Undoubtedly, Internet’s stellar development brought us immense progress in web technologies. However, it has also brought the most notorious data violations in the last years. Just ask Facebook!
Enter GDPR (General Data Protection Regulation), the ultimate data privacy regulation for everyone within the EU, officially in force as of May 25, 2018, as arguably the most critical privacy change in the last two decades!
With 41% of the web running on WordPress, and over 2 million live websites using Divi, GDPR compliance is a must if you want your site to thrive within the marketplace.
In that regard, if you’re yet to develop your website and you haven’t implemented any GDPR rule, by the end of this article, we’ll make sure that you’ll pay attention to every GDPR aspect of your Divi website. Let’s get started!
WordPress and GDPR Requirements
The primary purpose of GDPR is to provide EU citizens with complete control over how they exchange and share their data, setting heavy penalties to businesses that do not respect the rules that the regulation imposes, up to 4% of the company annual’s annual revenue OR 20 million euros!
GDPR is mandatory for every business worldwide, especially if your website has web visitors from the European Union. The fundamental GDPR pillars that you need to know about before prepping your Divi website are:
- Unequivocal Consent: EU citizens’ personal data must be collected with their specific and explicit consent. For example, you can’t send people an unsolicited email without them agreeing to give you their email address via a specific opt-in for the purpose.
- Data Privileges: Your website visitors must know how their data is stored and used by your website. Additionally, you need to allow them the right to download their data or to have their information deleted from your database on their request.
WordPress puts immense importance on users’ privacy, committing to operating according to GDPR rules. The vast WP and Divi community help website owners in their efforts of transparency towards the visitors and how their data is processed.
The official GDPR requirements might sound intimidating, but they’re not insurmountable if you prepare well in advance. If you wonder what it takes for your Divi site to be ready for GDPR, we hope that you’ll be much more confident about the entire process by the end of this article.
Disclaimer: We are by no means attorneys or legal GDPR advisors. The following advice comes strictly from our experience and educated work. From a legal perspective, for implementing GDPR regulations to their full extent, please consult with a legal solicitor before starting your online business with a Divi website.
What Type of Data You Collect?
Understanding what type of data you’ll process and where on your website is fundamental for preparing your Divi website for GDPR consent. A live website could collect data via web forms, cookie consent checkboxes, online payments, blog comments, and subscriptions.
A lot of the data that you can collect is not limited to name, surname, and email only, such as IP addresses and device-specific cookies. There’s also data collected via third-party providers that help you facilitate your services, such as payment gateways, email marketing apps, or embedded content.
Ensuring that third-party service provides adhere to the GDPR rules is mandatory if you want to keep potential customers safe.
On our Privacy Policy page, besides detailing the type of data we collect and how we use it under the GDPR regulations, we also outline what service providers we use and how they’re obligated to protect users’ data.
Is Your Privacy Policy Up-to-Date?
When it comes to GDPR compliance, the gold standard you need to stick to is collecting only the required data and nothing else. Of course, every information can be important. But, before updating your privacy policy, consider if the users’ data is indispensable for your business.
Thus, if you’ve already collected any excess data that you no longer need, or worse, data you don’t have permission for, delete it at once! People’s personal data shouldn’t stay longer than the purpose you’ve acquired it for.
Ensure that you’re fully transparent towards your site visitors and customers. Everyone needs to understand what type of data you collect, how you’ll use that data, how long, and what for.
Don’t forget to allow users to access the information you’ve gathered from them in case they want to validate that you’re fully transparent or want their data removed entirely from your Divi website.
Are Your Cookies Sorted Out?
Nowadays, there isn’t a professional website that doesn’t use cookies! Each time a visitor opens a website, the cookie consent checkbox always appears, and the cookies are stored in the browser to gather on-site behavior and statistical data.
As we said previously in this article, any third-party integration such as AdWords, YouTube, or Google Analytics could gather users’ data on its own, performing that via cookies in the process.
The various cookies you plan to use for your Divi website must be distinctively defined and outlined within your privacy policy. It all comes down to consent. Will you provide users with the option to accept cookies as they navigate your website?
The usage of cookies must be disclosed to the users when they visit your website for the first time. Luckily, we have the plugin that can help – Divi Areas Pro, the ultimate Divi extension!
With the Divi Areas Pro plugin, creating cookie notices is effortless, and if you’re already familiar with it, it will be a fairly straightforward process for you!
Is Your Divi Website Encrypted?
GDPR compliance is all about security, and this is where web encryption steps in. To keep your Divi site secure and prevent GDPR infringements, implementing site encryption by moving from HTTP to HTTPS protocol is a must.
When it comes to encryption, there are two main aspects that you need to pay attention to: web traffic and data storage. As of 2018, Google labels every non-HTTPS website as not secure, and the word ‘encryption’ is mentioned several times throughout the entire 200+ pages GDPR regulation.
An SSL certificate, a security protocol working on top of HTTPS, is a critical measurement to set up for GDPR compliance, especially if you want to sell products with your Divi website.
It provides your website with an extra layer of security by transferring data such as payment details via an encrypted internet connection, making it inaccessible to hackers, giving potential customers peace of mind when opening your site.
Wrapping Up
As you’ve learned by now, GDPR is massively important! If you haven’t done anything to make your Divi website GDPR compliant, we encourage you to do your due diligence now and ensure that your site adheres to every rule of the regulation.
Without a doubt, implementing GDPR on your website can be challenging. But remember that by complying with laws, you’re also creating a better experience for your target users. Moreover, you ensure that your website visitors’ data is safe!
Do you have any other questions regarding Divi, GDPR, or WordPress? Please drop us a comment! We’ll make sure to respond, or maybe even write a whole article about it.