General Data Protection Regulation (GDPR)

Your customers’ names, email addresses, phone numbers, locations, credit card information, and other data that you collect about your customers. From now on, you must have a clear justification for collecting and storing it, and you must explain the processes through which you process this data, with your customer’s approval, and make sure he knows where, how, and why. Collect this data, otherwise your business could suffer huge penalties!

This is what the General Data Protection Regulation, which was enacted by the European Union to protect the data of its citizens, dictates to you. Have you heard of this regulation before? Do you think now why we are talking about it in an article here? What is its relationship to your business?

Well, we will answer these questions one by one in this article. 


Definition of the General Data Protection Regulation (GDPR). 

The European Union issued a long list of laws amounting to 88 pages, which were proposed and discussed during the years 2016-2018 until they were issued in their final form. It is a set of laws that protect European Union citizens from misuse of their personal data.

What is meant by personal data? Information that may lead in some way to identifying a specific person, such as name, bank data, race, gender, and many others, is considered private information and citizens have the right to fully control it and not allow it to be used except within the scope they accept, so this was the General Data Protection Regulation. 

As long as this is the right of your customers, violating these laws will directly affect your business activity, as the penalties for paying up to 4% of the company’s annual income may lead to bankruptcy, and this is not the only punishment, of course, and whatever the punishment is, this is what we do not want for website owners. In order to contribute to avoiding these penalties, this article was written. 

List and owners of Arab websites

You may be wondering, as long as it protects European Union citizens, do you, as an Arabic website owner, have to take care of this regulation and take it seriously? Or is it something that does not concern you? 

If you have visitors who are citizens or residents of the European Union, or if you aspire to be global, you allow payment on your site in the European currency or provide a copy of your site in one of the European languages, and if you deal with a company in the European Union countries using data processing and analysis services, and even if this company is outside The European Union, but it has adapted its site to the regulation, is something that will help you completely, and you should never neglect it, and you must make your site compatible with the regulation to avoid any penalties or fines that have unfortunate consequences.

Google Analytics, for example, has changed its policy to comply with the rules of the regulation, and therefore many sites that use Google Analytics will be required to change their policies in order to be able to benefit from the services to the fullest. 

The most important items of the list

We must first clarify the most important provisions of the regulation that directly affect your business activity, and what your obligations are in relation to them, which are as follows: 

  • Clear consent: This is a proven, confirmed, and indisputable consent that the site owner takes explicitly from the data subject, who is the site visitor, in exchange for collecting, saving, and using the data in specific written and documented forms.
  • The data subject has the right to download all his data, or delete it if he wants to stop his subscription to your site. 
  • The data subject or visitor has the right to know how the data is protected. For example, he can know how to encrypt the data and ensure that it is properly protected. 
  • Parental consent if you are handling data from people under 16 years of age. 
  • The data subject has the right to know about any data breach within 72 hours, and to inform the competent authorities of this breach. 
  • Data can only be used for the purpose for which it was collected and is securely deleted after it is no longer needed. 

WordPress and its related sites, such as the WordPress blog, the WordPress community site, the WordPress template store, and the e-commerce site WooCommerce, are among the sites that have been affected by the General Data Protection Regulation, despite their presence outside the European Union. Therefore, of course, you, as the owner of a website or even a blog on WordPress, will have to be affected by the regulation. Therefore, serious steps must be taken to make your website or blog conform to the rules of the regulation to avoid undesirable fines. 

How the site fits into the regulations

 Now things have become clear, and we are aware of the importance of the regulation, the extent of its impact on our websites created on WordPress, and the consequences of violating its rules. How will we be able to adapt our sites to the regulation?

Due to the differences in sites and the data that is collected and stored, the means of adapting a site to GDPR rules vary depending on the nature of the site. Fortunately, WordPress version 4.9.6 is compatible with GDPR rules, so you will have to make modifications as required by the version. Among the improvements that WordPress has taken in this area are: 

  • Comment approvals box: When commenting anywhere on a WordPress site, the commenters’ information, such as their names and email addresses, is stored with the site owner, so WordPress added an option for commenters to allow or not allow the site to store this information through a mandatory check box upon each comment. 
  • Privacy Policy Templates: It is a set of templates that include the basic parts of the privacy policy that comply with the rules of the General Data Protection Regulation (GDPR), and you can also customize them and add what you find appropriate for your site’s needs in compliance with the GDPR. 
  • Data management features: You can give users greater control over their personal data, as they can download and delete their data whenever they want. You can find it through the (Tools) tab in the main control panel, then (Export/Clear Personal Data).
  • Availability of new plugins: WordPress has added plugins that help website owners comply with GDPR rules based on differences in the data they store, which cannot be met by WordPress updates alone. 

