Ask Yoast: Preparing for the General Data Protection Regulation (GDPR)

From 25 may 2018 onward, the EU General Data Protection Regulation (GDPR) will be in force. This law on privacy and data protection will have consequences for any business handling personal data of EU subjects. So, what should a webmaster do to avoid legal penalties? In this Ask Yoast, Joost gives his take on the matter.

Joerg Gastmann emailed us his question on the GDPR:

'At YoastCon 2017, Dixon Jones mentioned that certain plugins collect data about users and this might cause problems with the EU General Data Protection Regulation (GDPR). What should a webmaster do to avoid legal penalties for using plugins, like Jetpack, that process statistical/user data on their servers?'

Watch the video or read the transcript below for the answer!

Preparing for the GDPR:

“Well, you don’t get a penalty specifically for the fact that these plugins are using that data. You get a penalty for not getting your user’s consent for doing that. So you should get your user’s consent, or stop doing that. Some of these things you can put into your general terms of service because they’re required for your business to work.

But if you’re doing things like profiling people based on what they visited, based on information they’ve given you them about them, then you should really dive into the GDPR. This is not something I can easily answer in a couple of minutes. It’s a lot of work. There are a lot of people that are very hard at work, making sure that we can do all the things in WordPress that you should be able to do under the GDPR. So yeah, dive in, consult a lawyer- I’m not a lawyer. Good luck!”