Unless you’ve been living under a rock, you’ve probably heard of the impending General Data Protection Regulation (GDPR) coming into effect on 25 May 2018.

You’d be naïve to think that the new regulations only impact large corporations. ANY business – no matter whether you are a sole freelancer or a global company – need to be GDPR compliant. If you fail to meet the new regulations enacted by the EU, you can face a serious fine.

What is GDPR?

In a nutshell, GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union. It aims to give control back to citizens over their personal data.

Businesses hold personal data for a variety of reasons, but the new regulations mean that full consent must now be given from the user in a way that isn’t misleading or confusing.

If you have a WordPress website, there are certain steps you can take to ensure you meet the new guidelines.

WordPress and customer data

Some of the ways you might be collecting data from your website visitors include user registrations, contact form entries and security tools. The new regulations mean that you must be able to provide users with complete transparency about how you are processing and storing the data captured.

GDPR also gives users the right to be forgotten and, in this case, they are able to withdraw consent for their personal data to be used and erase any data previously stored.

As a result, it is best not to keep unnecessary data about your users and to pay particular attention as to how and where the information is stored.

Keeping your customers safe

GDPR creates a legal requirement to assess and monitor the security of your website on a regular basis to prevent your customers’ data being compromised. To keep your WordPress site secure you should consider layering your security so it becomes more difficult for hackers to gain access. Some of the ways to do this include adding firewalls, obstructing your login page and two-factor authentication. You can read more about ways to improve the security of your WordPress website here.

What happens is a data breach occurs?

WordPress, like any other CMS, is vulnerable to data breaches. To ensure your users’ data isn’t copied, transmitted, viewed, stolen or used by another individual, you need to make sure you take the security of your site seriously.

Under the GDPR, a notification must be sent to affected individuals within 72 hours of first becoming aware of a breach. You must have processes in place to account for this possibility.

Failure to meet any of the new regulations can cost you up to EURO 20m – a huge hit on your bottom line and something which can be easily avoided by assessing how your business handles customer data and putting appropriate mechanisms in place.

WP Tech Support’s holistic, preventative approach to protecting your WordPress website will ensure you’re less likely to suffer from a data breach. Take a look at our monthly payment plans to find out how we can help improve the security of your WordPress site to bring peace of mind to you and your customers.