The General Data Protection Regulation (GDPR) is a European Union (EU) law taking effect on May 25, 2018. The goal of GDPR is to give EU citizens control over their personal data and change the data privacy approach of organizations across the world.
Join Matt and Chris for another thrilling episode of the Best SEO Podcast, featuring “The Ultimate Guide to WordPress and GDPR Compliance – Everything You Need to Know” by www.wpbeginner.com.
Chris: Hi and welcome to the SEO Podcast: Unknown Secrets of Internet Marketing. My name is Chris Burres, owner of eWebResults.
Matt: My name is Matt Bertram, your SEO Researcher.
Chris: Welcome back to another fun-filled edition of our podcast. This is Podcast #42– oh no, that’s wrong.
Matt: Oh, I got this. I got this.
Chris: There’s a glitch in the Matrix, maybe we can fix that?
Matt: Back to the future. We’re back to the future. What is it?
Chris & Matt: 423.
Chris: Boom. Okay, good good. We’ve got that corrected. Welcome back to another fun-filled edition of this podcast. As always we have a tip from the previous podcast, and the tip this week is:
Matt: Create a Definitive Guide for your industry to attract more links.
Chris: So we had a 3-part series which was actually interrupted by Podcast #420. And that 3-part series was about, “6 Linkable Assets (And How to Actually Get Links Back to Them).” And so making a definitive guide is an important part of that. I think that was the powerful one out of the last podcast. So make sure you subscribe and you follow.
Chris & Matt: Boom!
Matt: Skyscrape it.
Chris: Remember we are broadcasting live here from Houston, Texas, and Matt and I we are your–
Chris & Matt: Results Rebels!
Chris: I want to jump into a review, this is–
Matt: Results Researchers.
Chris: Results Researching Rebels!
Matt: Aargh, aargh.
Chris: Does that work? Results Researching Rebels with a ruckus.
Matt: That’s fine. That’s fine.
Chris: With the ruckus full?
Matt: Yeah, yeah. I’ll take it, let’s go.
Chris: So we do have a review. This review is from Facebook, it is of course!
Chris & Matt: 5 stars!
Matt: I just guessed.
Chris: Oooh, that was a really high one.
Matt: I just guessed.
Chris: You just guessed?
Matt: Yeah, I just guessed.
Chris: That was a good guess.
Matt: I was like this– you know, back to the future.
Matt: Back to the future.
Chris: You are a psychic or psychotic, one or the other. Conor Wickham, he says, “Brilliant podcast, great SEO knowledge for anyone in the industry!” There was an exclamation, that’s why I did that.
Matt: Yeah, yeah, yeah.
Chris: Punch in the face to you Conor for that great review. Thank you. Hey you’re probably tuning back in – ‘cause most people are tuning back in – and if you are, you might be interested in some of our tips. You can get, “5 Online Marketing Mistakes That Tank Your Business & How to Avoid Them,” by going to eWebResults.com/
Chris: Yup, that takes you there. We have a teaser, we’re covering an article today. So we mentioned this I think two podcasts ago that we were gonna get back to this. GDPR, right?
Chris: That’s the great Britain and the general data protection regulation in the European Union.
Matt: Well, yeah all the Europe.
Chris: Yup, in all of the European Union. And we’re gonna talk about an article, “The Ultimate Guide to WordPress.” Don’t worry if you don’t have WordPress this podcast–
Matt: Still applies.
Chris: It’s still gonna apply to you. So WordPress and GDPR compliance, everything you need to know. We’re gonna get right back to that in a second. If you’re in a position to, we’d like you to tweet. Actually we’d like you to tweet now, and actually I didn’t get his– this page is maintained by Syed Balkhi.
Chris: Alright, so you can connect with him. If you’re in a position to tweet, what we would like you to do is tweet #SEOPodcast. Tag us in it: @BestSEOPodcast, @eWebResults, @MattBertramLive, @ChrisBurresEweb.
Chris: Did I get them?
Matt: Yeah, yeah.
Chris: That was all of them. Good, memory’s not failing me. And just let them know that you’re tuning into an article about GDPR. We would really appreciate if you did that. Hey, if this is the first time you’ve listened to the podcast–
Chris & Matt: Howdy!
