I found the following text on the Stacks4Stacks website, and it has me concerned, about asking about cookies, not knowing if anything I’m doing makes them, to be honest, when do we need to be concerned about this, I’m alarmed, don’t want to have to read a huge law script, dont know which content is “asking required”… any helpful newbie comments on this:
“to ensure website users give their explicit consent before particular content or scripting is loaded. This forms a major part of compliance with new GDPR laws coming into force in 2018.”
A link to your website would probably help, otherwise how do we know what exact implications GDPR has on you?
Basically in as fewer words as possible:
Make sure your website has a privacy policy / impressum page. Use any of the free templates available to create one.
Have a clear method for people to contact you, if they wish to question or opt out of something like being on a mailing list.
Check all your themes and stacks are updated. Typically anything released after May 2018 should be GDPR complaint already. Some developers have worked really hard to try and remove some of the technical hurdles for you already. Ask if in doubt.
Does your website rely on the services of another website like Google, Facebook, YouTube or others? Ideally you need to quarantine this content and stop it loading until after the user has given their consent. This is where some of the GDPR stacks can prove mighty useful.
Any tracking cookies your own website is setting (that are essential for the function of the website) like shopping carts and multilingual language selections do not require explicit opt-in - the RW8 privacy popup and the info you give in your privacy policy / impressum page is normally suffice to cover these.
Simple is best - if you can avoid using third party services in your website, keep them out.
A seminar I attended recently on GDPR suggested that you treat your privacy policy / impressum page as a form of self-certified ‘risk assessment’, and I think that ideology fits well. It is a way of identifying risk and explaining how you are actively mitigating the risk. E.g. “if you send me an email via my website, I will not give your address to someone else”. Basic stuff like that.
More GDPR stacks will be available around the end of this month, that may make the process even easier, in comparison to the existing stacks on the marketplace.