GDPR

I think it’s worth remembering in this discussion that this plugin doesn’t store any user data or make use of IP addresses. When a user lands on a site using this plugin and accepts the cookie notification message, the plugin places a cookie on the user’s own machine that records the user’s acceptance. It doesn’t store anything, including IP addresses, server side.

Hi @catapult_themes. As I mentioned, I like your plugin. If it wasn’t for the GDPR, I would use it and have even thought about what it would take to modify it for GDPR compliance and give the code to you. I did look at Cookiebot (cookiebot.com) – it looks pretty good on a trial run but can get pretty expensive for a blog or some other types of sites with a large number of “pages”.

(@catapult_themes) I think it’s worth remembering in this discussion that this plugin doesn’t store any user data or make use of IP addresses. When a user lands on a site using this plugin and accepts the cookie notification message, the plugin places a cookie on the user’s own machine that records the user’s acceptance. It doesn’t store anything, including IP addresses, server side.

When I saw your entry, I wondered if you have looked into the GDPR. Until a couple of weeks ago, it was one of those things that was on my to-do list and I finally got to it.

In case you haven’t looked into it…
The GDPR is a regulation (EU law) ratified by the EU back in 2016 and is set to take effect on May 25.

Every web site that collects and processes data about any natural person who is a citizen of the EU needs to comply with the GDPR or they are subject to fines of up to 10 000 000 EUR or 2% of worldwide turnover for certain infractions and up to 20 000 000 EUR and 4% of worldwide turnover for other infractions, and the GDPR even states that for some things the fine is “whichever is higher” (Article 83 of the GDPR).

Cookies related to analytics and ad targeting will be the main ones that collect and process user data, some of which could be personally identifying information as defined by the regulation and referenced statutes. As a class of cookies, going back to what I wrote earlier as to the GDPR and cookie acceptance, those cookies that collect any potentially personally identifying information on sites that EU citizens might visit need to be listed as to what they are, what they do and who might use the data and the site visitor needs to be able to turn them off – my preference in looking for a GDPR compliant cookie acceptance plugin is one that gives an acceptance and a rejection choice so their choice either way is explicit. For GDPR compliance visitors also need to be able to withdraw acceptance and also to be able to see their data.

In fact, compliance isn’t just doing things but it is documenting what you do and being ready for an audit, and having a process to mitigate damage and notify people in case there is a data breach that could compromise personal data.

The EU really made things difficult for companies without big budgets because there is so much to do.

There is probably plenty of web sites who will only have visitors outside of the EUR, but the GDPR is causing a lot of companies to look for what will be GDPR compliant in their forms and cookies, anything that could collect personal data.

Best regards

• This reply was modified 6 years, 7 months ago by cbook.