And what we are doing for Our clients
Please note, we cannot offer legal advice regarding compliance with the EU’s new General Data Protection Regulation, known as the GDPR. We recommend that individual site owners review the information available from each service provider, in the context of the GDPR regulations, and decide what action they need to take.
Our understanding of the GDPR is that it only applies to organizations that serve EU residents. It’s possible that if you only serve residents of countries outside the EU, you can safely ignore it. However, it doesn’t necessarily mean that you should ignore it. Rather, with so much attention being paid to the GDPR right now, demonstrating that you’re taking it seriously could make you look more professional. In addition, it may enhance customer confidence in your business. Furthermore, there’s no telling whether a similar law might be enacted in the U.S. at some point.
Most of our clients’ websites are built using WordPress. This allows us to take advantage of the tools included in the latest release of WordPress that are designed to make compliance easier. These tools include guidance on developing a privacy policy and support for dealing with data access and deletion requests.
Clients who subscribe to our WordPress backups and updates service know that we are:
- keeping their website securely backed up
- monitoring for suspicious activity
- keeping the underlying software up to date.
The way that we can be most helpful to our clients right now is with development of a privacy policy. We do this based on our knowledge of how their site operates. We can’t offer legal advice about GDPR compliance. Therefore, we recommend having a lawyer review any privacy policy we help to create. However, we can answer technical questions about how our clients’ websites store and process personal data.
As of Friday, May 25, 2018 we have made minor adjustments to all our clients’ websites to reduce their potential exposure to privacy related issues. This includes enabling the anonymize IP address feature of Google Analytics, setting the retention period for personal data in Google Analytics to the minimum of 14 months, and preventing IP addresses from being stored with contact form submissions.
If you are a client of ours, and wish to discuss your privacy policy in more detail, please call us at (518) 392-0846 or email [email protected].
If you are not a client of Trevellyan.biz, we have provided additional resources below.
These may be useful in determining what your next steps should be:
- official source of information about the GDPR – https://ec.europa.eu/justice/smedataprotect/index_en.htm
- GDPR portal by Trunomi and Commvault – https://www.eugdpr.org/
- especially relevant is information about version 4.9.6 of WordPress – https://wordpress.org/news/2018/05/wordpress-4-9-6-privacy-and-maintenance-release/