Have you worried about GDPR yet?

May 21, 2018

If you’ve used Facebook, Twitter, or literally any major service on the Internet, then you have been emailed regarding a change in their privacy policy for the upcoming GDPR. WordPress 4.9.6 recently addressed a number of GDPR-related concerns, but you’ll still want to make sure your organization is reviewing all of your data collection policies and procedures.

If your organization collects data from any European citizen, GDPR affects you!

GDPR stands for General Data Protection Regulation and is legislation passed by the European Union regulating how websites collect data, store data, and communicate with supporters. These regulations are officially going into effect starting May 25, 2018.

Catch Up On the Basics

First, here’s a quick primer for the vocabulary:

Consent: Organizations cannot have pre-selected authorization inputs on forms. Users should be able to revoke consent to their information after consent is given.

Breach Notification: In the event of a data breach, your organization must notify users within 72 hours of breach.

Right to Access: Users have the right to any of their personal data stored by a site. Your organization must provide the user with an electronic copy of data for free.

Right to be Forgotten: Users’ data can be erased and no longer used at their request.

Data Portability: You must allow for a user to obtain their data and transfer it over to different IT environments.

Privacy by Design: You need to make sure your organization is setting up infrastructural measures that protect user data.

Data Protection Officers: Professionally qualified officers must be appointed in public authorities, or organizations that engage in large scale (>250 employees) systematic monitoring or processing of sensitive personal data.

Then, you might want to check out this great video to get you up to speed:

Torque (a great site for WordPress information) also created this Beginner’s Guide.

And finally, here’s a GDPR checklist to help you at least make sure you’ve got your basics covered.

Clean Up Your Forms

Even if GDPR doesn’t seem to affect you, this is still a good time to review your data practices.

In addition to making these potentially required changes, the GDPR provides you with an opportunity for some spring cleaning! Optimize your forms for only the data you need and use in your program activities.

Here are some important questions to consider as you look at your website:

  • Under the GDPR, you can’t assume what a user wants; silent pre-checked  checkboxes or inactivity should not constitute consent.
  • Only collect the data you need. This reduces your exposure to risks.
  • Make things clear. Explain what data you’re collecting and why in your privacy policy.
  • Include tooltip or input descriptions on signup form fields.
  • Make sure you have an easy-to-access page for users to unsubscribe or delete their user account.
  • Find out what kind of user data is stored by any third party services you use, if any. Check to confirm that these third party services are GDPR compliant as well, and include this information in your privacy policy.

Think Creatively

Finally, after you’ve verified that you’re following the basic recommendations, take some time to review your site goals. How could you optimize your forms within the GDPR guidelines?

  • Should you un-check your opt-in checkboxes?
  • Would you like to customize your unsubscribe form to address GDPR concerns?
  • Could you display tooltip content with more descriptions on your form fields?
  • Could you use geolocation features to display different form fields to your supporters depending on where they live?
  • Are your privacy policies transparent and easily accessible?
  • Could your unsubscribe forms be easier to use and maintain?

Need some assistance? Contact us and let us know what kind of updates you’d like to see on your forms.

By Chelsea Bassett

Chelsea has over a decade of experience with progressive nonprofits, social change, and nonprofit technology, thanks to nine years working at Salsa Labs in technical support, product development, and marketing before joining the Cornershop team. Her passion for quality communication, authentic relationships, and creative nerds serves her well as project manager at Cornershop.