One of my customers approached me as they had a number of emails sent to them warning them of their website’s potential lack of compliance with GDPR. Some emails included examples of companies that had been fined due to lack of compliance. Scaremongering to generate business?
GDPR can be a complex beast, but the essential part is that if you do collect PII (Personally Identifiable Information) then you must give the user the option to opt out and the ability to remove the PII data you have collected. This is true for any data you collect, so cookies are only a small part of the steps you need to take for GDPR compliance.
The default deployment of WordPress we like to use, disables comments, does not use contact forms and uses Google Analytics to report on website usage. Disabling comments and not having website contact forms helps to remove the cookie consent complexity by avoiding collecting PII.
Google Analytics provides the option to use “IP Anonymization” which is easily implemented by installing the “Google Analytics Dashboard for WP (GADWP)” plugin and set “anonymise IPs while tracking” under “Tracking Code” -> “Advanced Settings”. IP Anonymization means you’re not collecting the IP, which is “personal data”.
If you wish to use Contact Forms or collect PII data, we recommend you do it outside of your website. Consulting Brain encourages the use of G Suite which comes with Google Forms where businesses can collect information and the consent required to store and use the data you collect. Examples of personal data can be found here.
Disclaimer : We are not lawyers. Nothing on this website should be considered legal advice. Due to the dynamic nature of websites, no single plugin or platform can offer 100% legal compliance. When in doubt, it’s best to consult a specialist internet law attorney to determine if you are in compliance with all applicable laws for your jurisdictions and your use cases.