Today, I was contacted by a friend who was worried about gathering data on her blog and the effects that the future European data protect act (DPA) would have on this. As I was writing my response I thought that would be good to share on my blog so here are some snippets from my response.
I take it you are referring to the European Union’s (EU) General Data Protection Regulation (GDPR) that will come into force in 2018 over-riding the UK’s own Data Protection Act. If the UK has not quit the EU before the GDPR is implemented then the UK will have to abide by it and even if the UK has left the EU, the UK may choose to adopt it or something similar anyway.
The GDPR does have an effect on the majority of websites as most websites use Google analytics (or similar) which means using cookies and storing things like the users IP address to see what country/region traffic is coming from. IP address will be classed as personal information so needs to comply with privacy laws. I think the deadline for compliance is in 2018 but I don’t have the exact date to hand.
The big issues are that the GDPR requires you to explicitly “opt-in” to cookies rather than what 99% of websites did when it first came into question with the last act in 2012 (I think), which was to implicitly opt everyone in unless they asked to opt out.
I knew that wasn’t in the spirit of the legislation and I opted for the explicit opt-in (which no-one did and my analytics suffered) so seeing as every other website went along the implicit route with a banner allowing people to opt out, I eventually went for the same.
Your site uses WordPress and as this change will affect a lot of websites, I’m confident that someone will come up with a solution. There is nothing automatically built into WordPress at the moment to cope with it but there are plenty of plug-in’s and if there is not one already like that then I’m sure it won’t be too long before there is one that copes with explicit opt-ins. I use a WP add-in at the moment for the implicit scenario but I could easily dig out my old explicit opt-in code and implement that in WP if no plug-in can be found. Whatever, everyone else does, we will all just follow but I wouldn’t expect to see any explicit cookie add-ins until nearer the deadline.
Your other question related to storing people’s names and emails. This can be accommodated by a WP plug-in although you might have to pay for it. There might be some free ones though. Under the current UK DPA you must provide any data you hold on a person if they request it and also must remove such data at their request. You’ll just have to consider than on the page where you are collecting the information and maybe the plug in will allow the user to self-administer it themselves. I think that sort of thing is probably why they charge for the plug-ins.
I hope that is of some help. I write again when I know more about what others intend to do about the upcoming European General Data Protection Regulations.