What Is GDPR Exactly?
The General Data Protection Regulation (GDPR) is Europe’s new framework for data protection laws, replacing the 1995 data protection directive. EU legislation says that is designed to harmonise data privacy laws across Europe and that its main purpose is to give greater protection and rights to individuals. After publication of GDPR in May 2016, it will come into force on May 25, 2018.
In a nutshell, GDPR protects user data in just about every conceivable way. Both personal data and sensitive personal data are covered. Sensitive personal data is easier to describe, as the usual suspects like genetic data, information about political views, sexual orientation, religion etc, belong to that category. Personal data, more or less, means any information that can be used to identify a person, starting with name and address and can also include email and IP addresses.
Who Is Affected By GDPR?
In short, every company, organization and individual that are processing or controlling datasets of their customers or website visitors will be covered by GDPR. It will affect any business that does have customers who reside in the EU.
What Does GDPR Entail?
In order to be GDPR-compliant companies must handle customer data with the utmost care and attention. However, that alone is not enough, and customers have to be provided with tools to control, edit and also delete any information pertaining to them. Furthermore, any data that is handled has to be protected, meaning that anonymization and encryption are two important aspects that come into play. Another very important factor is that customers have to be asked for their consent explicitly, before their data is collected and processed.
Responsibility Of Compliance For Websites
It’s important to note that it is the responsibility of every company or website owner to prepare their sites for GDPR compliance. It is not the duty of any framework used to create and manage a websites compliance, solely. In almost all cases a lot of manual fine tuning will be needed. Generally speaking, that means there is no use in asking “Is WordPress GDPR compliant?” or “Is Avada GDPR compliant?”. For example, Avada itself will never be violating the GDPR criteria as it does not collect any data. It is a powerful tool to create websites, and the end users website is what will collect data and the data collected will be different for every usecase.
Does that mean that WordPress and Avada users are left alone in their fight for compliancy? No, not at all!
WordPress And Its GDPR tools
An article about GDPR Compliance Tools in WordPress was posted on WordPress.org shedding light on the new privacy features that WordPress has added to its latest release 4.9.6, which shipped on May 17, 2018.
Avada 5.5.2 And Its New Intuitive GDPR Tools
On top of the new WordPress features, ThemeFusion decided that we wanted to give our userbase even more possibilities to get their sites GDPR compliant. In the following we want to present you the main new features in Avada 5.5.2
When you are using Google fonts that usually mean retrieving the font files from their API, which includes sending the IP addresses of your users (which are considered to be private data) to Google. You might find that circumstance worrisome, but at the same time you don’t want to do without the nice typography options Google fonts offer. Avada to the aid. We have added a new Theme Option that easily allows you to decide whether Google fonts should retrieved via the Google fonts API, or if they should be hosted locally on your server. View the new Theme Option below.
User Control Over Third Party Embeds
Avada 5.5.2 offers a variety of elements and widgets that help you to utilize third party content, like YouTube and Vimeo videos, Google Maps, Facebook and Twitter timeline, Flickr images, SoundCloud files etc. While all of these third party services enrich your websites, they also do collect data about your users. IP addresses, location data or user activity tracking, to name a few. Under the GDPR it is necessary to ask visitors for their explicit consent if data should be passed along to third parties. While that is generally not possible to achieve with embeds, on the other hand, similar to Google fonts, you don’t want to lose these services on your site.
Our development team has come up with a very nice and easy to use solution. We added a new Theme Option to prevent embeds from loading until user consent is granted. For any of the third party services, which you can freely choose from, you add to the consent list, the embeds will stop to be loaded on page load. Instead your users will see a placeholder graphic, with custom text on it and a button to accept this third party service. The background color and text color for that placeholder can be set in Theme Options.
The whole setup is cookie driven, and thus we also added an option, so that you can set a custom expiration date for that cookie. Once it is expired your users will have to set their consents newly according to their preferences. Check out the images below of these third party embed tools and settings.