Please note this is not legal advice and you should contact a qualified lawyer to know more about GDPR and local laws. This article merely helps you on your way to be GDPR compliant.
On May 25th 2018, the General Data Protection Regulation (GDPR) became enforceable in all EU member states. This article explains what we’ve implemented in WP Optin Wheel (free or pro) to help you make your website, and in particular the usage of our plugin, GDPR-compliant.
Obtaining Consent
Every time you collect a visitor’s personal information, such as an email address or name, you should obtain active consent from that visitor, in which they agree you can use that data.
WP Optin Wheel allows you to add consent checkboxes to the forms you build. You have the option to make this checkbox mandatory. These checkboxes are not pre-ticked, which is also a requirement of the GDPR.
Here’s how you can add a checkbox to your forms:
- Edit or add a wheel.
- Go to the form builder step.
- Click Add New Field in the upper right corner.
- Create your consent checkbox.
Consent Should Be Specific and Freely Given
You’re most likely using WP Optin Wheel to grow your email list (if not, you can skip this part). That means you’ll have to inform the user of this (= specific consent) and allow them to opt into it (= freely given).
The image above adds a consent checkbox in which your user will agree to your privacy policy. The policy probably entails that you need the email address to send users their prize and to prevent cheating. It does not say that the user will also be subscribed to your newsletter. So at this point, your wheel may not be compliant in terms of consent.
So how can we fix this?
Opinions are divided over what it means to make a popup compliant in terms of consent. Here are 2 popular statements:
- Some experts say you are already compliant when your copy is clearly stating what the user is opting into. Something like “by playing the game, you are okay with receiving your prize via email, as well as occasional news and promotions about our service”.
- Other experts claim you should have a separate checkbox for opting users into your list. Even more so: it shouldn’t be mandatory since opting into your list is not necessary to play a wheel of fortune game.
Whichever solution you choose is up to you. We prefer #2, but that’s just our opinion! Please note that the 2nd solutions would mean people can play your wheels without being opted into your list.
How to only subscribe people to your list if a checkbox is checked?
If you want to give your users the ability to play the game and optionally subscribe them to your list if they choose to do so, here’s how you can do it:
- Add a checkbox to your form, as described above.
- When editing your wheel, go to Step 5: Settings > Data collection (GDPR).
- Check the box the user has to check before sending their data to your email list. If the user does not check the box, they will still be able to play but won’t be subscribed to your list. If you leave this setting blank, the user’s data will always be transfered to your list (this is the default behavior you’re used to).
Transparency
When you collect data, it must be clear to your users why the data is being collected and what it will be used for. You can solve this by writing a clear, understandable privacy policy.
We’ve created a document in which we explain what WP Optin Wheel collects and why. You can use this information to edit your privacy policy.
Right to Access Data
Under the GDPR, users have the right to view their data. If you are running WordPress 4.9.6 or higher, you can easily generate an export of all the data pertaining to a specific user. Go to Tools > Export Personal Data > and enter the email address of the user. WordPress will then collect all the data from that user and generate a ZIP file. Our plugin is hooking into that process, and as such, data WP Optin Wheel stores will also be included in the export.
Right to Be Forgotten
The GDPR states that visitors can request you to hard-delete their data. In WordPress 4.9.6 or higher, you can hard-delete personal data by navigating to Tools > Erase Personal Data. WP Optin Wheel also hooks into that process, so any data we keep in your WordPress database on the user will be removed.
Note that if you connected your wheels to a 3rd party tool like Mailchimp or ActiveCampaign, a request for deletion will not delete the records from that 3rd party tool. You will need to do that separately.
There’s a drawback to complying to this deletion request: if your wheels are only allowing users to play once, our system can no longer identify this user so it will allow them to play again.
