Since May 25, 2018, the EU General Data Protection Regulation (GDPR) is enforceable. GDPR is a set of consistent rules for data privacy and applies to any website which visitors may be EU residents. This means for WordPress agencies, freelancers and website owners, who have not yet implemented the provisions of GDPR risks huge penalties by the supervisory authorities.
What is required?
Working with a cookie on GDPR:
In case your website uses any cookies related to processing or transfer of personal information, you need to:
- Inform which cookies are used and for what purpose.
- Provide the ability to select cookies that the user permits to install.
Third-party services and explicit consent
If you or third-party services that you use on the site, collect personal data of a resident of the EU (for example, third-party services that receive IP user), you must get the explicit consent of the visitor that he is not against these action. And also give opportunity for a site visitor to prohibit the collection of such information. To be considered as explicit consent, the visitor must make a clear positive choice.
You must inform people about where, why and how their data processed / saved. Any visitor has a right to upload his / her data as well as a right to ask to remove this data.