As we said, WordPress self-updates alone are not sufficient for GDPR approval, and we must need additions that contribute to this purpose, and the additions are many and you may be confused between them, so we will talk here about the most important of these additions from the writer’s point of view, which does not necessarily mean that they are the most important in the entire field, and then we will learn How to install one of them. 


The most important GDPR additions

When searching among the add-ons for the GDPR abbreviation, we will find these add-ons in the first results, so we will talk about them one by one, and we will install the add-on (Cookie Notice & Compliance for GDPR / CCPA).

  • Complianz – GDPR/CCPA Cookie Consent : This add-on takes full care of cookies, allowing the display of a notification that gives the user the options of accepting and rejecting the use of cookie data, in addition to additional options for consent based on classification. You can also create a cookie policy from scratch using an easy wizard. With the help of an IT law firm, periodic cookie scans are conducted. 
  • CookieYes | GDPR Cookie Consent & Compliance Notice (CCPA Ready) : It is currently operated by more than a million users, and this certainly indicates its efficiency. It gives users high control over cookie data, as it provides options to approve and reject the use of cookie data, and through it you can view all files. Identify the cookies that your site uses with high organization and accuracy, and you can design cookie notices that suit your site in terms of font, colors, size, etc. 
  • Cookie Notice & Compliance for GDPR / CCPA : Active installations of this add-on reach over a million, and it provides a new framework for taking user consents based on the latest updates to laws from more than 100 countries around the world, to always keep you safe in compliance with the laws.
  • GDPR Cookie Compliance (CCPA ready) : This add-on shares with its predecessors the provision of a completely customized design based on your site for the cookie data notice, and increases the ability to reset settings and revoke consent, and gives you a link to the privacy policy site so that the user can know what cookie data is being used, in addition to the ability to Download it on mobile devices.

After learning about the most important add-ons that help in complying with the rules of the GDPR, let us explain practically how to install one of these add-ons. As we mentioned, all add-ons share the basic role that they play in complying with the laws of the regulation, and the installation of any of them remains available to you according to your personal preference, and here we will install an add-on. (Cookie Notice & Compliance for GDPR/CCPA) due to its ease of setting and due to its high rating by its operators.


Using the Cookie Notice & Compliance for GDPR/CCPA add-on

We first go to your control panel window, then click on ( Add-ons ). The previously existing add-ons window opens and we click on ( Add New ) located at the top right of the screen. 

Obviously, a window will appear for us containing the latest additions, and we will search for the required addition in the search box located at the top left of the screen, where it will appear to us quickly. Then we simply click on ( Install Now ) next to the addition, and we wait a little while, then we are given the option to activate, so we click on ( Activate ). Which will replace the box ( install now ). 

After activation, the site will take us to the installed add-ons window, and the add-on will be among these add-ons, and this indicates the success of the installation and activation processes.

After installing the add-on, it will appear in the sidebar under the settings, and when you click on it, it will conduct a quick test for us on the site and its degree of compliance with GDPR and CCPA rules. In our case here, it appeared that compliance with the rules is incomplete, but this does not prevent us from setting up the add-on for our site. You can bypass it by choosing (skip for now). ) and register whenever you want, and this problem may not appear to you at all, and this is what we hope for you. 

Moving to the bottom of the screen, we will find the settings for the add-on that we will work on. We will first find the message box, which is the message that will appear to site visitors within the cookie notice, informing them of your use of cookie data, and you can formulate the message as you wish. It is recommended that the message be direct and unambiguous. There is no ambiguity, as it informs the visitor of the need to use the data and asks him for permission to use it. 

Followed by ( Button text ), which is the box that will appear to the visitor within the cookie notice. The visitor gives you consent to use his data by clicking on it and the notice disappears.

We come to the next important section, which is the privacy policy option. It is a button that also appears within the cookies notice for visitors and takes them to your privacy policy page when they click on it, so that they are more informed about your policy and your uses of cookie data, in addition to including topics about General Data Protection Regulation rules and other security policies. 