Chris: And welcome to the podcast. We are from Texas so we actually do say Howdy. If you’ve listened to this podcast before, then you know what we’re about to skip. We run a contest each and every week and the way we run that contest is: if we get 10 shikos.
Matt: A share, a like and a follow.
Chris: So if we get 10 shikos and a review – I just read the review – then we move this piece, the piece where we tell you how to connect with us, we tell you how to give us a shiko – a share, a like or a follow – to the end of the podcast. And so we’re moving that to the end of the podcast.
Matt: We appreciate your engagement.
Chris: Yup, absolutely. Let’s see. If you would like a free comprehensive website analysis, you can get one by going to eWebResults.com. And then you will click the Free Website Analysis button, and you will get your–
Matt: And we have a Facebook Chatbot where you can chat with us during 8:00 to 5:00 coming to soon.
Chris: 8:00 to 5:00 chatbot coming soon. We’re getting some love symbols on Facebook there. We do want to make sure that we pass some, and give some love to all of our YouTubers out there. Thank you for tuning in on YouTube. I’ve got just a little piece of news. I thought this was interesting, I just pulled it up. The FCC bans unauthorized phone charges.
Chris: I feel like this should’ve been a long time ago. That’s where they’ll put different services on your phone and charge you whatever, apparently it’s officially banned now.
Matt: That’s good. Yeah. Government doing their job, look at that.
Chris: That is really good. Alright, so that is the potatoes of the podcast, it is time to get into the meat. I’ll need that later, so I’m glad it didn’t fly away very far. We are covering this article, “The Ultimate Guide to WordPress and GDPR Compliance: Everything You Need to Know.” If you fast-forwarded through the potatoes, don’t worry if you don’t have a WordPress website, this is still relevant to you. So it really started off with a question, “Are you confused by GDPR?”
Chris: And how it might affect your website? Remember it stands for General Data Protection Regulation, and it’s a European Union law, right?
Matt: What’s like the Fine, Chris. What’s the Fine?
Chris: The Fine? Do you want it in Pounds or do you want it in US Dollars?
Matt: I mean either one. You can convert it dollars, it’d be more relevant.
Chris: $26.8 million fine or 4% of your global profits, whichever is higher.
Matt: Do this. Listen.
Chris: You need to do this.
Matt: I read this whole thing.
Chris: And we’re gonna go through this and talk to you. You know, if you’re in the States or outside of the European Union, how does this affect you? We will talk about this. It took effect May 25th, right?
Chris: So it’s already in effect. Like we said, 4% of companies’ global revenue, and it’s creating widespread panic.
Matt: We got our plugins in time. We got our plugins in time.
Chris: We got the things in place. So this first question is, “Does GDPR apply to my WordPress or my website in general?” The answer is: Yes, if your website has visitors from the European Union this law applies to you. Alright, so this is one of the important pieces of that fine, right? So yeah, $26.8 million is a pretty impressive fine. Just know that’s not where the process starts, right? So it starts with a warning, and then there’s a reprimand, then there’s a suspension of data processing, and if you continue to violate the law, that’s when the large fines will hit.
Chris: So in sense you don’t need to worry, most of us are gonna be under the radar. One of the points is that this is probably for those large companies that are collecting lots of data. They just want to scare them enough ‘cause they will in fact put fines on them in the $20 million range, or 4%–
Matt: Did you see that Google fine? It was like $11 billion or something.
Chris: An $11 billion–
Matt: Out of the EU, yeah.
Chris: Oh, I didn’t see that one.
Matt: Or it might’ve been Great Britain or something. It was like, in the billions.
Chris: In the billions.
Chris: Here’s your billion dollar fine.
Matt: I don’t remember exactly what it was for, but it was crazy.
Chris: It wouldn’t surprise me, 4% of gross for the year.
Matt: I was like, “That’s gonna hit the stock price just a little bit.”
