever reads it is because they are really interested in knowing what it says … and why? Because usually who is so interested … It is because he is angry with you for any reason, and wants to seek legal tickling .
Obviously I can’t tell you exactly what to put, because it depends on your page and what you have on it in relation to the personal data of your visits or users, but I can tell you which elements you should mention yes or yes, so that you have backs covered.
- Say what data you are collecting.
- Say where on the web this data is collected.
- Say what purpose is to collect said data.
- Say how said data is collected (forms, cookies, etc.).
- If the data collected is transferred to third parties , you have to say so.
- You have to have a link to the cookies page (take a look at this article on Cookies in WordPress )
- You have to indicate how long you stay with that data (in the video tutorial I explain where you can see this in WordPress).
- You have to indicate to the user who visits you, that at any time they can exercise their right to ask you to delete all the data you have about him or her.
- You have to clearly indicate who you are, your contact information, tax information (if you are a company) and what is the best way to contact you.
This page contains a kind of template that you have to finish filling out and publishing on your own.
To add that page (or the one you use if it is not that) to your website, the best place to add it is in the footer .
Add via menu
By creating a specific menu in Appearance → Menus, you can easily add your privacy page.
Add using a widget
Here you can choose to use a menu widget in the widget area you want (usually in the footer ) or use a text widget and there include what we are going to see in the next method.
This is the HTML code that you will need if you decide to use that method:
In this code example, your page should be found at www.yourdomain.com/privacy-policy.
If you mess up this way, simply create a new post , and with the WYSIWYG editor create a link, and copy its HTML (we see it in the video).
I recommend that you review each of the elements that obtain personal data from visitors to your website, and that you mention them on that page.
Try to make the text easy for everyone on foot to read , with everything neat and clear, and don’t leave anything to mention.
In general, it is important that you keep everything that includes the cybersecurity of your website up to date, you can see this complete security guide for WordPress to ensure that you comply with the regulations, and you are covered from possible hacks.
I hope this article has helped you, and see you in the next one!