- Full Site Report for GDPR Compliance
- Plugin Audit for GDPR Compliance
- Determine and Report Data Being Stored
- Detail Who Has Access to Site Data
- Removal of Unjustifiable Information
- Review Site Security and Backup Plan
- Ensure Website Form(s) Compliance
- Create GDPR Consent Notice if Needed
- Create GDPR Compliant Cookie Notice
SEE FULL DETAILS BELOW
SERVICE COST IS PER SITE
Does GDPR apply to my WordPress site?
The answer is YES. It applies to every business, large and small, around the world (not just in the European Union).
If your website has visitors from European Union countries, then this law applies to you.
But don’t panic, this isn’t the end of the world.
While GDPR has the potential to escalate to those high level of fines, it will start with a warning, then a reprimand, then a suspension of data processing, and if you continue to violate the law, then the large fines will hit.
WHAT MAKES THIS SERVICE SO POWERFUL?
After four years of preparation and debate the GDPR was finally approved by the EU Parliament on April 14th 2016. Enforcement date is May 25th 2018 – at which time those organizations in non-compliance may face heavy fines. The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of users in the EU. It applies to all companies processing and holding the personal data of users residing in the European Union, regardless of the company’s location.
WHAT IS INCLUDED IN THIS DETAILED SERVICE ?
Full Site Report for GDPR Compliance
Our GDPR Specialist with complete an extensive review site to check for any GDPR non-compliance that needs fixed. All items will be organized for your viewing and you will receive a detailed report that you can have for your records.
Review Site Security and Backup Plan
This is a big of an extra cherry on top to this service as it is not fully required to meet GDP standards and policies. Our GDPR Specialist will review your website security and backup strategy to provide you will insight and tips improve.
Plugin Audit for GDPR Compliance
Our GDPR Specialist will identify any installed WordPress plugins that collect information and also the exact type of information they collect. You will also be given advise to remove any plugins that are not GDPR compliant and gather info that cannot be justified.
Ensure Website Form(s) Compliance
The majority of WordPress sites have at least one web form that collects user data. Our GDPR Specialist will make sure all opt-in or subscription type web forms are GDPR compliant for consent as well as CAN SPAM compliant.
Determine and Report Data Being Stored
GDPR is all about the protection of collected data from users to your site. Our GDPR Specialist will examine your site in detail and determine where the data is being stored and make certain it complies with GDPR standards and policies.
Detail Who Has Access to Site Data
Our GDPR Specialist will determine who has or can have access to stored information on your WordPress site. They will also determine how this data is being access or used. All of this information will be provided to you for review.
Create GDPR Consent Notice if Needed
In some cases with WordPress websites, a GDPR Consent Notice may be required to be in compliance with GDPR standards and policies. Our GDPR Specialist will create a GDPR Consent Notice for your site that visitors can reference if needed and keep you in GDPR compliance.
Removal of Unjustifiable Information
Our GDPR Specialist will make sure that any information that cannot be justifiable is removed from your site. This is critical to make sure you are in compliant with GDPR standards and policies. Removed data will be reported for your review.
Create GDPR Compliant Cookie Notice
Another requirement to make sure you are GDPR compliant is having your GDPR Compliant Cookie Notice in place. Our GDPR Specialist will create a GDPR Compliant Cookie Notice for your site that visitors can reference if needed and keep you in GDPR compliance.
GDPR FREQUENTLY ASKED QUESTIONS
[Credit for FAQs- EUGDPREU.org – View many more GDPR facts.]
WHEN IS THE GDPR COMING INTO EFFECT?
The GDPR was approved and adopted by the EU Parliament in April 2016. The regulation will take effect after a two-year transition period and, unlike a Directive it does not require any enabling legislation to be passed by government; meaning it will be in force May 2018.
WHO DOES THE GDPR AFFECT?
The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
WHAT ARE THE PENALTIES FOR NON-COMPLIANCE?
Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.
WHAT CONSTITUTES PERSONAL DATA?
Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
WHAT IS THE DIFFERENCE BETWEEN A DATA PROCESSOR AND A DATA CONTROLLER?
A controller is the entity that determines the purposes, conditions and means of the processing of personal data, while the processor is an entity which processes personal data on behalf of the controller.