GDPR or why am I getting so many privacy policy updates?


The European Union’s General Data Protection Regulation

1) What is it? 

The GDPR is a set of rules that aim to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. The EU has recognized that we’re living in a digital age and as such, need regulations that protect the data of their citizens.


2) Does it affect my site or sites in the US?

GDPR applies to any organization operating within the EU AND any organizations outside of the EU which offer goods or services to customers or businesses in the EU. That means that almost every major corporation in the world will need to be ready when GDPR comes into effect, and must start working on their GDPR compliance strategy.

Surprise (not really)! The go live date was May 25, 2018.


3) What do I need to do for my site?

At Zoto Labs, we’re built on WordPress and as of version 4.9.6 we are GDPR compliant. That said, if you allow comments on your site, allow users to be created or have a store then additional work may need to be done. Basically, if you collect and store any sort of Personally Identifiable Information (PII) then we need to handle it securely. The personal data includes: name, emails, physical address, IP address, health information, income, etc.


To me, it doesn’t matter if the end user is in the EU or not, this is just a great idea. I’m already going through my hosted client accounts and making adjustments as needed. There aren’t many because of the nature of my client’s sites.  I’m adding a general privacy policy like I already have on Zoto Labs if we’re only using WordPress. If we have a store, we’ll make sure our store plugin and payment processor is also compliant (they are).


4) What happens if we aren’t compliant?

The chances of someone complaining about one of our sites is…really small. This is not to say we won’t take it seriously but the EU isn’t trying to make life hard on websites and companies. They are concerned about things like the wide scale data breaches we’ve been seeing over the last several years. Even if a complain was made, there are a series of steps before any fines would be assessed.