GDPR Compliance For WordPress – A Website Developers Goldmine

GDPR Compliance For WordPress – A Website Developers Goldmine

In this video were to talk about the GDPR
and what it means for you hi my name is Adam from where I’m at WordPress
tutorial videos for non-techies if you knew your consider clicking on the subscribe button
to not miss a video click on the bell and YouTube let you know when I have a new video
appear available for you so I have to start this video with a should be obvious disclaimer
that I am no attorney this is not legal advice as a matter fact that a little but humor you
should listen to anything I say in this video because it has not been reviewed by an attorney
and I am not an attorney so just go with that of course about the GDPR in this video because
it is coming up in May 25 and that’s not that far away I mean it’s coming up really quick
and for those you that are not familiar with what this is it’s a new law a very extensive
law that’s going into effect in the EE you but it has effects on anyone that is collecting
data on EU citizens or anyone that has a website that has EU citizens and visiting get it’s
going to affect you and since this is a channel about WordPress it’s definitely conversation
that we need to have it simply one that I would hope that you would pay attention to
so the GDPR stands for general data protection regulation and it’s a very comprehensive document
and the onboarding process for this is about been going on for the last two years however
the date that it’s going to affect is coming up soon and there’s a little bit of scrambling
going on so in this video what I hope to do is actually have a series of videos but in
this video I just want to go over some of the basics of GDPR some of the questions that
still remain about it primarily to get it on your radar and I’ll probably have maybe
another one or two videos about the GDPR here to greatly come up with this in the video
description down below Lee Jackson from the agency trailblazer podcast put up a podcast
episode today based upon his research into the GDPR it was pretty good I listen to it
and I thought it’s about time I start talking about this on this channel I’ll put a link
to this download suddenly worth a read and also worth a this into so I wanted to talk
about some of the points of the GDPR I got some of it from here but I’ve actually been
following this for the past three months and also a side note if you are a website developer
you have clients I actually think the GDPR is going to be amazing for you because this
is something that you number one need to have all dialed in because you have customers so
you have clients that you build websites for or you manage websites for and there should
be a service offering to do a proper audit for GDPR regulation and compliance and I think
it’s a good opportunity for you to reactivate old clients and also have it be a services
that you provide to all of your existing clients I think it’s going to be great for you you
could do an audit you can go over compliance you can add disclosures there’s all of the
services that revolve around it’s okay not to start going fast through the video okay
so the first thing you need to look at for GDR compliance is what data are you capturing
so you need to know the most basic form you might have a contact form on your website
someone fills out that contact form and hits enter where does that gate data go where is
that data is stored as so you need to go through everything that you use in find out what data
are you apps actually collecting and then what you need to do is ask are you collecting
identifiable information so that is defined differently in different countries and the
United States an IP address is not identifiable information unfortunately in the EU it is
so if you are collecting any identifiable I mean there’s obvious identifiable information
write someone’s name and address that’s identifiable in the list goes on but also IP addresses
are added to that next you need to look at all of the or do an audit of all of the products
and services that you may be using that is collecting this identifiable information and
then you need to go to those services and find out what they are doing to be compliant
so this would be and I have a short list here if you have an e-commerce website what are
they doing to be compliant, talk about WooCommerce in a moment if you’re using that enema talk
about WordPress in a moment if you’re using that if you have an e-learning platform or
a learning management system what are they doing to be compliant dominant touch on that
here in a moment as well your contact forms some of them don’t store the data in your
WordPress database some of them do what are they doing to make it easy so that you either
are storing it or you have an easy way to not store it’s that’s one less thing that
you have to be concerned with what business communications are you having and I know for
me specifically have a live chat tool what is being collected by that live chat tool
I need to know also any marketing tools are marketing automation if you’re using any marketing
automation platform there are usually checked checked the tracking everything someone dues
does on your website where they’re going the pages are going to hell longer on those pages
for are they doing it in a way that is capturing personally identifiable information before
the person has even given you personal identifiable information perhaps like an IP address if
they’re doing it that way and this would also apply to remarketing then you’ve got to look
at data retention how long you’re retaining that data for you have to make sure that you’re
storing all data in as height of a security measures as possible taken all security measures
that you should responsibly be doing and then once you’ve done all of that stuff then you
actually have to disclose all of it in disclosure forms for your website in plain easy to understand
English now the problem is you have to do this for EU citizens but there is no reliable
way to know if someone that’s on your website is an EEE you citizen it doesn’t matter where
the visitor physically is if there in the EU or in Canada are in the United States or
in India if they are in EE use citizen you have to be compliant some of the main things
that we like make this all kind of makes sense you have to look at all of this stuff disclose
all of this stuff and then there’s issues of consent that I’m in a talk about a moment