Chris: Yeah, you’re gonna see a dip. And he makes the point, right? It’s not the EU is being some sort evil government collaboration–
Chris: The maximum fine in their opinion is really again, to target those big guys, Facebook and Google. Once you understand that it’s the spirit of the law it’s not too crazy. It’s just about– and we’ll summarize it here towards the end, but basically the data it covers, right? So what’s required in the GDPR? Name, emails, physical address, IP address, health information, income information. That’s all personal data and you wanna make sure– that’s the thing that you gotta do the following with regards to.
Matt: I’ve used basically all that to target people.
Chris: Yes, yes. And I’m assuming we will continue to do that ‘cause it’s very effective. And in fact this isn’t saying you can’t do that anymore, it’s just saying you have to put certain things in place.
Matt: To tell them.
Chris: To tell them, make sure that they’re advised, right? In fact step #1 here, “Explicit Consent.”
Matt: Yeah. So what I used to do is in the privacy policies basically like, “We can do anything with your data. We can resell it, we can do anything.”
Chris: We can sell it, we can throw it away, we can give it to people, we can do whatever we want.
Matt: Yeah, we changed it. Don’t worry that was my old days.
Chris: That was old. Are you trying to scare everyone? Quick abort, ask to delete data.
Chris: So that’s one thing you can actually do. “You must obtain explicit consent.” And they’re saying you need to use common language, you can’t unambiguous. So now you really should have a button on your form submissions, right? If you’re gonna collect form submissions from the UK or from Great Britain– I mean from the European Union. And it needs to say, “Hey, here’s what we’re gonna do with our data.” And then that policy needs to be clear and succinct, it can’t be like, “And therefor thus thou, we are going to holy hold the data in some–” No, no. It’s gotta be like, “Your data is going to available to these kinds of people, we might market it to these kinds of people,” that kind of thing.
Chris: So that’s important. And it does say you can’t have– this is interesting, a kind of bone of contention, “You can’t just send unsolicited emails to people who gave you their business card or filled out–” that’s half of our marketing strategy. No. “or filled out your website contact form because they DID NOT opt-in to your marketing newsletter.”
Matt: They filled out your online marketing form.
Chris: It’s a little crazy, right? Right? And so here’s the deal, you just have to have a button that says, “Hey–” because the deal is, if somebody– Maybe they just wanna ask a question.
Chris: That doesn’t meant that they want to actually get on your newsletter.
Chris: And so the reality is, at least in our case, right? Because just to ask us a question it takes our time, that costs us money. So here’s how it works. If you want to ask us a question, you will get on our newsletter list. And we just need to be explicit about that, like that’s what this rule says. It doesn’t say you can’t do that, it just has to say, “When you press submit, you need to agree this. And when you to agree to this, that’s gonna mean that we’re gonna send you a newsletter.”
Matt: I don’t want to send them a newsletter, I wanna send them an email drip to have them call me.
Chris: Yeah, yeah.
Matt: Like I don’t want to–
Chris: Like a rapid-fire 8 emails per hour until they actually call me to say, “Hey, please turn this off.” Okay.
Matt: No, no no no.
Chris: That’s ineffective, you don’t want to do that obviously. Yeah, so you just gotta let them know what you’re gonna do with your data. It doesn’t mean that you have to even– you don’t even have to accept the forms, right? It’s your business, if you don’t want to accept the form submission unless they agree to your terms, great but you have to be very explicit about what those terms mean. If that makes sense.
Chris: They also have to have a right to the data. Which says, “I need you to send me an email with all the data that you have on me.”
Matt: You can go to Google and see what Google profiles you.
Matt: It’s pretty cool.
Chris: Yeah, it’s scary too. Like, how much do you know about me? So they have the right to download, and they also have the right to be forgotten. So if they say, “Hey, you need to delete all my data,” you’ve gotta have a process and be able to delete all the data.
Matt: So this is like a total kind of side note, but you know those people that were robodialing like crazy – which it looks like you’re getting a little bit of that right now.
Chris: Yeah, yeah. I’m getting robodialing.
Matt: So I got a robodialer on the phone and I said, “Stop calling me.”
Chris: Right, so you waited through the message, and then got to somebody.
Matt: Yeah, and I was like, “Please take me off of the list and stop calling me.” And it was some lady and she was like, “Screw you,” and she hung up on me.
