The General Data Protection Regulation (GDPR) was created in December 2015 and designed to ensure the right of EU citizens to basic data protection standards. It will become enforceable on May 25th, 2018.
The GDPR has generated a considerable buzz online. This legislation’s primary goal is to create a set of easy-to-follow rules for the entire EU, which uphold the highest standards of data privacy. Despite being an EU regulation, the GDPR will apply to any site that collects data from EU citizens. This means that if you’re running a WordPress website with registration enabled, and some of your users reside in the EU, the GDPR technically applies to you.
The purpose of the GDPR is to regulate how personal data is collected and manage by services. It does not forbid collecting any personal data at all. It only requires that the visitor be aware that the data is being collected, how it is handled and gives explicit consent to do so.
"Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
The GDPR can impose several types of penalties. You could get fined 2% of your worldwide annual revenue for failing to disclose a data breach, or up to 4% for failing to ask for user consent when storing data.
A good news is that there is a dedicated team of WordPress Core contributors working on GDPR-proofing the Core code. They have a website set up where admins and devs can keep up with the progress and to see what you need to do to get yourself (and your clients) in compliance: GDPR for WordPress.
Below we provide a series of specific information and some technical measures that you can use related to our Uncode WordPress theme.
Uncode Privacy Plugin
There is no doubt that Google Fonts is a wonderful service that allows you to easily use more than 800 fonts free of charge but when you use this service Google stores the IP Address in exchange for the service offered.
In Uncode when you install demo contents a few Google Fonts are imported (these are the same used by the demo for instructive scope). It is the user's duty choose whether to use this convenient method or prefer to install the font locally on your server. In case you decide to use the default method it is suggested to create a Privacy and Cookie page as described later on this page. Alternatively, if you want to use the Google Fonts installed on your server (that these days becomes the suggested method) please continue with the Self-hosted Google Fonts tutorial:
Another service that is used by virtually all sites is Google Analytics. The big question on everyone’s mind is if they really need to get explicit consent for tracking. After all, this could be a substantial amount of work and could absolutely impact the participation of users in your Google Analytics data. The answer to this question is multi-pronged in that most likely you will, that it depends, and that you should seek legal counsel.
In any case, a good improvement is to use the anonymized IP function, in this way the IPs of the users who visit the site in your account will not be saved. Please find all the infos in the dedicated documentation page:
YouTube and Vimeo
For sure another great services that we all use are YouTube and Vimeo (SoundCloud and Spotify). In Uncode you have the option of using both of these services or uploading a self-hosted video to your server. Naturally, these services also collect data from users who are viewing the video in exchange for the free service offered.
If you need to be strictly compliant with the GDPR, you must use self-hosted videos loaded from your server. Naturally, an increase in the use of Self-Hosted videos is expected.
If it is necessary for you to use the services YouTube, Vimeo, SoundCloud and Spotify, and you need to be strictly compliant with the GDPR, please read the documentation and implement the GDPR plugin:
Alternatively, you can use Gravity Forms which has a native option to save each message and consent received. Gravity Forms is supported by Uncode but is not a free plugin we can include for free in our product.
I Recommend This
In Uncode versions prior to version 1.8.2 a plugin named 'I Recommend This' was used to create the like on posts features (heart icon). This plugin, to avoid that an user could click repeatedly on the same like, saved the user's IP address. Given that the IP address under the GDPR terms is an important Personal Data, we decided to eliminate this functionality from Uncode to ensure greater compliance (since this simple functionality is the only feature that could make Uncode not compliant).
If you are interested in activating this feature or re-activate on your installation, please follow:
Privacy and Cookies Policy
It is important to specify that the only native cookies used by Uncode Theme are conformed to GDPR. To run the Adaptive Images system Uncode makes use of three technicians cookies that only contain runtime informations about the viewport and screen resolution, these datas are created on any page refresh to calculate the correct Adaptive Images. No personal informations are stored within these cookies.
Enforcement of the EU General Data Protection Regulation (GDPR) begins shortly after the release of WooCommerce 3.4. The WooCommerce team added tools and features to help store owners become GDPR-compliant and deal with GDPR requests from customers.
Just using Uncode does not guarantee that an organization is successfully meeting its responsibilities and obligations to the GDPR. This page is a brief introduction of the GDPR, and presents some of the specific features of Uncode that can help you comply with the regulation. Organizations should assess their unique responsibilities, and ensure that any additional measures are taken that are necessary to meet any obligations required by law, as based on a data protection impact assessment.