GDPR compliance
-
Can you tell me if there is anything that I need to do with regard to the GDPR or will I be covered by WordPress statement – I am a .com site.
The blog I need help with is: (visible only to logged in users)
-
Hi,
You can read about the GDPR and WordPress here: https://automattic.com/automattic-and-the-general-data-protection-regulation-gdpr/
Including information about “Your Rights As A User of our Services” and “Your Responsibilities as a Site Owner”
Hope this helps :)
-
Thanks Cat but does not really tell me what I need to do…for example do I put a link to that privacy document in the menu of my website? It says that I can use their template to write my own… but is that not covered by WordPress.com in their own privacy statement.
I just would like to know what do I as a WordPress.com user need to do to make sure that I am compliant.
thank you.
-
Hi smorgasbordinvitation,
WordPress are working on implementing the new regulations to make sure we are compliant when they come into effect. The link I supplied has all the information we can provide at the moment: https://automattic.com/automattic-and-the-general-data-protection-regulation-gdpr/
If you would like to keep up to date with the progress, WordPress may provide updates about this on the WordPress Blog. You can follow it here: https://en.blog.wordpress.com/
-
Thanks @catkiinson :)
We have a new post on our blog now:
@smorgasbordinvitation, you’ll note the cookie warning we’re building into your sites, as well as other tools for users to manage their privacy. I hope this helps.
-
Sorry, but this is not really helpful to me either. Maybe I’m slow, but I need a step by step What-you-need-to-do-list. For example:
1. have a privacy policy written up that meets X standards. (got that – you have covered that one)
2. have a link displayed to the privacy policy (where? Is having it in the upper toolbar with my other links good enough or does it need to go somewhere else? Does it need to be on a pinned post so users will always see it, or is having it in a link where they have to go click on it good enough?)
3. Cookie notification, set this up – how? I see it says “Our new features include: a new “cookie and consent” notification that WordPress.com and Jetpack site owners can add to their sites, ” but where is it? how do I add it? Where do I add it? Is it in the settings? A widget? I can’t find it. I did search plugins, but having a free, non-business site I can’t enable any of them.
4. Gain consent from users – how? Another site (giving advice for wordpress.org sites) said I would be required to have a checkbox when people comment stating that they give their permission to store their comments, name, email, etc. Do we need this at a .com site? How can I add this? Is it something you’re adding? I have a free site, so have no way to add any plugins or coding, etc. to my blog.
5. delete users data if they ask by..? I understand a tool is coming for this, so fair enough.
6. Provide users with their data by..? again I understand a tool is coming for this. Will it be in the wordpress admin section or..?I have no idea what jetpack is, or if my blog utilizes it at all, and the same with Automatic. I do know that I find all of this compliance stuff confusing and frustrating and would welcome a cohesively written step-by-step instruction post telling us exactly what to do and how to do it. (go here, go there, enable this, etc etc.)The other posts are great, but they assume that the people reading them know what to do or how to do it already, while a lot of wordpress.com users, including myself, do not.
-
Hi there,
We cannot give specific legal advice about your particular sites, as we are not your attorneys.
In general, though, if you handle the information you collect from your visitors responsibly and are not sharing or selling it to other companies without permission, then the GDPR is unlikely to cause a radical change in how you do things. WordPress.com is not a tool which gives you a lot of personally or legally sensitive details on your visitors.
For most bloggers and site owners using WordPress.com, comments and feedback are the main way they collect information from visitors. In addition to what is public, there are also a few extra details visible to you in your dashboard, such as the IP address of commenters. When the GDPR goes into effect, people will be able to request a copy of this “personal data” or ask to have it deleted. We are working on ways to help you comply with such requests, which may be in the form of point-and-click tools or written guides.
We will also be enhancing the functionality of our existing EU cookie banner, so that it works in conjunction with our WordAds advertising program to only provide EU visitors with clear choices about personalized ads.
If you want to write a Privacy Policy that discloses to your site’s visitors the information that’s collected when they follow or comment on your site, you can find a detailed description of what gets collected about them at https://jetpack.com/support/comments/#privacy
Linking to that policy in your site menu or a widget should be fine.
And we will have written guidance for people with more complicated sites on what they should think about when it comes to protecting privacy and the new law.
Both our privacy.blog and the GDPR support page will have updates by the end of the month and going forward.
If you have any follow-up questions, let us know.
-
I have no idea what jetpack is, or if my blog utilizes it at all, and the same with Automatic.
Automattic is the company that owns WordPress.com, and if you look at the Automattic Privacy Notice and Privacy Policy you’ll see they apply to WordPress.com.
Jetpack is a service also owned by Automattic, which is included by default on all WordPress.com sites – Stats, Related Posts, Publicize and Comments, among other features on your site, all form part of Jetpack.
-
I am also confused about GDPR and its implications on Word Press sites. I spent an hour or so communicating with Support yesterday and was advised to seek legal counsel! Like others on here, I am just a blogger – if legal counsel is the way forward, then I shall have to stop blogging. I signed up to Word Press so that these sort of issues would be dealt with by a platform customised for its purpose.
The emails that I have received from other lists and websites to which I am subscribed offer an ‘remain opted in’ button. I understand that it is not good enough for GDPR to just email everyone through a blog and say that they have the option to unsubscribe. GDPR requires active consent that they wish to REMAIN subscribed ie they have to opt in, not be offered the option to opt out.
I too would like some guidance on what I should note on a privacy page. Again, would this not be standard information for an ordinary blog?
I don’t think that any of this constitutes legal advice; it is clearly an issue facing many people like myself who are just bloggers, not web experts, who have signed up to a platform that should take care of it or offer advice about all this compliance stuff so that we can just keep writing and don’t have to worry our pretty little heads!
Any help or advice is welcome.
-
This is what worries me!
Under data protection legislation:
* consent must be a positive action, that makes it clear the individual agrees to the use of their information for direct marketing; * pre ticked opt-in boxes are not permitted – silence or inactivity from the data subject will not show consent.
How do I approach this?
-
We cannot comment on whether an opt-in button is required for your specific site, as that depends on several factors including the purpose of your site, the type of data that’s collected, and what that data is used for. Nothing in any law is a blanket statement that applies equally in all situations. That is why lawyers and judges exist to interpret laws.
And that is why we recommend you consult an attorney who specialises in this law if you want clarity on whether or not a specific requirement of the law applies to your site or not, and what you need to do to comply. We cannot advise you on that.
I too would like some guidance on what I should note on a privacy page. Again, would this not be standard information for an ordinary blog?
I don’t think that any of this constitutes legal advice
In this context a privacy policy is a legal document, so telling you what should be in it will constitute legal advice. If you want an example of a privacy policy you can look at Automattic.com’s own privacy policy linked to in the footer of the forums. That policy is also published under a Creative Commons Sharealike license, meaning you’re free to re-use it in full or in part. But we cannot guarantee that doing that will be sufficient for your site to comply with the law. Only a lawyer can advise you in that regard.
-
I am closing this thread to further replies.
If you are looking for general information on how we use data we collect from you or visitors to your site, please see the various links in our sticky post here:
https://en.forums.wordpress.com/topic/about-the-gdpr/
If anything is unclear, please create a new thread, but also note that we cannot provide legal advice regarding whether a specific site is compliant with the law or not, nor how to make your site compliant.
- The topic ‘GDPR compliance’ is closed to new replies.
WordPress.com Forums 