Chris: Oh yeah! I said, “Take me off the list,” it was like, “We’re not going to take you off the list.” What? What do you mean they’re not gonna take me off the list?
Matt: Yeah, like they’re like, “We don’t care.” They’re in like Pakistan or– not Pakistan, just anywhere, somewhere, not here.
Chris: Like oversees.
Matt: I’m not labeling anybody, but I’m just saying that– Nigeria. Okay, maybe. No no, I’m just kidding you. But no seriously–
Chris: It’s oversees.
Matt: They don’t care. They do not care.
Chris: And you know one of the reasons they don’t care? It’s cause their phone number was spoofed.
Chris: So the number on your caller ID is not the real number.
Matt: So my number got spoofed to somebody at some point.
Chris: Yeah, and they called you back and said, “Stop calling.”
Matt: Yeah, and then I was like how to do this whole thing. But it’s just crazy where this thing’s going.
Chris: Yeah, so they have the right to be deleted.
Chris: And also if they unsubscribe, that doesn’t mean delete them, delete their data, it just means stop sending them stuff.
Chris: Go figure, like that’s kind of been in place for a while. Next point he talks about is, “Breach Notification.” So, organizations must report certain types of breaches within 72 hours to the authorities, unless the breach doesn’t really matter and didn’t risk data.
Matt: I got all these kind of crazy facts, I thought I didn’t have any news. Did you hear that, what is it? Ancestry.com got hacked or something like that?
Chris: No, I didn’t hear that, yeah.
Matt: And so now they’re worried about the data ‘cause they got your DNA, and they got your financial background, and then they got everything else. And so now people are stealing a full package.
Chris: Of everything.
Matt: Of everything. And your DNA is your #1 definer.
Chris: Right, it’s the ultimate definer.
Matt: Yeah, yeah. It’s just kind of crazy.
Chris: Okay, so you got to notify authorities in 72 hours if the breach is harmless. Okay, don’t worry. If the breach is high risk you actually must inform individuals who are impacted right away. And the intent of this is like the cover-ups, the yahoo cover-ups and things like that.
Matt: Oh, I just want to consent with an attorney as we’re not lawyers.
Chris: Oh consult with an attorney? Yeah.
Matt: Or yes.
Chris: Yeah. Get the consent of your policy from an attorney.
Matt: Get the consent from your lawyer based on what you see. Don’t listen to us, this is for educational purposes only.
Chris: Make sure your lawyer clicks the little box.
Chris: To consent on your policy.
Chris: Next is, “Data Protection Officers.” So it actually goes as far to say, if you’re collecting large amounts of data, then you need to have an officer in the company, in the corporation, that’s responsible for protecting that data.
Matt: Red tape.
Matt: Government red tape.
Chris: Add more red tape.
Matt: More cost.
Chris: Add more red tape. So here’s the summary, “To put it in plain English, GDPR makes sure that businesses can’t go around spamming people by sending emails they didn’t ask for. Businesses can’t sell people’s data without their explicit consent (good luck getting this consent).” It’s actually how many people do you think read the old policy that you used to have on your old business? Where you could do anything with the data?
Matt: One person– yeah, yeah, yeah. Statistically it’s gotta be at least one, you know what I mean?
Chris: Yeah, there’s one somewhere. “Businesses have to delete user’s account and unsubscribe them from email lists if the user ask you to do that.” And, “Businesses have to report data breaches and overall be better about data protection.”
Matt: Sounds reasonably.
Chris: Yeah, ultimately it’s pretty reasonable. Alright, so then we’re gonna get into maybe a little bit more specific to WordPress, but I think keep listening even if your site’s not on WordPress ‘cause we kind of summarized this. So one question– okay, this is WordPress specific.
Chris: Is WordPress 4.9.6, is it GDPR compliant? The answer to this is: Yes, but I’m gonna say a couple things, right? It depends on the plugins you have, it depends on what you have your site–
Matt: Yeah. It can be, I’m going to say that.
Chris: Yeah, yeah. Well what it does have built into it is, there isn’t really any data collection per se, except for the comments, right?
Matt: Seems reasonable.
Chris: So no big deal. And the next one is, “Comments Consent.”
