WowThemesNet is GDPR compliant. How we did it.

WowThemesNet is GDPR compliant. How we did it.

We’ve implemented the General Data Protection Regulation. Here’s how we did it!

General Data Protection Regulation (GDPR) will come into effect on May 25, 2018. We are glad to report that we have done all the required regulation to become GDPR compliant. Our steps to GDPR compliance could also be a practical guide* for your own website if you may. Here is what we did to be GDPR compliant:

We currently have three main forms where you can reach us for various reasons. We’ve implemented checkboxes for opt-in consent in each one of them:

  1. Contact form (general, presale or support questions)
  2. Subscribe form (newsletter)
  3. Google form (feedbacks)

The checkboxes are unchecked by default as a GDPR requirement - consent must be explicit, not implied.

Contact Form GDPR consent checkbox.

contact form GDPR

Subscribe Form GDPR consent checkbox

subscribe form GDPR

Google Form GDPR consent checkbox.

google form GDPR

Implemented explicit contact for GDPR requests

Under GDPR, we must honour requests from users concerning their GDPR rights. The easiest way for us was to create a new subject in our contact form: GDPR Requests. In our Privacy Policy we also inform our visitors about their GDPR rights and how to contact us for GDPR requests.

contact form GDPR requests

Cookies alert

If you are using WordPress, there are a lot of cookie consent plugins. Our website is generated by Jekyll and we use this script.

cookies alert gdpr

Set Google Analytics to automatically delete user and event data after some time

Thankfully, Google Analytics now lets you manage how long your user and event data is held on their servers. We’ve set data retention for 14 months. After 14 months user data and event is deleted automatically.

set data retention google analytics gdpr

Set other self hosted platforms or 3rd parties to automatically delete user data after some time

Google Analytics is not the only platform we use that helps us get better understanding of our customers’ needs. We also use Livezilla, a self hosted platform that collects user data via contact, chat, feedback, visitor tracking etc.

livezilla gdpr delete user data

Updated Privacy Policy and Terms & Conditions

I admit this has been the most time-consuming part. We had to combine our old Privacy Policy with the new GDPR requirements. Here’s our final table of contents, maybe it will help you, too:

  • Who we are
  • Information we collect and how we use it
    • Contact/Ticket submission forms
    • Chat forms
    • Newsletter subscription forms
    • Google forms
    • Affiliate sign-up forms
    • Payment processing forms
    • Website Analytics
  • E-Commerce
    • How do we process payments?
    • PCI Compliance
    • Fraud Protection
  • External Links
  • Third-Party Disclosure
  • Breach Notifications
  • Your rights
    • Right to information
    • Right to access
    • Right to rectification
    • Right to withdraw consent
    • Right to object
    • Right to object to automated processing
    • Right to be forgotten
    • Right for data portability
  • How can you exercise your rights?
  • California Online Privacy Protection Act
  • COPPA (Children Online Privacy Protection Act)
  • Changes to this Privacy Policy
  • Business Info

You can have a look at our full Privacy Policy here. Our Terms & Conditions have been updated to reflect the agreement of our new privacy policy.

Newsletter notification

Our subscribers are notified of the changed Privacy Policy, Terms & Conditions and the GDPR compliance. A GDPR implementation statement is a good practice.


Conclusion - here are the main completed tasks for our GDPR implementation

  • Implemented checkboxes for opt-in consent in all our forms
  • Implemented explicit contact for GDPR requests
  • Cookies alert
  • Set Google Analytics to automatically delete user and event data after some time
  • Set other self hosted platforms or 3rd parties to automatically delete user data after some time
  • Updated Privacy Policy and Terms & Conditions
  • Newsletter notification

Disclaimer

This article is not intended for use as legal advice for your company in complying with GDPR. Please contact a lawyer for legal advice regarding your business.

 
demo   Mediumish - our most loved WordPress theme
Mediumish Theme