Unless you’ve been hiding under a rock for a bit (and even then, the news would probably still reach you), you know that GDPR (EU General Data Protection Regulation) is now in effect. In a nutshell, the regulation gives EU citizens control over personal data collected by the websites and services they interact with.
Of course, this affects website owners worldwide, as any site that serves even one EU citizen is obligated to comply. So, whether you’re based in Paris, France, or Paris, Texas – GDPR applies to you.
The internet has been in a mad scramble as companies send out masses of email notices and are changing privacy policies at near lightspeed. But if you haven’t gotten around to dealing with the issue just yet – it’s okay. We have your back!
Below are 8 helpful resources you can use to bring yourself up to speed and get your site into compliance.
*And, as the standard legal disclaimer goes, please know that these resources won’t, by themselves, ensure compliance. It takes some work on your part and advice from a legal professional to make things more official.
This interactive checklist will help ensure that you are on the right path to compliance. While it doesn’t cover every possibility, it is quite handy to have a list in front of you if only to help you gain some peace of mind in a very complex situation.
Developer Erwan Richard has curated this list of tools and resources that you can use to become compliant. Included are alternatives to Google Analytics, Maps and even social sharing buttons that don’t track user data.
Quite nicely, WordPress 4.9.6 came stocked with some new privacy tools that have GDPR in mind. But the GDPR WordPress plugin takes things a step further by allowing you to add user consent management, cookie preferences, anonymization capabilities, and the ability to manage user data requests. Lots of useful tools available in one package.
If you’re using a third-party or cloud service, how do you know if they’re compliant? And who’s to say that any sub-processors they use to measure up to the regulation? That’s where GDPR Tracker comes in. It’s from the same folks that brought the checklist above and provides all sorts of compliance information. You’ll find information on the country a company is headquartered in, their current compliance standing, certifications, a list of sub-processors they work with, and more.
Working with a database that is full of personal user information in a development environment? Anonymizer is a tool that will replace that info with randomly generated content. Obviously, it’s not meant for production environments – but provides an extra layer of security when you’re in the development phase.
If you’re running a Drupal site and looking to become GDPR compliant, this module can be a great help. It lets users see what data your website collects, while also providing administrators with some handy tools to manage data and user consent.
One of the tougher aspects of GDPR for web designers is figuring out which third-party services may be collecting user data on a given site. GDPR CLI is a Node.js command line tool (Windows and Mac’s versions are in the works) that scrapes your site and looks for outside services that could be compiling such data. So far, the tool is set up to detect code from various Google services such as Fonts and Analytics, but plans are in place to find code from other service providers.
Here for the Long Haul
While the chaos and extensive news coverage may fade, GDPR isn’t going anywhere. It certainly may see some tweaks in the future, but it is the new normal for web designers worldwide. The old way of doing things is, for better or worse, over.
The resources above could prove to be a big help as we navigate the many facets that GDPR presents. Use them to help develop processes that will ensure compliance by default. That way, this regulation becomes just another part of your job, rather than an extra burden to think about.