Chris: I kind of sped forward on that. So just make sure your WordPress is updated to 4.9.6. Again, they have added a data export and erase feature. Now, it gets a little more tricky when you start talking about plugins.
Matt: Yeah, keep those updated.
Chris: So yeah, absolutely. So one of the things– and email is incredibly consistent now, right? I remember a day when we were like, you know what, I don’t know 2% of emails don’t seem to arrive. That just is pretty much gone now. Now there’s 2% maybe but they’re in spam or they’re somewhere else. Back then we made the decision internally that for all of our customers we would store form submissions so that if the email got lost, if the email never got to the customer, at least from time to time they could check back in at WordPress and they could go, “Oh look, here’s the form submissions and we can actually make contact with these people who probably want to give us money.
Chris: Is that a good plan? Yeah, problem.
Matt: Problem. I actually think we need to go back to all our clients and make sure that they’re all GDPR compliant.
Matt: Like I think that that’s something we’re going to–
Chris: A thing that we need to do.
Matt: Yeah, thank you everyone for letting us know that.
Matt: I appreciate it. Without you–
Matt: That thought wouldn’t have been in my head.
Matt: We got that.
Chris: Yup, that’s already added. In our case it only shows up if you’re in the EU, so yeah that’s kind of cool.
Matt: It comes up when I’ve gone on site on mobile.
Chris: Have you?
Matt: And anonymously.
Chris: Maybe I clicked it, and it didn’t realize it, and it’s not showing up. I don’t know. I just assumed that it was– like I know we took care of the problem.
Chris: And I didn’t see the results, so I just assumed, “Hey, we’re in the US–”
Matt: We’re overly safe here.
Chris: That’s good.
Matt: We’re overly safe here.
Chris: Good, I’m glad somebody’s on top of it.
Chris: “Contact Forms.” Alright so again, with the forms you need to get explicit consent that you’re going to store their information, explicit consent of what you’re going to do with the data, otherwise you kind of should disable all of that storage stuff. “Simply adding a required consent checkbox with clear explanation should be good enough for you to make your WordPress forms GDPR compliant.
Chris: And same thing really applies to the email marketing opt-in forms. Add the check-in box or you can just require opt-in, double opt-in.
Matt: Yeah. Aargh.
Chris: So our recommendation is: don’t let them submit the form until they agree to your terms which says that you’re going to give their data away for free. I mean whatever your policy decide to be. And then finally WooCommerce. Of course lots of data is stored with WooCommerce.
Chris: WooCommerce has a comprehensive guide for site owners so you can go check that out.
Matt: Yeah, e-commerce is a whole–
Chris: Whole other thing, yeah. Our WooCommerce sites are compliant by the way. We’ve made that an extra, especially ‘cause they get sales from the European Union.
Matt: Some of our companies are becoming our biggest clients.
Chris: Yup, pretty quickly.
Matt: Here at eWeb.
Chris: That’s pretty cool.
Matt: No, they are.
Matt: They are.
Chris: Yeah, they are.
Chris: Alright, “Retargeting Ads.” “If your website is running retargeting pixels or retargeting code,” then you do need to have that cookie notice.
Matt: That’s a plugin.
Chris: Yeah, that’s a plugin that takes care of that.
Matt: Yeah, yeah. Get that.
Chris: And then the final thoughts, the likelihood of getting a fine the day after the rule goes into effect. By the way this article was written before May 25th.
Chris: It’s pretty close to zero, right? Because they have to give you a warning.
Matt: It was like 2012.
Chris: It’s about time we catch up! And just remember the European Union is not out to get you, it’s out to protect data. One thing that I saw ‘cause I read whole a bunch of articles on this to try and get some different perspectives. And one thing that I saw, and I think is actually probably salient is: be prepared for this to come to the US. It may take a while, but it’s probably going to come here, right? Because when you think about that summary, people should control their data, you shouldn’t be able to spam people, like all of that stuff is reasonable.
Matt: So I’m gonna take the other side of the argument.
Matt: Okay? So like things like Monsanto and like GMOs.
Matt: Can’t do it in Europe.
Matt: But they’re like, “Yes, sell them to the Americans.”
