Sharing personal information online became normal years ago. Chances are that almost every website ranging from small businesses to high-end corporations all have access to personal data. That’s okay unless they violate the most important data-privacy law of the decade – GDPR.
Non-compliance can be disastrously expensive for companies. In fact, corporate giants like Amazon face billions of dollars’ worth of lawsuits, showing just how ruthless GDPR is, not just for EU-based businesses but also for global companies that sell products and services to EU-based citizens.
GDPR affects most websites and their developers, including your Divi website. Here’s what key factors you should always pay attention to if you want to maintain your Divi GDPR compliance.
Disclaimer: We are by no means attorneys or legal GDPR advisors. The following advice comes strictly from our experience and educated work. From a legal perspective, for implementing GDPR regulations to their full extent, please consult with a legal solicitor before starting your online business with a Divi website.
Within GDPR, consent is defined as:
“Freely given and informed indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”.
According to regulation’s article 7, the following conditions are critical for the consent to be valid under GDPR:
- It needs to be given freely.
- Its purpose needs to be specific.
- It needs to be unambiguous.
- It needs to be given by a clear act.
- It needs to be unmistakable.
- It needs to be openly accessible.
Keep in mind that consent is not only about what you say on your Divi website. More importantly, it’s about what you do. You should not set the cookies consent popup unless you know that users can trust in what you do for them first.
2. Personal Data Handling
As you’re aware by now, GDPR applies to any website that collects EU citizens’ personal data. This means that if you’re running a Divi website and at least one of your web visitors resides in the EU, GDPR applies to you.
If your Divi website is operating on a different continent, don’t be tempted to disregard GDPR. You could be punished for breaching the rules, regardless of your location and target market.
For instance, there’s a 2% fine from your global annual revenue for not disclosing any data breach or a 4% penalty for not asking the users for their consent when attempting to collect their data.
Every user must have the right to access his/her own information you own about them. Users should have the right to ask you to delete their accounts and any related data on your Divi website. If your data management system is not safe, you will be held responsible.
3. Right to Access
Users’ right to access their data is at the heart of GDPR. As a Divi website owner, you’re responsible for any personal data that you process on your website. Your website visitors and subscribers should have the right to obtain the following information from you:
- Confirmation if their data is being processed.
- A copy of their data being processed.
- Any additional info about them that you process.
As a data controller, you should respond to the data access request immediately and in the manner in which the request was made.
4. Third-Party Contracts
As a business, you need to implement every technical and organizational requirement to ensure that your Divi website stays GDPR compliant. You are also responsible for ensuring that each of your third-party service providers implements GDPR measures with equal force.
DPR requires businesses explicitly to use only third-party contractors that guarantee compliant data processing and privacy for the users. The following are all binding components that you need to include when making a contract with third-party services for your Divi website:
- Service: Subject, duration, and data-processing objectives.
- Elements: The type of personal data that is going to be processed.
- Responsibilities: The service provider’s rights and duties.
- Authorization: Acting according to the rights and duties.
- Confidentiality: People responsible for data processing subjecting to privacy.
- Security: Implementing appropriate data security measurements.
- Records: Maintaining proper data processing records.
- Validation: Providing valid proof to demonstrate GDPR-compliance.
In today’s world, data is the most valuable currency. Sure, GDPR can represent a significant challenge when conducting business through your Divi website, but it also opens new opportunities for you.
If you value people’s data and privacy, and you’re transparent about how you use their data and how your third-party service providers manage customer data. In that case, you’ll definitely build more trust and retain your loyal customers.
We urge you to devote more time and resources to understanding each aspect that affects how your Divi website stays compliant under the GDPR rules, and we hope that this article is an excellent way to get you started.
Do you have any other questions regarding Divi, GDPR, or WordPress? Please drop us a comment! We’ll make sure to respond, or maybe even write a new article about it.