People worldwide, including visitors to your WordPress website, are more concerned about their privacy than ever before.
Critically, online privacy differs from its conventional counterpart in that individuals are concerned about the use of their data. As a result, some seek total anonymity, while others simply like to operate online with their details stored securely.
From giant conglomerates to the smallest publishers, WordPress website owners have legal and ethical responsibilities regarding data protection. Unfortunately, just as Microsoft Windows, the most popular operating system around, is the primary target for viruses, WordPress websites are the focus of those looking to steal online personal data.
Even if you only collect data through cookies or other hands-off tools, the responsibility remains. Therefore, we’ve put together the four most essential considerations to ensure the protection of visitors to your website.
1. GDPR Compliance for EU Visitors
General Data Protection Regulation (GDPR) is privacy legislation from the European Union outlining seven fundamental principles concerning personal information. These guidelines outline the need for fairness and transparency, storing as little information as possible and ensuring everything collected is accurate, among other things.
There is no US equivalent at the time of writing. Some commentators believe that enacting something similar in the US would be incredibly difficult.
However, while the EU created the relevant laws and documentation, they’ve extended globally. Therefore, any website that provides access to EU users must comply with the regulations.
When the rules first came into force back in 2018, several prominent websites promptly shuttered access for European visitors. While the LA Times and Chicago Tribune are now available to those visiting from the EU, they were among the biggest names to block visitors from the continent.
Visitors could conceivably use a VPN to falsify their location, but that is considered wilful circumvention, and it is no longer the website’s responsibility.
2. Data Security on Your Hosting Server
Data varies in importance depending on the nature of the website involved. For example, many sites focus primarily on revenue from display advertising and affiliate marketing. In these cases, the bulk of the responsibility lies with third parties that facilitate these services.
However, site owners have a duty to look after all data in their possession. If it’s stored on your website’s server, that makes it your responsibility. Even if that only amounts to usernames and passwords, it’s vital to demonstrate a willingness to keep that information secure.
Fortunately, the same steps that protect websites from general hacks and attacks should be sufficient to cover any data stored behind the scenes.
The chances are that you’ve already taken steps to create regular backups and ensure that nobody can gain unauthorized access through the login page. If you only store relatively minor and unidentifiable information, that should be enough.
Of course, if you run an online store or somehow go beyond essential data collection, you’ll have to increase security accordingly. We’ve covered securing your online WordPress store in the past.
It’s hugely important to demonstrate that you’ve taken steps to protect your visitors in the event of a breach, so ensure your efforts are proportional to the potential threat.
3. Managing User-Generated Content
If you operate a WordPress website, the chances are you know all about the importance of user-generated content. However, even something as simple as utilizing built-in WordPress functionality like comments and trackbacks counts, and every effort should be made to track any information provided in this way.
Concerns around this content extend beyond data protection. So naturally, any names, email addresses, and other data you collect through this process are subject to the same requirements as to when such information is collected in different ways.
However, there remain legal implications around the content itself. Thus, even something as simple as ownership of user-generated content is subject to debate.
Over the years, the entire concept has been plagued by challenges and, in some cases, double standard. For example, when someone posts something unsavory to a website, those sites are often quick to assert that they are not responsible for what others post on their platform.
Conversely, when they want to make further use of content posted on their platform beyond its original intention, they claim ownership.
Specific legal guidance is hard to come by in that respect. However, there is something to it when the likes of YouTube and Facebook employ vast armies of people to monitor the content posted to their websites.
In terms of your WordPress websites, which are probably significantly smaller than those social behemoths, you can alleviate most issues by using a terms and conditions policy.
Such is the issue’s scale that if you use a modern template for your terms and conditions or a generator for the purpose, it will probably include everything you require as standard. However, with that said, it always makes sense to ensure that you have read through and understand your own terms before allowing them to govern your site and its operations.
Unless your site thrives on anonymous submissions, one of the most effective means of protecting yourself from liability is to forbid anonymously provided content. This does, of course, result in more data to store and safeguard as everyone will need to verify their accounts. However, the ability to trace the originator of any non-compliant content is an incredibly handy tool to have in the event of a dispute.
4. Email and Other Marketing Techniques
Online marketing has long been at the forefront of online data protection and privacy concerns. Many of us remember the CAN-SPAM Act of 2009, one of the first legally enforceable measures in the world favoring privacy and data protection.
The act also helps to demonstrate some of the potential pitfalls of ignoring responsibilities. For example, in 2016, a Las Vegas resident nicknamed the “Spam King” was jailed for two and a half years. His ploy involved accessing Facebook accounts before utilizing related information like usernames and passwords garnered from his initial access to continue an illicit promotional campaign.
Now, that’s not to say that you should spend half your life on data protection protocols for fear of heading to prison! The “Spam King” sent over 27 million spam emails and, incidentally, did so before the act came into effect.
However, while extreme, the example illustrates that breaches can be punished relatively heavily, and guidelines and laws around data protection should not be ignored.
Most people that collect an email address through their website and send out communications in bulk use a third-party service like Mailchimp, AWeber, or ConvertKit. These are reliable partners, meaning those you would want to use, take responsibility for their part in data protection requirements.
Providing that site owners use the data they do possess responsibly, steps taken by partner providers are often sufficient to demonstrate that significant steps were taken in the event of data loss.
Protecting Personal Data as a WordPress Website Owner
When it comes down to it, your commitments in terms of data protection often align closely with the size of your site and the number of visitors you receive.
If you operate a small site with a couple of hundred visitors per month, you don’t need to enlist legal help and dedicated compliance officers to keep your site online and out of trouble. Simply providing boilerplate documentation as part of your content strategy and incorporating one or two plugins to demonstrate willingness and awareness will often be sufficient.
The more the size and visibility of your site increases, the more steps you should take. That’s not only down to your site having more data to protect but also about becoming a more attractive target. As frustrating as it is to say, the more popular a site becomes, the more lists it appears on. This can involve everything from spam messages through your contact forms to attempts to access your data – and that of your visitors.
If you own a large WordPress website or a network of smaller sites that hold extensive personal data, professional help may be a good decision. This could involve the aforementioned leadership around law and compliance from external sources or something customized to your business’s size and future ambitions.
It goes without saying that robust security is a must for reasons beyond data protection, and if that’s not yet up to par, it is the perfect place to start. Beyond that, if you treat every visitor’s data as if it were your own, you’re likely well-positioned to adapt to the ever-evolving global rules around online privacy.