The General Data Protection Regulation (GDPR) was created in December 2015 and designed to ensure the right of EU citizens to basic data protection standards. It will become enforceable on May 25th, 2018. The GDPR has generated a considerable buzz online. This legislation’s primary goal is to create a set of easy-to-follow rules for the entire EU, which uphold the highest standards of data privacy. Despite being an EU regulation, the GDPR will apply to any site that collects data from EU citizens. This means that if you’re running a WordPress website with registration enabled, and some of your users reside in the EU, the GDPR technically applies to you.

The purpose of the GDPR is to regulate how personal data is collected and manage by services. It does not forbid collecting any personal data at all. It only requires that the visitor be aware that the data is being collected, how it is handled and gives explicit consent to do so.

Personal data” means any information relating to an identified or identifiable natural person (“data subject“); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

The GDPR can impose several types of penalties. You could get fined 2% of your worldwide annual revenue for failing to disclose a data breach, or up to 4% for failing to ask for user consent when storing data. A good news is that there is a dedicated team of WordPress Core contributors working on GDPR-proofing the Core code. They have a website set up where admins and devs can keep up with the progress and to see what you need to do to get yourself (and your clients) in compliance: GDPR for WordPress.

Uncode and the Privacy Plugin

Uncode is a flexible WordPress theme that can use (depending on user choice) external services like YouTubeVimeoSoundCloudSpotifyGoogle Fonts, Twitter, Facebook and Tracking codes. All these popular services use cookies and scripts that send personal data, such as the IP address, to the provider of the service in exchange for the free service offered (this is the same thing that happens when you use the YouTube website, etc.). According to the new GDPR legislation, a user must agree through explicit consent before these services are used and before each type of personal data is processed.

Let’s try to understand. When you use a service like Google FontsGoogle AnalyticsYouTubeFacebook, or Twitter on your website, some personal data (usually your IP address) is sent to the provider in exchange for the free service offered. This data is then used to create targeted advertisements. Suppose that on your website’s home page, you use a YouTube video as the background for your main header. When this video is watched, some personal data about the viewer is sent to service provider (YouTube). It’s not compliant with the GDPR to simply include the video and communicate to the user that it’s possible to disable it. After all, by the time the page loads, YouTube (in this example) has already collected some personal data.The GDPR stipulates that users will first have to provide approval through consent before any data is processed. Obtaining this consent needs to be of the utmost importance.

For this reason, we have developed the Uncode Privacy Plugin. When this plugin is installed and properly configured, it’s possibleto block usage of third-party services up to the explicit consent of the user.

Note that the use of this plugin is not mandatory. Its website owner chose to evaluate whether to use this plugin based on geographic target, the type of content offered and the type of compliance to GDPR each intends to implement. However, it’s our intention to provide our customers with all the tools needed to be compliant with the new terms imposed by GDPR.

Uncode Privacy Plugin demo

To better understand the features of this plugin and the Uncode’s implementations, we created on our official website a page that can help to understand the functionality. In this page, there are videos, embedded and as background, and some audio elements, as embedded. When accessing the page, it will not be possible to display these items because the consent was not expressly stated. When the privacy preferences open, and you set the related consents, the page will be reloaded and it will be possible to view all items.

List of features

Once you have installed the Uncode Privacy Plugin using at least Uncode 1.8.2 or higher version you can benefit of the following new features:

  • Privacy Banner Text
  • Privacy Preference Manager
  • Consent fallbacks for YouTube, Vimeo, SoundCloud, Spotify, Twitter, Facebook, Google Fonts & Tracking codes
  • Visual Composer Consent Logic
  • Consent Shortcode

Important

Just using Uncode does not guarantee that an organization is successfully meeting its responsibilities and obligations to the GDPR. This page is a brief introduction of the GDPR, and presents some of the specific features of Uncode that can help you comply with the regulation. Organizations should assess their unique responsibilities, and ensure that any additional measures are taken that are necessary to meet any obligations required by law, as based on a data protection impact assessment.