I’m officially on the getting ready for GDPR train at the moment.
It feels like a minefield and one that could easily blow up in my face.
How on earth do the EU expect the average blogger to understand what they need to do?
Although it’s not like every site complied with the cookie directive and the internet didn’t implode.
This time though it seems like it’s going to be taken more seriously.
So I’m going to try my best to put things in place and hope it’s enough.
Getting Ready For GDPR
GDPR is a bit of a minefield and a big headache.
I looked over several plugins on the WordPress repository and so far I haven’t made up my mind how I’m going to put things in place.
The plugins that I’ve tested didn’t fill me with a huge amount of confidence.
I see that WordPress 4.9.6 may go some way to helping people comply with GDPR.
Until they’ve rolled that out, I’m going to put some of my plans on hold.
But there’s still the question of cookies to be considered.
Completing A Cookie Audit
In terms of getting ready for GDPR, where once you could get away with implied consent for cookies, it seems that’s no longer the case.
Where a cookie involves personally identifiable data, the cookie shouldn’t be set until you’ve got permission for your visitor.
That’s not great for things like Google Analytics because it may mean no-one agrees to those cookies so you don’t get any information through.
It doesn’t stop with analytics cookies though. I’m currently going through the arduous task of doing a cookie audit.
Identifying cookies, categorising them and then isolating the ones which shouldn’t be set without a visitor’s permission isn’t easy!
Okay so I should have done this when the EU cookie directive first came in but at least I’m finally getting around to it.
Issues I’m Concerned About
What If I Miss A Cookie And It Gets Set Without Consent?
I’m not convinced I’ll pick up every single cookie that my site generates.
There’s also the small matter of actually being able to add code to my site to stop cookies being set before consent is gained.
Trawling through plugin code, finding where the cookie is set and then not breaking my site is obviously a concern.
You can’t specify that every cookie is required for your site to function because that’s not going to be true.
Is the alternative to delete the majority of plugins and only keep those which don’t set cookies that might interact with personal data?
I’m still looking for a plugin which would make this whole process more straightforward.
Plugins Being GDPR Compliant
A few weeks ago I decided to install Jetpack on my site.
Now I use it for everything from my contact and comment forms to social media buttons and visitor analytics.
The Jetpack contact form records messages in the WordPress database so I need to get permission to store that.
I’ve added a checkbox to the contact form to gather that consent.
My concern with that is I think people are supposed to be able to withdraw consent in the same way.
So they should be able to untick the checkbox once they’ve agreed to it. I haven’t found a solution yet.
Similarly with comments being held in the WordPress database, you need to get consent.
I’m guessing a checkbox might be the way to go again but as I use Jetpack comments, I can’t control that.
The email subscription module of Jetpack will also be affected.
Will You Be Ready For GDPR?
How are your preparations for GDPR going?
What are you planning to do to make your blog or website compliant?
Please let me know in the comments section below.