Most of us have visited the ICO website and taken advice, courses, webinars etc that are available on the topic how many of us however can claim to fully understand GDPR? Until proven legal cases develop and are brought to conclusion it’s difficult to see how anyone can definitively state what is required for GDPR compliance.
The purpose of this article is explicitly NOT to provide legal advice but to hopefully provide some specific information with useful links to further resources.
We should all do our best to ensure we are compliant given the knowledge we have by providing a Disclosure section on our website about data collection and by limiting the data we collect (data is usually collected in the case of a WordPress website via plugins such as Woocommerce or Gravity forms etc). At the time of writing WordPress are working on functionality that will enable .
A website has the potential to collect the specific category PII (Personally Identifiable Information) but that is not to say that every website does so. This website does not do that and it is quite likely that yours does not either.
This category of data is personal data which the GDPR says is more sensitive, and so needs more protection. PII can be deemed as more detailed and sensitive data as shown here:
If you do collect explicit data it will be required that you can deliver to any website user on request a summary of their data that you have collected. It will therefore make sense to not collect ‘personally identifiable information’ from your users.
As explained at the beginning of this article the purpose has NOT been to provide legal advice. The text is purposely brief and comprises of several useful links to specific relevant information. Nonetheless there are individuals who have a better understanding of GDPR requirements therefore further research would be advisable.
This article is also timely; i.e. over time our understanding of the regulations will develop and be informed by events at which point we will review the context.