Site icon Utilly(ユーティリー)

What is the GDPR? Explanation of measures against GDPR by site operators such as WordPress

This post is also available in: 日本語

Introduction

In recent years, regulations have rapidly advanced in the area of personal information protection. This regulation on personal information is being advanced all over the world. The Japanese government is also actively discussing this issue. In particular, the EU has enacted a law called the GDPR, which regulates methods of obtaining personal information on the web, such as cookies. This article explains what the GDPR is and what measures are necessary for site operators using WordPress.

What are cookies?
A mechanism for storing information in a browser on a Web page. You can obtain and provide login information and terminal information as cookie information.

 

Key points of this article

First, I’ll list the points of this article! If you don’t have time, please take a look at this point.

What is the GDPR?

Let’s start with the GDPR. GDPR stands for “General Data Protection Regulation”. When translated into Japanese, it is called “EU General Data Protection Regulation”. Effective May 25, 2018, this law replaces the “Data Protection Directive 95 (EU Data Protection Directive)” which came into effect in 1995.

Background to the establishment of the GDPR

Behind the establishment of the GDPR is the development of IT technology and economic globalization. Starting with huge platforms such as Google and Facebook, there are increasing numbers of companies that leverage massive amounts of data to expand their businesses globally. The EU has established the GDPR as an updated version of the emergency legislation to respond to such environmental changes.

Basic Principles of the GDPR

The GDPR has basic handling principles. Please check the following.

Penalties of the GDPR

The following are fines and examples of violations of the GDPR.

Higher of “2% of a company’s worldwide annual sales” or “10 million euros.”
Higher of “4% of a company’s worldwide annual sales” or “20 million euros.”

Personal data subject to the GDPR

Let’s look at the personal data covered by the GDPR.

Country Coverage

The countries covered are:.

Defining Personal Information

This information will lead to the identification of all individuals, including employees and company representatives, as well as general consumers in the target countries.

Personal information may include the following:.

It is easy to understand if you consider all the data that can be specified by individual designation as the object. The same applies to data that, when combined with other information such as employee IDs and mobile numbers, can identify individuals. In this regard, online identifiers, such as cookies and IP addresses, are relevant when combined with other data to provide personal identification.

Will Japanese companies be affected by the GDPR?

Although the GDPR is an EU law, Japanese companies may be affected by this law.

Since the GDPR is primarily concerned with a very large department, this article lists the actions required from the perspective of a business site operator using a CMS tool such as WordPress.

As for the internal maintenance, it is necessary to have a data manager first. At the same time, it is necessary to organize internal rules concerning data management.

Updating the Privacy Policy Page

We need to establish a privacy policy. In many cases, the privacy policy is based on the assumption that users of the service can view it, so there may be a need to update the privacy policy of the website. I recommend that you consult a lawyer or other specialist.

Obtaining user consent

When obtaining personal data from users, it may be necessary to obtain clear consent from the data subject, and a record is required to confirm that the data subject has actively expressed his or her intention to consent.

Here are some of the tools and techniques you should be aware of:

■Google Analytics Data
■e-mail magazine
■Getting Cookies for Retargeting Ads
■Obtaining location data such as GPS

Data Encryption/SSL


Data storage location encryption and data communication traffic encryption (https) are required. The term “encryption” is not required by the GDPR as it is not used extensively in the GDPR. However, as it is a basic content for information management of a company, it is better to work on it if it is not prepared.

Checking and Updating Plug-ins

WordPress plug-ins that collect and store personal information must be updated. The main plug-ins are:.

 

Japan Prepares to Revise Personal Information Protection Law

I don’t feel safe because my company doesn’t serve EU residents. In Japan, a bill to revise the Act on the Protection of Personal Information, including stricter conditions for the use of cookies, has been approved by the Cabinet (As of March 2020).

Lastly

In this article, we introduced the definition of the GDPR and the points of its countermeasures. Regulations on the protection of personal data will be strengthened not only in the EU but also in the world, so we may be able to create an opportunity to inspect sites and services once again. That’s all for the article.

Exit mobile version