Europe’s General Data Protection Regulation (GDPR) is a new law that addresses personal data and privacy.
As we value the privacy and security of our users’ data, Pressable is committed to operating in accordance with the principles of the GDPR. We are making a number of upgrades to our systems and policies, in line with the requirements of the new law.
Below you will find a list of common questions we have received about GDPR and our answers to those questions. We hope our answers help you understand the steps Pressable is taking to comply with this regulation.
>> What is the GDPR?
The GDPR, among other things, requires companies and site owners to be transparent about how they collect, use, and share personal data. It also gives individuals more access and more choice when it comes to how their own personal data is collected, used, and shared.
You can read the full text of the law here. We also found these resources helpful in understanding the principles and specific requirements of the law:
>> When does the GDPR take effect?
The law goes into effect on May 25, 2018.
>> Who does the GDPR apply to?
The GDPR is a European law that grants personal data rights to individuals in the European Union. However, its requirements apply to all sites and online businesses that collect, store, and process personal data about individuals in the EU.
>> How can I get in touch with you regarding a GDPR related request?
You can contact us via email at firstname.lastname@example.org.
Questions About Your Rights As A User of our Services
>> What rights does the GDPR give me?
The GDPR gives EU individuals rights to their personal data. There are some exceptions and exemptions to the rights granted by the GDPR, but in general it includes rights to:
- request access to the data we store about you.
- request updates/changes to your personal data.
- request the deletion of your personal data.
- take your personal data to a new service.
- request we limit our collection and use of your personal data (e.g., opt out of being tracked by our analytics tools).
You can expect that we as a company will work to protect the privacy of your personal data, will only collect the data when we have a reason to do so, and will delete your personal data once we no longer have a need for it.
>> How do I request access to my personal data? How do I request changes to it?
If you’d like to know what personal data we have stored about you, please contact us at email@example.com with your request. If upon reviewing that data you need to request changes to it, please let us know and we will work with you to make the necessary corrections.
>> How do I take my data to a new service?
We hope you find our services useful, but your site is yours and your content belongs to you. If you have an account in good standing currently hosted with us and have decided to move elsewhere, we do not charge or restrict you from downloading your site’s files and database, allowing you to store or move the content elsewhere.
>> How do I delete my personal data?
Please email firstname.lastname@example.org request deletion of your personal data.
Questions About Your Responsibilities as a Site Owner
>> What can I do on my website to honor the GDPR?
First, it’s important to understand that every WordPress site is different. This is the beauty of WordPress, but it also makes it difficult to give general information on the GDPR that applies to everyone in the same way: no two site owners will or should take the same steps to comply with the privacy laws of their country or the countries that their site visitors come from.
Also, the GDPR is based on principles, not rules. This means that there is no standard checklist to follow and no merit badge awarded for GDPR compliance if you check a few boxes.
This may be a little scary, but we’re all in this together. As one of millions of WordPress site owners, you’re part of a larger community – including Pressable – that is focused on understanding and honoring individuals and their rights. If we keep the spirit of the GDPR in mind – user transparency, choice, and control – we can make good choices that protect individuals who use our sites and services.
Also…final note, we’re not your lawyers, and we can’t give legal advice on whether or not your site is in compliance.
With that in mind, below are a few steps many WordPress site owners might consider taking to follow the requirements of the GDPR.
Be Transparent With Your Users About the Data Your Site Collects, Stores, and Uses.
A key responsibility of a site owner under the GDPR is to be transparent about the data your site collects on them and how that data is used.
Provide a Way for Your Site’s Visitors to Access/Delete Their Data
One of the GDPR requirements for site owners, is that you tell people what personal data you have collected about them when they ask, and that you delete that data upon request.
Use Plugins That Are GDPR Ready
As a site owner, you are responsible for making sure that the plugins you install on your site are handling data in a way that is in line with the GDPR. If you aren’t sure, you can reach out to the plugin developers directly to ask about their GDPR compliance.
>> What tools does Pressable offer to help me comply with the GDPR?
As a WordPress site owner, WordPress 4.9.6 (released on May 17, 2018) and above offers tools to help you comply with the GDPR.
As Pressable always runs the latest version of WordPress these features are already enabled on your site by default. These features include:
Data Export and Erasure Tools
WordPress includes tools that allow you to export or delete user information on request, as required by GDPR.
You can access both tools from the admin:
For more on the GDPR and the WordPress platform read the official release notes.
>> I need a data processing contract from you stating you comply with the GDPR and/or that any data transmitted to your servers is done so in compliance with European law. How do I get that?
From a legal point of view, a key requirement for many customers is entering into a Data Processing Agreement with us. A Data Processing Agreement is a contract that specifies the scope of our obligations under the GDPR and commits us to following them with respect to our customers’ data.
We are happy to enter into a Data Protection Agreement with you, which should address your GDPR related legal and compliance requirements. Please email email@example.com and we will gladly work with you to put this contract in place.
This page is not intended as a replacement for legal counsel; if you have concerns about whether or not your site is GDPR compliant we encourage you to seek the advice of a qualified attorney.