Nevertheless, it is not as hard as it may seem at first sight. This article will explain to you why you need it and how to comply easily.
Many WordPress website owners assume that their websites are compliant with the GDPR, CalOPPA, CCPA, and other data protection laws just because WordPress complies with them. They assume that Automattic, the company behind WordPress, does the job for them. That is simply not true.
Data protection laws require compliance by data controllers, i.e. from businesses. Each business is responsible for the data they collect and process.
Your business and WordPress are two separate businesses. Therefore, WordPress compliance does not automatically mean your business’ compliance, despite the fact that your website is built on its platform.
The WordPress Terms of Service, on the other hand, affect your business. The Terms of Service are the contract between you and WordPress. It serves as a legal basis for the provision of WordPress services to you.
Section 7 of the Terms of Service (General Representation and Warranty) explicitly require you to comply with the data protection laws applicable to you.
The following short summary will give you an idea of what you need to include, depending on the laws applicable to your business:
GDPR and ePrivacy
- The categories of personal data you collect
- How you collect data
- Why do you collect data
- With whom you share data and the purposes of sharing
- Data subject rights and how to exercise them
- Data retention information
- Data transfer information
- Information on children’s information, if applicable
- Information about the Data Protection Officer, if any
- Your contact information
CalOPPA and CCPA
- The categories of personal information collected and/or processed
- The third parties with whom you share the personal information
- How you respond to “Do Not Track Signals”
- Disclose whether other parties may collect personally identifiable information about an individual consumer’s online activities over time and across different Web sites when a consumer uses the operator’s Web site or service, or provide a link to an explanation about that.
In addition, if your business meets the applicability thresholds for CCPA, then it has to contain the following:
- Information on consumer rights
- The methods designated for submitting consumer requests, as well as consumer verification methods.
- A list of the categories of personal information it has collected about consumers in the preceding 12 months, as well as categories of sources of information.
- If your business discloses (shares) personal information with third parties or sells personal information, then:
- A list of the categories of personal information it has sold about consumers in the preceding 12 months
- A list of the categories of personal information it has disclosed about consumers for a business purpose in the preceding 12 months
- Categories of third parties to whom the information was sold or disclosed.
- For businesses that process personal information of more than 10 Million consumers, the metrics about the received and answered consumer requests
- Information on the sales of personal information of consumers under 16 years of age, if any
- Contact information
- Date of the last update of the policy
- The specific purpose of processing data
- Type and duration of the processing
- Identity and contact information of the controller
- Information about who the data is shared with and why
- Responsibilities of the agents that will carry out the processing
- The data subject rights
You have to show the link to the privacy at the moment of data collection as well as a link on the homepage. It has to be written in plain language so that the average internet user would understand easily what you do with their personal data.
There are three ways in which online businesses get privacy policies for their WordPress websites, and not all ensure compliance.
Do You Really Need A Cookie Preference Center? Here's What You Should Know
- Cookie Consent
Understanding the Key Differences Between GDPR And CPRA
As the world of data security and privacy evolves, it is important to stay abreast of the latest developments. This article will examine the key differences between the EU's General Data Protection Regulation (GDPR) and California's Consumer Privacy Rights Act (CPRA). Learn how these two privacy regulations interact with each other and how their requirements might affect your business.
- Data Protection
Prepare for a Cookie-Free Future: A Look at Third-Party Cookies in 2023
This blog post will look at third-party cookies in 2023 and how marketers can prepare for the upcoming shift. We'll talk about the effects of browsing without cookies, new technologies that could replace them, and ways to keep your marketing efforts effective in a world without third-party cookies.
- Cookie Consent