Its settings appear when activated by placing a check mark in the check box corresponding to it, and they are as follows:

1- The sentence or word that you want to place above the button, and it is most appropriate that it expresses what the page contains, so it is usually the Privacy Policy. You can change it, of course, if there is another expression that suffices for the purpose, and we will leave it as it is. 

2- Here you choose which page you want to send the visitor to when he clicks on the (Privacy Policy) button prepared a moment ago. Either send him to a specific page on your site, or to a link designated for this purpose that is not present on the page. 

3- This option depends on your previous choice. If you choose a specific page link (Page Link), it will make you specify which page of the site you want to direct the writer to. If you have designed a page to display the privacy policy on your site, select it. You can also choose to synchronize the privacy policies of the page. With the WordPress Privacy Policy page.

If you choose (Custom Link), a box will appear for you to write the link in and save it. 

4- The (_self) option allows the privacy policy page to be opened in the same current tab when clicking on the privacy policy button, while (_Blank) allows the page to be opened in a new tab. 

5- Finally, you can choose how to display the notification, either in the form of a message that appears somewhere on the site page, or in the form of a banner that appears either at the bottom or top of the page. 

After completing the privacy policy settings, we will move to the option of giving the visitor the right to refuse the use of his data by you. You can write whatever expresses your refusal as you wish after activating it by placing a check mark next to it. It is recommended to activate it to give the visitor greater confidence and freedom to choose. 

The addition provides the option to revoke consent even after clicking on the consent button. In order for this feature to work, you must activate the previous option (Refuse consent). You can write the text of the message you want to send to the visitor, informing him of the availability of this option, then choose the word that will appear above the Refuse consent button. Then choose how to display the retract consent button, either within the notification or manually using the shortcut [cookies_revoke], preferably automatically displayed within the logo. 

Followed by the script unit, which is a combined programming sentence that works as a single unit that may act as a link between your site and other sites, such as Google Analytics, so that it is provided with the programming sentences from Google and places them in the (head) or (body), to allow Google to access and analyze your stored data. Then display it to you, which is advanced settings for programmers. 

Next comes the option to reload the page after the visitor agrees to your use of his data. Whether or not he chooses depends on the nature of your site or your design. Then come the options for obtaining consent from the visitor, which are actually devious methods and are not recommended to follow because they are not direct and may occur unintentionally or consciously. The visitor, which is either through browsing (on scroll) after a certain number of pixels that the visitor browses, or obtaining consent when the visitor clicks anywhere on the page (on click). 

The expiry of consent (accepted expiry) refers to the period of time for which the data of visitors who agreed to use the data is stored, and the period starts from one hour to infinity. As for the expiration of no consent (rejected expiry), it refers to the period of time for which the data of the visitor who did not agree to use the data is stored. Its data, and you can choose where the add-on text appears, either in the header or in the footer. You can also disable the add-on, which will result in deleting all of your stored data in the event of deactivation.

At the end of the settings, we reach a section for designing the shape of the notification. You can specify its location on the page at the bottom (bottom) or at the top (top), and then choose how to display the notification dynamically. Either it is displayed on the screen with a sliding motion (slide) or by disappearing (fade). Or without any movements. 

Then you can choose the appearance of the button, so it is either dark, light, or without an appearance. To allow greater customization of your notification, you can set a unique format through the CSS class, then choose the color of the text of the notification message, then the color of the notification bar, and specify the degree of opacity for the bar so that the less opacity it becomes transparent. What’s behind it becomes more apparent. 

After you have finished adjusting the settings and ensuring they are correct, you will save the changes you made, and the following message will appear to you after clicking Save at the top of the screen. 

Conclusion

Here we have completed our talk about the General Data Protection Regulation, its impact on WordPress users and the importance of complying with its rules. Then we went on a tour of the most important plugins that greatly help in complying with the general data protection rules for users, and we shared with you how to install one of the most important plugins that provide this service, As we mentioned previously, full compliance with the General Data Protection Regulations.

It may be somewhat complicated and may require you to hire a lawyer, take serious legal advice, and work on implementing it little by little, but installing these add-ons may help in this very well, so we hope that it will be a useful and interesting article.

Avatar photo
I am a young man who has been working in WordPress and e-marketing for 10 years. I would like to share my experience with you so that we can become professional in WordPress I will be happy to share the experience with you.