but then you have to have a mechanism in place where if an EU citizen wanted access to the
information that you have on them that you can supply that to them that’s where this
actually gets really tricky because if you’re like me you’re using several products and
services that aren’t all unified and getting that data to someone could be a burden now
if you’re not compliance whether or not your business is based out of Europe or someplace
else they date the EU law states that they can find you up to 4% of your global revenue
and that would max out and I believe ‘8020 million now there is some questions of how
enforceable that is right so can they actually enforce that on a US-based business does international
law apply in all of that in these are all things that we don’t really have the answers
to on the surface there is no with a can’t apply a fine if you’re in the US they can’t
just fine you in a way that a government agency in the government of the country that you’re
in can just find you so it is a little bit questionable how they would actually collect
or enforce that and these are all things where the dust is going to have to settle there’s
a lot of parts of this law that are written in a very ambiguous way so really the product
some of the practical effects of the GDPR really not gonna know until some of these
things are actually tested in a court of law so here’s how it affects you and me and here’s
where you want to be concerned first of all I actually like personally like the spirit
of the GDPR I’m all for disclosure if you visit my website there is in fact there’s
a transparency report that discloses all kinds of stuff I don’t have to trade disclose but
I like to do that I think transparency is a great thing so for me it’s going to be very
easy to go and audit everything and kind of write out what I’m collecting and how it’s
being used and how long it stored for in the purpose of all that and adding a disclosure
so first of all I want to be adding a discloser everyone should really be adding a disclosure
I almost think you should be adding a disclosure even if you’re not collecting any identifiable
information on someone you should still add a disclosure to your website disclosing that
you’re not collecting any personally identifiable information the next common aspect of this
law that it’s actually a little vague and how it needs to be interpreted and that has
to do with if your have say an opt in form your collecting someone’s name and email address
because there’s an issue of consent so this is actually the one thing right I actually
personally don’t really agree with a lot of what I’m seeing written out there and that’s
why say don’t follow my and when anything I’m saying as legal advice I really don’t
agree with that so what a lot of tools are using so like Beaver Builder I’m sure it’s
or you might be a feature in Elementor Thrive Architect in Thrive Leads has it where you
can if someone is going to opt in or submit a contact form there’s a checkbox that you
can have where they would the visitor would actually have to check on the box to give
explicit consents that they’re agreeing with the say you link to the GDP our policy slur
given that explicit extent were they have to move their mouse and click the given X
was called explicit extent of consent when they give you this information but here’s
the thing collecting someone’s name and email address it die from what I’ve been reading
from the law it does not require this term called explicit consent let me read to you
what explicit consent is defined as in the law under the GDPR article 9 explicit consent
is required for the processing of certain special types of personal data not all types
certain types of personal data an example would be racial or ethnic origin I don’t ask
that my contact forms political opinions religious or philosophical beliefs or trade union membership
and the processing of generic data biometric data for purposes of uniquely identifying
a natural person data concerning health and data concerning a natural person sex life
or sexual orientation I’m not asking you for that if I have a spot to put your name in
your email in and it just you putting your peanut the person being on my website put
in their name and their email and then giving me consent not explicit consent but consent
and then they click a button so for me I think some of what I’ve read is that on this points
if you have a form where you’re getting some as name and email you can have a one line
there without a checkbox saying that you are consenting to give this information to me
or something along those lines you by clicking on yes submit or yes I’m in or whatever button
there to actually submit that information they are giving you consent and so that’s
probably how I’m going to roll until I get additional information so if you are collecting
leads for any purpose you might want to look into our is explicit consent required now
if you’re a doctor or doctors office and you’re having them give all kinds of sensitive information
oh yeah explicit consent is definitely required so there’s that issue so some other things
I want to talk about is so what that the trickiest part of this I think is not necessarily fixing
your opt in forms and putting a line of text or doing the audit to find out where all the
state is coming from I think the biggest challenges how the heck are you going to be able to deliver
to a EU citizen all the data you have collected on them and so in with WordPress here’s a
great article and I’ll put a link to it down below and this is really coming from WooCommerce
but it’s talking about what WordPress’s actually doing for GDP or current PR compliance and
their actually taken it very serious and they should because 30% of the Internet’s on this
thing they really need to give us their tools in the core of WordPress to be able to be
as compliant as possible so what they’re doing is and you can read through this so someone
using WooCommerce obviously of some places an order you’re collecting their information
but also if someone’s leaving a comment on your website your collecting information of
someone is say you’re using a learning management system and the registering for a course your
collecting information so there’s so there’s a lot of functions in WordPress you are actually
collecting identifiable information in WordPress does need to provide a way that plug-in developers
and theme developers can hook into to be able to have a system where you can give that data
