Nevertheless, it is not as hard as it may seem at first sight. This article will explain to you why you need it and how to comply easily.
Many WordPress website owners assume that their websites are compliant with the GDPR, CalOPPA, CCPA, and other data protection laws just because WordPress complies with them. They assume that Automattic, the company behind WordPress, does the job for them. That is simply not true.
Data protection laws require compliance by data controllers, i.e. from businesses. Each business is responsible for the data they collect and process.
Your business and WordPress are two separate businesses. Therefore, WordPress compliance does not automatically mean your business’ compliance, despite the fact that your website is built on its platform.
The WordPress Terms of Service, on the other hand, affect your business. The Terms of Service are the contract between you and WordPress. It serves as a legal basis for the provision of WordPress services to you.
Section 7 of the Terms of Service (General Representation and Warranty) explicitly require you to comply with the data protection laws applicable to you.
The following short summary will give you an idea of what you need to include, depending on the laws applicable to your business:
GDPR and ePrivacy
- The categories of personal data you collect
- How you collect data
- Why do you collect data
- With whom you share data and the purposes of sharing
- Data subject rights and how to exercise them
- Data retention information
- Data transfer information
- Information on children’s information, if applicable
- Information about the Data Protection Officer, if any
- Your contact information
CalOPPA and CCPA
- The categories of personal information collected and/or processed
- The third parties with whom you share the personal information
- How you respond to “Do Not Track Signals”
- Disclose whether other parties may collect personally identifiable information about an individual consumer’s online activities over time and across different Web sites when a consumer uses the operator’s Web site or service, or provide a link to an explanation about that.
In addition, if your business meets the applicability thresholds for CCPA, then it has to contain the following:
- Information on consumer rights
- The methods designated for submitting consumer requests, as well as consumer verification methods.
- A list of the categories of personal information it has collected about consumers in the preceding 12 months, as well as categories of sources of information.
- If your business discloses (shares) personal information with third parties or sells personal information, then:
- For businesses that process personal information of more than 10 Million consumers, the metrics about the received and answered consumer requests
- Information on the sales of personal information of consumers under 16 years of age, if any
- Contact information
- Date of the last update of the policy
- The specific purpose of processing data
- Type and duration of the processing
- Identity and contact information of the controller
- Information about who the data is shared with and why
- Responsibilities of the agents that will carry out the processing
- The data subject rights
You have to show the link to the privacy at the moment of data collection as well as a link on the homepage. It has to be written in plain language so that the average internet user would understand easily what you do with their personal data.
There are three ways in which online businesses get privacy policies for their WordPress websites, and not all ensure compliance.
Want to try
Get your free cookie banner up and running today!
That also interest you
What are the International Privacy Laws and how to comply with them?
What are the international privacy laws? Do they differ around the world? How to handle legally data internationally? Find out here!
What are cookies? Learn how they work on your website here!
Cookies for a website are usually a complicated subject. It doesn’t have to be like that. Learn about cookies, HTTP cookies, and third-party cookies here!