GDPR – new EU data protection regs
-
I am looking to set up a blog on the EU General Data Protection Regulations. It will be a paid to host site on WordPress.com. GDPR will make life more difficult for anyone holding personal data outside of the EU, so I need to be sure that any such data I collect (for instance via contact me forms) will be stored on WP servers located inside the EU. Is this possible, and if so what do I need to do? (Note to WP: this is going to become a very common request in the next nine months!). Many thanks in advance.
The blog I need help with is: (visible only to logged in users)
-
Hello!
So I’m going to right off the bat tag a MODLOOK, since this seems much more detailed then I know.
But, as this help article shows, W
ordPress.com runs on thousands of servers located in several separate data centers in different parts of the US and around the world.
Thus, I don’t believe its possible to specifically choose which servers will store your data where, at least not if you’re hosting on WordPress.com.
I look forward to seeing what Staff has to say about this!
-
Have you read this support doc?
Posting private information.
Don’t share someone’s personal information without their consent. This includes collecting sensitive information in Contact Forms such as account passwords and credit card numbers, to name a couple. From: https://en.support.wordpress.com/user-guidelines/Please also read https://en.support.wordpress.com/private-information/
-
Blakesheep – thanks. That was actually the thing that prompted me to ask the question. I know The Mighty Microsoft will let big organisations (such as the Uni I work for) to specify that their data must be held on servers in the EU, but I’m kind of expecting the answer to little old me – Billy No-Power – will be to look at the item you sent.
Timethief – This is a different matter, though related to what you found. I want to put a contact me form on my blog and give people the ability to leave their own contact data there for me to get back to them. If they do then they’ll be leaving personal data (as defined by GDPR – General Data Protection Regulations – and will be doing so of their own free will.
My problem is that if data is stored in the EU, then GDPR says the data protection regime there is adequate (ie the server owner is bound by GDPR itself so GDPR is happy). However, America (for instance) is not felt to have adequate protection legislation so GDPR frowns on that. Thus, I need to know where the data will be stored.
The easiest way around this whole thing is to put a statement on the Contact Me page to say that data may be stored outside the EU and by posting personal data in your comments you agree to this. The greatest lie of the 21st century is “I have read the terms and conditions”, so that will probably work.
As much as anything, I want to see what WordPress are doing to ensure they help their many millions of customers to whom GDPR applies (and, given that it applies to anyone processing data relating to living people based in the EU – wherever the processing occurs, that’s going to be a large number of blogs/sites with personal data collection). There is a school of thought that says WP, as host, will be responsible for this themselves anyway, just as will FB, LI, Twitter et al.
Their response – or lack thereof – will also give me something to write up in the blog!
Thanks again, both of you.
Ian
-
Hey Ian,
As has been mentioned in the thread, we have data centres in various locations, so it isn’t possible to specify particular regions for data to be stored.
We are aware of the GDPR and are actively working on its implementation though, so that we are in compliance when it comes into effect.
Hopefully that clarifies things. I’m afraid I can’t give much more information for obvious reasons.
-
-
@ianwhitten and thanks for the more detailed explanation and example of the contact form.
Given that example, even submitting a comment (which provides you the commenter’s email address) seems like it would be subject to this regulation. So, yes, in the meantime it would probably be best to follow your own advice when you said,
The easiest way around this whole thing is to put a statement on the Contact Me page to say that data may be stored outside the EU and by posting personal data in your comments you agree to this.
This essentially is the same advice Staff gave regarding the EU Cookie Law prior to there being a EU Cookie Law widget. https://en.support.wordpress.com/cookie-widget/
@clickysteve also my thanks for the follow up.
UPDATE 2017 Oct 22 Since I cannot reopen this thread, I’m adding to this reply that there is now a Support Guide for GDPR which can be found at https://en.support.wordpress.com/automattic-gdpr/
-
- The topic ‘GDPR – new EU data protection regs’ is closed to new replies.
WordPress.com Forums 