to someone upon request and also give them the option to have it all deleted and wiped
away and that’s what they’re doing in WordPress so essentially someone’s going to be able
to go to a form and are to be able to request all the information the system will WordPress
will then email them that information so they can download it and they’ll also have an opportunity
to delete their account from your WordPress website and here’s an example of what all
that personal data would actually look like that can automatically be emailed out and
this is something that WordPress developers are going to be hooked be able to hook into
so if you go to see the LifterLMS website and you go to their blog they have a blog
post also talking about this at there just waiting for since all the data is in WordPress
and they know WordPress’s billing this they are there just waiting on WordPress to release
this functionality and then there immediately going to hook into it so they could be compliant
so a lot of the WordPress developers they are going to be able to leverage this what’s
already going to be added to the core of WordPress most likely but then it’s a little bit more
challenging right so if you’re using for me I use ConvertFox it’s an instant messaging
application I’ve gotta go and make sure they are compliant and how I’m going to be able
to deliver someone’s information there so there is a lot of loose ends with the GDPR
I wouldn’t be losing sleep over it I mean for me in the spirit of the law I want to
be 100% as compliant as possible I’m in a put every effort to do that however I don’t
you lose sleep over it so if you are you say a small business owner you only do business
you don’t explicitly do business with European Union citizens or in Europe itself you really
don’t have a ton to worry about if you have a website where you’re literally collecting
no personally identifiable information yet nothing to worry about at all either so a
local plumber down the streets you probably don’t have anything to worry about at all
the only area where you might want to just just double check to look into it don’t use
a contact form that stores the data in your WordPress website but even you should have
a disclosure I think every website is going to have to add this to a disclosure and one
of things I actually forgot to mention right here is that it’s WordPress is also adding
a disclosure generation tool so will generate the disclosures that you need to add to your
website and thinkers to something in this article here which I think is actually very
good to be in the core of WordPress to help people generate privacy policies terms and
conditions and also GDP our complaints I don’t know was going to do all that but it should
do some of that stuff or have the faculties to do something like that and so the one thing
that I hope does not happen and you’re starting to see this and you might’ve already seen
this on some websites and that is here I will II don’t know how I ended up on this website
the other day it’s elegant marketplace they I must’ve been looking at some kind of a Divi
add-on or whatever and I ended up here and this is the pop-up that I saw in this are
actually propping up on a lot of websites it’s generated by a website called cookie
bought and so this is the most this is an example of explicit consent where someone
comes here and this is literally the first thing that pops up now most people just might
click okay but it’s just so overly complex it’s in them not digging make it to dig out
on elegant marketplace at all they’re just doing what they’re there doing and I got to
commend them for doing this but it’s just this stuff like this really kills the experience
someone has on your website when they visited and this is the first thing that they see
you can check this out if you wanted to its cookie bot and there’s also a plug-in that
will allow you to add this to your WordPress-based website but for me I don’t want this so I
would rather use the right plug-ins and the tools that are not collecting identifiable
information information that can be linked to any actual person I would rather instead
of having something like this just not use those tools to be honest so if it means that
I can’t use my marketing automation tool until they modify it so it’s not collecting IP addresses
hey I’m all for that because I would rather not have people have to see this the first
time they come to my website and every time they do it in a new fresh browser so I know
this video is a little all over the place about the GDPR I do think it’s something that
needs to be on everybody’s radar I do think if you’re an agency owner you have web design
the design clients it would be good for you to if you have a blog on your website put
together a blog post that talks about it email all your customers tell him to read that blog
posts and start taking appointments on how you can get them GDPR compliant just the website
that they have theirs it’s a whole another can of worms on what they do with the data
after it comes through a website or the website that collects it so I do think there is a
huge opportunity for developers to have services related to GDP our compliance I do think every
website is going to need at the very least a page added with disclosures to whether you’re
collecting data or not I think at the very least that’s what needs to happen I just wanted
to start having a conversation with it and also tell you some of the plans that I have
about the GD put PR so this and by no means nothing in this video as legal advice in this
video is nowhere know me that this video is not like the most comprehensive resource on
the GDPR I am going to be following I’m going to be make doing a lot more research into
it to kind of maybe put together some resources that I can provide here on the channel to
people maybe some templates for disclosures or things like that but I just wanted to open
up the conversation get it on your radar we do have plenty of time a lot of it’s really
doesn’t really fall on your shoulders other than doing the audits it really falls on plug-in
and theme developers and the developers of the services that you use on your website
so we have any questions for a future GDPR video or discussion leave them in the comments
section down below ouch also see about getting an expert in the GDPR to come here on the
channel to talk further about the GDPR and what it means for you hey thanks for taking
the time to watch this video and I will see you in the next one