Chris: Okay, okay.
Matt: Right? So like the American’s is like the biggest market.
Chris: It’s the open market.
Matt: And it’s the open market that everybody just sails into, and so there’s probably going to a lot of lobbying to stop that like from the big companies. Maybe, but I just see the EU–
Chris: It may take a while.
Chris: And EU is actually always been pretty aggressive and protecting consumer data, citizen data. So in citizens in general. I think it’ll get here.
Matt: Yeah, well–
Chris: It’s not unreasonable the things that they’re doing.
Matt: It’s true.
Chris: You know its just a little extra effort that we would prefer not to go through. Alright, anything else? I think that was pretty good. Now you are GDPR certified, except we’re not lawyers so don’t take that–
Matt: We’re just researches.
Chris: The doesn’t mean anything.
Matt: We’re just lonely researches.
Chris: Yeah, make sure you’re taking care of the rights steps if you’re doing business or getting visitors traffic from the European Union.
Chris: Alright, so if you liked this podcast, we’re going to ask you to do one simple thing.
Matt: Share with 5 people ‘cause this is important stuff and we’ve got to get it out there.
Chris: Yup, absolutely. If you’re looking to grow your business with the largest, simplest marketing tool on the planet.
Matt: The internet!
Chris: Call eWebResults for increased revenue in your business, our phone number is 713-592-6724. If you have a referral, right? So some people it’s still hard to explain–
Matt: We’re going to put an affiliate program on the–
Chris: A link.
Matt: Yeah, a link in the jobs or career section on our site. And so you can become a vendor, yeah.
Chris: That can work.
Matt: Yeah, that’s what we’re going to do, and we’ll explain it there.
Chris: Just know: yes we make website, yes we do Facebook ads and Facebook manage your social media campaign.
Matt: Okay, yeah.
Chris: Like social media in general.
Matt: Yeah, yeah. I’ve seen that, I’ve seen those ads.
Chris: Yes we do pay-per click, yes we do remarketing–
Matt: We’re in #1 for pay-per-click.
Chris: Pay-per-click Houston.
Chris: Yeah, boom. So yeah, we do all of those things. If you send us a referral: when they pay their bill, we pay you. Right? That works pretty simply. We were filmed– wait! I do want to talk about this. Okay so here’s the piece: we do need reviews, we do want you to connect with us.
Matt: Yup, yup, yup.
Chris: And you can connect with us– here’s some social sites. Let’s say you could go to Twitter.com/
Chris: And let’s see what’s another one?
Matt: That’s good.
Chris: It’s not even on here.
Matt: No, that’s good. That was good. That was good.
Chris: All of those will take you to our profiles on those platforms.
Matt: And if you’re guessing, you probably got a good guess.
Chris: You got the good guess. We’re gonna talk about Pinterest, YouTube, Tumblr, Imgur and Flickr.
Chris: Is it Emgur Amgur?
Matt: Yeah, we got some active people on that.
Chris: We’ll talk about those next time. Also if you could leave us a review, like where do you want them to leave us a review? Like do you have a preference?
Matt: Yelp right no. We want it, we want it on Yelp.
Chris: How do they get– eWebResults.com/
Chris: That’s pretty easy.
Chris: And you can leave us a review. Hopefully you’ll make that review–
Chris & Matt: 5 stars!
Chris: Alright, so we were filmed live here at 5999, West 34th Street, Suite 106, Houston, Texas, 77092. You can find audio, video and a transcript of this podcast at our website eWebResults.com. You guys have made us the most popular internet marketing podcast on iTunes, in the European Union, across the planet, like interstellarly, just like everywhere.
Matt: Well we went to the future and saw. I mean we’re on actually more than just iTunes and Ahrefs #1.
Chris: Right, yup.
Matt: So yeah.
Chris: All over the place.
Matt: In the future, yeah.
Chris & Matt: Thank you.
Chris: Thank you very much for making that happen. Please keep sending in your questions, your comments, your reviews. We really appreciate you. And yeah if you want a free website analysis go to the website. Until the next podcast, my name is Chris Burres.
Matt: Matt Bertram.
Chris & Matt: Bye bye for now.