El RGPD (o el General data protection regulation) se requiere a partir del 25 de mayo, y con él vienen algunas regulaciones nuevas que la mayoría de los sitios Web deben cumplir, incluso si no se centran en la UE. Entonces, si aún no ha preparado su sitio web, aquí está nuestra guía rápida y fácil acerca de cómo hacer que su sitio de WordPress be compatible with GDPR en solo 5 pasos.
Cubriremos los puntos clave para ayudarlo a avanzar rápidamente hacia el cumplimiento. ¿Debido a que el apuro? Al decantarse por no cumplir, su compañía podría enfrentar multas desde el 4% de sus ingresos anuales hasta 20 millones de euros (¡ay!). Aún cuando el extremo superior de ese espectro probablemente esté dirigido a gigantes como Amazon and Facebook, siempre recomendamos seguir las reglas. Así que así es como puede hacer que su sitio de WordPress sea compatible con GDPR lo antes posible.
IMPORTANT: We are not lawyers, we simply share information about GDPR compliance and some of the steps we have used when updating our own website. Following the steps below does not guarantee that you are fully compliant with the GDPR requirements. Consult a GDPR attorney or consultant to make sure your website is compliant.
Tabla de contents
- Update to WordPress 4.9.6 (or higher)
- Update your privacy policy
- Add a cookie notice
- Make it easy for users to request / delete their information
- Notifications of policy updates or data breaches
Step 1: upgrade to WordPress 4.9.6 (or higher)
This is the easy step, as WordPress 4.9.6 added tons of privacy settings built into the WordPress core. By simply updating your main WordPress installation (which you should already be doing) you are already setting yourself up for successful GPDR compliance. There is a full list of privacy features WordPress added in this update, but when it comes to GDPR compliance, here are some key features to check out.
Comments Cookie Optin
Por defecto, WordPress almacena una cookie para que los usuarios no tengan que volver a escribir su información cuando dejan un nuevo comentario en su sitio. Ahora hay una opción incluida en el formulario de comentarios de forma automática: no tiene que hacer nada excepto tal vez darle estilo si no le gusta cómo se ve (nota: no verá esta en el Blog de R Digital marketing ya que deshabilitamos no creemos que sea necesario almacenar esa información en su browser, por lo que decidimos deshacernos de esa cookie).
Export and delete data
En Herramientas hay dos items nuevos: Exportar datos personales y Borrar datos personales. Si su sitio recopila información del Username (por medio de de cuentas de subscriber, perfiles de clientes, etc.), puede exportar rápida y fácilmente la información de un usuario o borrarla por completo de su base de datos cuando lo soliciten.
Policy generator
If you log into WordPress and go to Settings> Privacy you can use your current privacy policy if you have one, or Create new page to automatically generate a policy for your site.
Si usa la política generada, ya incluirá información de privacidad y divulgaciones asociadas con el núcleo de WordPress. Pero al mismo tiempo agrega headers útiles para otra información sugerida que debe agregar para el cumplimiento de GDPR (como formularios de contacto, análisis, información de contacto, protección de datos, divulgación de violaciones, etc.).
Step 2: update your privacy policy
Using the auto-generated policy is a good start, but depending on the services and plugins you use on your website, you will need to update your policy to include disclosures for all cookies and data that are collected on your website.
Cookies collected
Here are some of the most common:
- Google analytics y otros servicios de seguimiento
- Google Adwords, Bing y otras redes publicitarias
- Cloudflare and CDN services
- Optins or pop-ups
- Push notifications
- Video players
- Heat maps
- Shopping carts
To find out which cookies your website is using (if you don't already know) open a browser and delete your cookies (by way of example Firefox> History> Clear recent history ... then select "all" and check the cookies option, or Chrome> Settings> Clear browsing data luego seleccione «Todo el tiempo» y marque la opción de cookies y otros datos del sitio). Con las cookies claras, ahora visite la página de inicio y el blog de su sitio web, luego inspeccione su sitio web para abrir las herramientas de desarrollo. En Chrome, seleccione la pestaña «aplicación» (en Firefox está en «almacenamiento») y luego haga clic en la opción Cookies en el lado izquierdo de la pantalla. Desde aquí, debería poder hacer clic en la Url de su sitio web y ver todas las cookies que se están configurando. Todos estos deben ser divulgados en su política de privacidad.
As well as revealing the cookies used on your website, you must also include a section on how users can disable or delete cookies in their browser. In our own policy we choose to link to the following browser guides:
- Disable cookies in Chrome
- Disable cookies in Firefox
- Disable cookies in Safari
- Disable cookies in Internet Explorer
Contact forms
Be sure to include a checkbox for consent on your contact forms, if you have one. Fortunately for you, the popular contact form plugins have already been updated to make sure your forms are GDPR compliant. Here are some form plugins that are already GDPR ready.
If you are using Contact form 7, you can simply add an acceptance checkbox to your forms. Just add this before your submit button: [acceptance accept-this-1] Check here to consent to this website storing my information so they can respond. [/ acceptance]
The people of wpForms has added a GDPR agreement module that you can add to all your forms. First enable "GDPR Enhancements" in wpForms settings, then edit your existing forms to insert the new "GDPR Agreement" checkbox. In this way, users can confirm that they give their consent to send you their information.