  1. Post
  2. Post
  3. Post
    Online Visually, leads that call or message you!

    I am limiting my website to only American. Built in America for Americans.

  4. Post
    Christian Lecuyer

    Hi Adam, That's a lot of info to on that subject, I will follow your advice to at least have a "disclosure" for my new websites.
    If you know any links to a "disclosure" generator, that would be great.
    Have a nice day 🙂

  5. Post
    Rudolf Stomps there are more elegant way to have the cookie notification on your site. For sure you have EU visitors and clients.

  6. Post
    Paul Krause

    Not like any attorney has any idea what it all means or requires. Until some significant amount of case law develops, I don't see how anyone can claim to know what might be required for compliance. I still think the best protection is to use tools like Limited Liability Companies, Limited Partnerships, etc. to limit your exposure.

  7. Post

    I'm getting a headache from all this…You give away your IP once you leave a comment or fill in a contact form. Or your email if you subscribe to a blog.

  8. Post

    Heyyy Adam, thank you much for all these useful information that you provide to us for free. I have an unrelated question: Do you know of a free platform where we can have access to usable law templates that caters to our needs and industry activities such as privacy policy, contract, general terms and conditions etc…? I reside in the EU. Thankssss 💪🏾

  9. Post
  10. Post
    Patrick Bianconi

    Thanks Adam! Are you still a fan of gravity forms as I somewhat use them religiously? Especially since the uabb add-on works great to customize it really quickly.

  11. Post
  12. Post

    Thanks so much, Adam, for covering this. We're on the same wavelength. Just bookmarked a bunch of articles to help me dive deep into this.

  13. Post
  14. Post
  15. Post

    This comment has nothing to do with your video. I just wanted to say I Love You Man!" If it wasn't for you I would not have my ecommerce business. You brought hope to my life. So thankful and grateful I found You!" All the blessings to you Adam! -Nate

  16. Post
    Mark Spence

    Hi Adam, thanx for a heads up on this. What do you think of the GDPR Tracker deal currently available on AppSumo?

  17. Post
    Christopher Fischbach

    Thank you Adam for helping people to get through this with a better understanding of what it is. If you don't mind I'll just bring up the fact being a certified data privacy officer and being open to questions if someone has some.

    The fines you mentioned are not exactly correct. They can fine you up to 20.000.000€ OR 4% of your global income whichever is higher.

  18. Post
    Vegard Bell

    I'm using CookieBot. It's free for 1 user. I am using a minimalistic style box, not the big one you showed on 🙂

  19. Post
    Tim Hicks

    Hi Adam! Most likely my question/comment will fall back on individual developers, but do you have any idea how GDPR will impact using Google analytics and WP statistics? Although I try to use few, I am in the process of auditing my website to check which plugins potentially collect data and what type. I believe in the video you mentioned something about Elementor taking steps or having already implemented something towards GDPR compliance? Can you tell me what they have done or are planning? Thank you for your response and your knowledge! You have been my go to guy for several months!

