The steps below are adapted from this short worthwhile video on GDPR compliance:
1) Get organized: do an inventory of any PII (personally identifiable information) data (electronic, printed, archived), etc. that you’ve already collected
2) Secure any data you’ve stored; what safety measures are in place? Document these steps.
3) Don’t collect (or keep) data you don’t need. Shred hard copies of data you no longer need.
4) Write an explanation of why you collect data for each method you use. Answer these questions:
- What info is being collected?
- Who is collecting it?
- How is it collected?
- Why is it being collected?
- How will it be used?
- Who will it be shared with?
- What effect will this have on your site’s visitors?
- Is the intended use likely to raise concerns, objections, or complaints?
5) Test and document a process to provide a site visitor’s data on request (within one month)
6) Test and document a process to delete a site visitor’s data on request (within 3 days)
7) Require all data collection to be explicitly “opt-in” (not selected by default, and definitely not ambiguous)
8) Make the “opt-out” process super easy (e.g. single click from each message); document how this process ensured data is deleted.
9) Share your understanding of GDPR with everyone responsible for your website’s content, interactions, and processes.
Here are some other resources for GDPR you may find helpful:
- List of free GDPR resources including a helpful infographic
- (short video) What is the GDPR?
- The European GDPR website
… and some other specific resources (some may not apply to you):
- GDPR Framework plugin
- GDPR Compliance plugin
- WPforms plugin – GDPR
- Yoast video about GDPR
- WooCommerce – GDPR
- Shopify – GDPR
- MailChimp – GDPR
- Constant Contact – GDPR
- MadMimi – GDPR
- GiveWP for non-profit donations – GDPR
- General Data Protection Regulation (GDPR) requirements, deadlines and facts
- GDPR in 5 minutes