Entonces, una vez que haya seleccionado un plugin de formulario de contacto y haya agregado una confirmación de consentimiento para GDPR, al mismo tiempo deberá agregar una sección a su política de privacidad sobre la información que recopila. Esto va a depender de los campos que incluya en sus formularios: nombre, correo electrónico, dirección, edad o cualquier otra cosa.
Newsletters
Identical to contact forms, you must confirm user consent for newsletters. This can be done with a checkbox that a user must click before opting to participate, or by requesting a double option from their email list (if they haven't already done so).
Si usa MailChimp, la doble subscription es fácil de habilitar. Simplemente inicie sesión en su cuenta, acceda a sus listas y haga clic en el botón «Configuración de suscripción». Desde aquí, simplemente seleccione las listas de correo a las que le gustaría agregar una doble suscripción y luego guarde. ¡Fácil!
With your consent confirmation method in place, simply add a section where you keep the email addresses of users for your newsletter to your privacy policy.
Datos de WooCommerce
If you have a store, you will need to disclose how you are retaining customer data, for how long, and what you do with it.
First, use WooCommerce's built-in privacy features. After installing or updating the plugin, go to the Settings> Accounts and privacy section. Enable options for retention, erasure, and privacy policy links of personal data.
Next, be sure to add the appropriate disclosures to your privacy policy. You may want to consider sections on why your website would collect personal data, how it is used (to promote your website to better serve users, process transactions, promotions, etc.), how it protects user information, and the processing of payments.
For more information on WooCommerce and GDPR consult your guide.
Note: This is by no means a complete list of disclosures; these are just a few common examples.
Step 3: add a cookie notice
We recently talked exclusively about EU cookie law and how to make your site comply with cookie law. For simplicity, you should disclose your use of cookies, and not just in your privacy policy. You must add a cookie acceptance and disclosure notice on the first page a user visits. Luckily, there are tons of plugins that can contribute. Here are a couple of popular options.
Cookie notice for the free WordPress dFactory plugin
The free Cookie Notice plugin is a great and easy way to add a simple cookie notification and opt for your website. The plugin includes settings to add a personalized message, links for more information and a button to accept or reject cookies. At the same time you can add a cookie expiration (at which time users will have to opt in again), determine the location of the script (header or footer), and add a simple style with the included options (text color, style button, position and animation).
WeePie Cookie Allow Cookie Consent GDPR Premium WordPress Plugin
Alternatively, you can try the premium WeePie Cookie Allow plugin. This more advanced cookie compliance plugin includes options to comply with the cookie laws of the EU, UK, Netherlands, Italy and Germany. Choose a consent method (explicit via button or implicit in scrolling), style (box or bar plus layout options) and add links to a privacy policy or site terms. This plugin at the same time is compatible with several sites and is ready to respond to all sizes of devices.
Step 4: Make it easy for users to request / delete their information
We mentioned earlier that WordPress 4.9.6 added easy options for user data management, so if a user wants you to resend a copy of their information or delete their information entirely, they can. But in order for them to share your request, you will first need to create a contact form or page for them to get in touch.
Dependiendo de su sitio web, podría tener sentido instalar un plugin de formulario de contacto para agilizar los envíos de contactos. Esta es probablemente una mejor opción si se trata de un sitio web que tiene muchos usuarios, como un forum en línea o un sitio de membership.
Some plugins like Ninja Forms already have custom data export and data removal request form templates built in (check out our Ninja Forms GDPR Release). Just create your forms and then include links to them in your Privacy Policy.
But if your website is a basic blog or business site with no user accounts other than yours, it should be fine to just include a contact email in your privacy policy.
Step 5: Policy update or data breach notifications
The last part of GDPR that really stands out as important is the policy update and data breach notifications. This comes into play if you offer user accounts on your website, collect customer information, or maintain a newsletter.
Now that you have updated your privacy policy to comply with GDPR, it is a good time to notify users of your changes. If you use an email platform, please send a quick privacy update notice.
Or if you are using one of the best GDPR compliance WordPress plugins, chances are there is already a notification system built in so you can communicate with your site users. The best part is that with some of these plugin options you can easily automate policy updates or data breach notifications, saving you some time.
Ending
Solo para reiterar, no somos abogados. Esta guía acerca de cómo hacer que su sitio de WordPress sea compatible con GDPR es simplemente una colección de consejos de nuestra propia experiencia personal investigando y preparándose para GDPR. Con suerte, hay algunos consejos útiles para ti, pero de hecho es solo un punto de partida. Recomendamos encarecidamente que se ponga en contacto con un consultor de GDPR o un abogado para asegurarse de que su sitio web cumpla con las normas, sobre todo si se encuentra en la UE o si los residentes de la UE representan una parte significativa del traffic de su sitio web.
Have more questions about making your WordPress site GDPR compliant? Leave a comment and we will do our best to help you. At the same time we will update this guide as we learn more about GDPR, so if you have any other tips or key points, please share them.