  20. Post
    Torben Heikel Vinther

    Hey Adam. Thanks for another awesome video! I'm in the process of making an overview of GDPR for my self and for my clients. I think a lot about what you said about cookie consent and about not over-doing it (or something like that) like using Cookiebot. But what I have read the cookie consent MUST be Informed, Based on a true choice, Given by means of an affirmative, positive action that can not be misinterpreted, Given prior to the initial processing of the personal data, Withdrawable, The user has the right to be forgotten and All given consents must be recorded as documentation.

    I know the source might not be 100% objective, but Cookiebot har written this about GDPR and cookies:

  21. Post

    hello Adam, you are such a wonderful person, have been watching your video for some time, you so good in explaining things, and i love your video quality too, its actually into video blogging, i love your video, i want my video quality to look like yours and your sound mic…what software are you using to record and what type of mic are you using too?
    Thanks in advance Adam!

  22. Post
    Peter Fiedler

    Hello Adam,
    thank you very much for all your work, effort and commitment you share with us!
    Regarding GDPR… The whole thing is a bureaucratic nightmare! I'd be so glad if I could live in the land of the free and the land of the brave instead of the EUdSSR, that strangles their citizens with extensive (and for the most parts idiotic) rules and regulations. What you mentioned is just the tip of the iceberg. If you happen to have a company residing inside the EU, or dealing with EU customers, the GDPR forces you to create extensive documentation of your internal data processing. That's no joke. For a "one man army" company like mine it is already 45 pages and about 14 days of wasted worktime just for that. You even have to make special "oder-data-processing"-contracts with your hosting companies and everyone that stores data from your customers. That's why we can't use our payed Convertfox Licence at the moment or use dropbox to exchange data.

    User Consent in the Comment/Form Fields… I am no laywer as well but from what I heared you don't take consent for saving the user data but for processing and further use it. The checkbox I use says something like "… you are OK with me saving the data you provided in order to process it according to our GDPR-Regulations <link> in order to give you an answer …". The link is important so that folks on the Website can inform themselves on what we do, where we save and when we delete tha data. Of corse you first have to write such a Page for every website.

    The most annoying part of the GDPR is the fact, that the EUrocracts don't have a single clue on how the Web works and what problems arise with their GDPR. IP Addresses are the crux of the matter, because they are sent to every API or external Server that we connect. For example there is no final clarification for the safe useage of Goolgle Maps, Google Web-Fonts, Google Analytics, Remarketing in whole, Facebook Pixel, Facebook Posts on your Website, Twitter Posts on your Website… Even the automatic Emojis and Gravatars are problematic. In short – Websites in the EU will fall back to the 90s where everyone uses Arial as Font. Every little company in the EUdSSR will have massive limitations comapred to the rest of the world, where the governments don't shoot the knees of their tax-paying people…

  23. Post
    Romeo Mariano

    The biggest irritant I see from your discussion is the need to provide a user of your website the information you have gathered about them. That can take a lot of time and effort to do. So, the question I have is can you CHARGE for this access? This is similar to asking a physician for a copy of your records. They can charge you for doing so because there is time, expense, and effort to obtain the records. If you can charge for this, then it wouldn’t be so bad. Just ask lawyers how much they LOVE making Xerox copies since they charge by the minute, even for mundane tasks.

  24. Post
    Jendrik Pätsch

    Thank you Adam, I live in Germany and always follow your incredibly good videos, I learn a lot from you and my English is getting better with you. 😉 thumbs up

    Thank you for accepting the topic. Even in Germany, many companies and website owners do not know anything about the topic, and here too, a lot of money is made with the panic of others, ebooks are currently doing very well on the subject. SSL certificates are a must and the checkbox you mentioned in the contact forms, that does not even have 50% of the hosted in Germany websites.

    In Germany is the topic EU-DSGVO "europäische datenschutz grundverordnung" – "European data protection basic regulation" if I translated that word by word 😉

    Keep it up

  25. Post
  26. Post
    Dan Tetreault

    GDPR stands for General Data Protection Regulation – a law effecting members of the E. U. that replaces the UK Data Protection Act of 1998.

