Important GDPR Updates for Our WP Courseware Users
(Note: This post does not contain legal advice. To ensure that your business is in full compliance with any regulations, please seek the advice of your legal counsel.)
Unless you’ve taken a vow of internet abstinence recently, you’re likely aware that the deadline to comply with the General Data Protection Regulation, or GDPR, legislation enacted by the European Union (EU) is fast approaching.
By May 25th, any business which controls or processes data of EU citizens must be in compliance of this legislation.
This important change affects not only our business as a company which conducts a significant portion of its business with EU citizens, but also our WP Courseware users who market and sell their online courses to EU citizens.
So What is GDPR?
Here’s the official answer:
“The GDPR (General Data Protection Regulation) is a new EU Regulation which will replace the 1995 EU Data Protection Directive (DPD) to significantly enhance the protection of the personal data of EU citizens and increase the obligations on organisations who collect or process personal data. It will come into force on 25th May 2018. The regulation builds on many of the 1995 Directive’s requirements for data privacy and security, but includes several new provisions to bolster the rights of data subjects and add harsher penalties for violations.”
In a nutshell, this means if you are marketing your products, courses, or any other offerings to EU citizens, there are some changes which you need to implement to stay on the right side of compliance with this new legislation.
Covering what this means for your specific business activities is beyond the scope of this email. However, there are many resources available to you online. We might recommend starting with the “plain English” summary which Hubspot published.
What We’ve Done to Comply and Help You Comply with GDPR
First, we have updated our website and privacy policy to ensure that our data collection tactics (email opt-ins, new customer accounts, etc.) are clearly disclosed. We recommend that you do the same as soon as possible if you haven’t already.
Second, if you are offering courses to EU citizens using WP Courseware, we have taken appropriate steps to ensure that you can continue to use the plugin to deliver the courses you market and sell and remain in compliance with the new standards:
- As of the release of version 4.9.6, WordPress core code now includes native settings to allow site administrators to accommodate requests from users to a) export all of the personally identifying information the site has recorded for the user or b) anonymize any personally identifying information the site has recorded for the user.
- WP Courseware version 4.3.3 (released and available for update) now integrates with this native functionality within the WordPress core. If you are selling online courses with WP Courseware and a user requests either an export of their data or anonymization of their data, you can accommodate these requests from the native WordPress privacy menus (Settings -> Export Personal Data or Settings -> Erase Personal Data).
- WordPress version 4.9.6 also introduces boiler-plate recommended language for adding a GDPR-compliant Privacy Policy page to your site. If WP Courseware is installed and activated on your website, you will also find additional recommended language to include which is specifically related to additional information which WP Courseware collects from your customers on your behalf.
- Once you have created a GDPR-complaint Privacy Policy page on your site, out of abundance of caution we have provided you with an option to force your course customers to agree to your Privacy Policy upon checkout. This option can be found within WP Courseware’s main Settings screen by navigating to the Checkout tab.
- If you choose to force customers to agree to your Privacy Policy upon purchasing your course, a time stamp will be added to the Student Details screen for that customer to indicate the date and time at which they agreed to your Privacy Policy.
Again, we highly recommend that you consult a qualified legal professional if you have detailed questions about how to ensure that your business is in compliance with the new GDPR legislation.