  27. Post
  28. Post
    Marko B.

    There is one question that I have namely how does the GDPR effect Companies that do not allow PayPal for EU Members at all, like for example Elegant Themes?

    I just ask this because from what they have told me they have no other way tho collect there Data for the WAT Taxis, witch is in my eyes a bit of a strange all most suspicious reason for not allowing it.

    Plus as the gave me this information I was Addressed by my Real first name. With out me haven even an Account on there Page.

    Further more my conversation with them was over there Websites internal private chat function and if I am not completely wrong I should not have Access to unless I do have an Account there.

  29. Post
  30. Post
    Albert Brückmann

    I have created an add on for gravity forms, allowing to double opt in for senders and auto-deleting form entries after a specific time, together with a time stamp protocol to prove that the user really wanted to get information from you, making it even more GDPR compliant. Helps effectively against spam, too, and ensures you only get mails from real humans.
    To check, see

  31. Post
    michael govers

    Another great video Adam thank you for the thumbs up on this. and I will give you one piece of advice and one piece of advice only. Do not take any ones advice and that included this piece of advice I've just given you 😉

  32. Post

    Adam, thank you. I'm sorry this is not a correction by any means, but I kept on hearing this term on the video and reading it on the comments. Are we talking about disclosure not a disclaimer?

    Again, like you I am no lawyer… but it is my basic understanding that a disclosure is more in the sense of giving heads up. "Hey i'm getting paid to advertise this… or proceed at your own risk" type of thing. A disclaimer in the other hand is more of a "hey this is what i'm covering my bottom with, doing my best to comply but you can't come after me." type of thing.

  33. Post
    James Cairney

    Most of this should already be taken care of with decent privacy policies and terms and conditions, if your website has these then most of these regulations shouldn't change anything

  34. Post

    Went home thinking about this…and at first it felt a bit of an inconvenience to web professionals. But the reality is that…

    It shows how EU government cares and looks after the best interests of its citizens. I wish ours would show a bit more of that attention to its citizens.

  35. Post
    Vinicius Freire

    I understand why you say that this is a goldmine for developers. However, the matter of the fact is that when a client pay us for that "service", they are doing it because there is a gun to their heads. Literally, the government is using coercion and force to impose website owners to pay fo it. It's basically a blackmail. It's a crime-less punishment. But, of course, there is no such thing in regards of government cameras on the streets, where they film you and give absolutely zero fucks about your consent.

  36. Post

    You hate the EU Andrew? How nice. I don't recall saying or doing anything to offend you – oh well. As for your opinion on GDPR, I suggest you read into it. The news on both sides of the Atlantic is full of data breaches where personal data has been compromised or openly sold. The companies that lose or sell personal data rarely end up being victims of fraud, but the poor individuals who's data is released do. GDPR makes information about me 'my' intellectual property. I decide who has access to it, what they can do with it and how long they can keep it. If I give my name and address when ordering something online, I give it for that purpose only, I expect them to protect that information and I do not automatically give them permission to sell it on to others who then harrass me with unwanted offers.

    I'm in the UK (Scotland to be precise), we will shortly be leaving the EU but i'm delighted the UK goverment see the real value of GDPR and decided to adopt it here, in full. As an information security manager, I admit to having a vested interest in data protection but i've also seen first hand how easy it is to Google someone and really mess up their lives. You may be in the US but GDPR will ultimately help protect you too by raising awareness of data protection in much the same way that car (automobile) airbags invented in the US improved vehicle safety and helpd to save EU lives.

    Rant over 🙂

  37. Post

    GPDR and what you can Do Now. Install
    The GDPR Framework
    That will enable all the Check Boxes On comment forums also Gravity forums 7
    Along with Woocommerice that should be enough for Most sites.

  38. Post
    larry woods

    OK. Now let's look at the other side of the question. Is Joe Blow REALLY a resident of the EU? That is really a bigger question and needs to be fed back to the EU. There is no way that I will release info to "Joe Blow" just because he tells me he lived in France! And I definitely won't delete it. There needs to be an official request that comes from an OFFICIAL source within the EU that verifies that Joe Blow not only lives in the EU but is also an official resident of the EU. Maybe Joe is from Chicago but has a summer home in the south of France. He requests from the French address/internet node. If you think that YOU will be getting requests, what about the EU?
    Good idea, EU, but not practical—unless they have the OFFICIAL procedures in place to handle this, and the budget!

  39. Post
    Michael Fidelis

    Number 1 is VERY IMPORTANT!! Picked a bad theme (HB Themes) for my business site several years back now paying the price. Horrible developer with no updates and little to no support. On the brighter side, I found Astra! 😉

  40. Post
    Vahrokh Vain

    Hello. Nice intro, however you did not mention how you are responsible for data protection as well. You need to have encrypted storage and – possibly – a key vault holding website database credentials.
    Some US providers are going to provide file system encryption, however you should encrypt data at rest as well. Otherwise you shall need to implement the incredibly painful "warn every contact by 72 hours if your website is breached" policy.

  41. Post
    Alexander Bjerkvik

    Certainly a goldmine as long as you are ABSOLUTELY certain you understand how to comply with the policies.

  42. Post
    Novella Bobo

    If I go Private with my settings do I still need to worry about GDPR, I am thinking on doing that to freeze my account so I have the option to work on it later if I want to start it back up then.

  43. Post
    Z Du

    Great Great video man! Your videos never disappoint! A quick question I always wanted to ask, which software/program do you use to make your video like this one, where you can show yourself in a small circles window 🙂 Thank you!

  44. Post
  45. Post
    David Alexander

    Hey, are you doing a follow up on this now that we have more of the tools available from WP etc and the info seems to be clearer? Would love to see a part 2.

  46. Post
    Gustavo Gonzalez

    Best way I've found to solve it. A popup windows asking "Are you an EU citizen? if the answer is "yes" they will be redirected to Google

  47. Post
    RKF Search Results

    I'm unclear if a website with no form or data collection is subject to compliance or just if it's accessible in EU? Or is that not clear?

  48. Post
  49. Post
  50. Post
    Stefan Camargo

    The thing with cookiebot banner is that according to GDPR, you cannot install ANY cookies on people's website without first getting consent. So, use a tool like cookiebot or be 100% not complient.
    Now, you don't need to block the page completely and force people to click on OK… you can just show cookiebot on top of the page and disable all the cookies until people opt-in. If they don't opt-in, so no cookies will be installed. In practical terms, That means people won't be able to show Adsense unless people tick the box. It's crazy, but that's how the regulation is right now.

  51. Post
    RKF Search Results

    Wouldn’t a double opt-in be explicit consent?
    No need to make ANY apologies for your content or organization of it. Good stuff Adam.

  52. Post
    Oliver Wieland

    By far the best presentation I've seen on GDPR so far, and I quite agree with the spirit of the law also. Every site I've developed I have pushed for as much data transparency as feasible.

    Also well done for highlighting the jurisdictional issues. The over-reach issue is highly concerning imo, at least in principle.

    As I understand it (and I'm not a lawyer either), the EU does not rule outside of the jurisdictions of it's consenting member states. I believe it's a concept called sovereignty.

    HOWEVER, there is nothing to stop the EU, or any of it's member states or their citizens from attempting to take a non-EU company to court (for whatever reason, GDPR or other). This does not mean the target jurisdiction has to comply, but… depending on the jurisdiction, courts or judges may or may not decide to honour the proceeding.

    Any sensible state IMO would ignore any foreign order, and any exception should be constitutional.

  53. Post
  54. Post
  55. Post
  56. Post
    Tasvir Mahmood

    I have Google Adsense on my website. They are asking me to take action, all I am ending up with are long text documents. I do have a Privacy Policy page, but I think I will need to add this popup.

  57. Post
    alan waggett

    hi Adam alan waggett here> . anyone got step by step tutorial to setup a divi site to be gdpr compliant

  58. Post
    Jen A

    Hello Adam. I have a question about GDPR policy. My question is that for those who are creating an affiliate website, do we need to the GDPR policy or just leave it alone? In fact, most of the gurus that I look at don't even talk about the privacy policy, disclosure policy, and affiliate policy. I want to cover myself if someone buys a product from affiliate off my site and they get hurt from the product, I don't want that person to come and sue me.

Leave a Reply

Your email address will not be published. Required fields are marked *