gdpr 第32条
As most people should now be aware, the General Data Protection Regulation (GDPR) comes into the force on the 25th May. If you have a WordPress website, this means you will be affected by the new regulation and will need to make changes in order to comply. Failure to do so can lead to very large fines. In this post, we’ll give you some hints and tips to help you put your site in order.
正如大多数人现在应该知道的那样,《通用数据保护条例》(GDPR)于5月25 日生效。 如果您拥有WordPress网站,这意味着您将受到新法规的影响,并且需要进行更改才能遵守。 否则可能会被罚款。 在这篇文章中,我们将为您提供一些提示和技巧,以帮助您使网站井井有条。
什么是GDPR? (What is GDPR?)
GDPR is a new regulation designed to improve the security of the personal data of EU citizens and to give those citizens greater control over how their data is used. It applies to any organisation that collects the data of EU citizens whether they are based in the EU or not. If you need a wider understanding of GDPR, read our article: 15 Things You Need to Know about the General Data Protection Regulation (GDPR).
GDPR是一项旨在改善欧盟公民个人数据安全性的新法规,旨在使这些公民能够更好地控制其数据的使用方式。 它适用于任何收集欧盟公民数据的组织,无论他们是否基于欧盟。 如果您需要对GDPR的更广泛的了解,请阅读我们的文章: 关于通用数据保护条例(GDPR)的15件事 。
什么是个人资料? (What is personal data?)
Personal data is anything which can be used to identify an individual whether on its own or when used in conjunction with other information. Personal data also includes sensitive data, which can cover a person’s racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life, financial details or criminal history.
个人数据是可以用来识别个人的任何信息,无论是单独使用还是与其他信息结合使用。 个人数据还包括敏感数据,这些数据可以涵盖一个人的种族或民族血统,政治见解,宗教信仰,工会活动,身体或精神健康,性生活,财务状况或犯罪记录。
WordPress网站如何收集个人数据 (How WordPress websites collect personal data)
WordPress sites can collect personal data in a number of ways. Sometimes this is done intentionally, while at others, it is done automatically through the website’s software, perhaps without you even knowing. Typical examples include:
WordPress网站可以通过多种方式收集个人数据。 有时,这是故意进行的,而在另一些情况下,则可能是通过您的网站软件自动完成的,甚至您可能都不知道。 典型示例包括:
- analytics and traffic logs 分析和流量日志
- blog comments 博客评论
- contact form entries 联系表格条目
- logging tools and plugins 日志记录工具和插件
- security tools and plugins 安全工具和插件
- user registrations or newsletter subscriptions 用户注册或新闻通讯订阅
如何开始合规 (How to start becoming compliant)
When it comes to ensuring that the data you hold is secure, you need to implement a ‘Privacy by Design’ system that protects data from the moment it is collected until it is safely erased. Part of this process requires you to undertake a ‘privacy impact study’ that looks at how any changes you make to your site will help keep the data secure.
在确保所保存数据的安全性方面,您需要实施一个“设计保密”系统,该系统可以保护从收集数据到安全擦除数据的整个过程。 此过程的一部分要求您进行“隐私影响研究”,以研究您对网站所做的任何更改如何有助于确保数据安全。
1.将更改记录到您的站点 (1. Log changes to your site)
One tool that can help you with this is the Security Audit Log plugin which keeps a record of all changes which take place on your site, showing how data is being processed and stored.
一个可以帮助您解决此问题的工具是“ 安全审核日志”插件,该插件可以记录您网站上发生的所有更改,并显示如何处理和存储数据。
2.安装防火墙 (2. Install a firewall)
Firewalls are essential to protect your site from cyber attacks and are crucial in keeping your data safe. WordPress users can do this easily by installing a firewall plugin, such as Wordfence Security – Firewall & Malware Scan or All In One WP Security & Firewall.
防火墙对于保护您的站点免受网络攻击至关重要,对于确保数据安全至关重要。 WordPress用户可以通过安装防火墙插件(例如Wordfence安全性-防火墙和恶意软件扫描或All In One WP安全性和防火墙)轻松地做到这一点。
3.获取SSL证书 (3. Get an SSL certificate)
SSL certificates are essential for WordPress websites as they encrypt data in transit between a user’s browser and your server. This means that if anyone sends you personal information, such as credit card details, it remains secure.
SSL证书对于WordPress网站至关重要,因为它们对用户浏览器与服务器之间传输的数据进行加密。 这意味着,如果有人向您发送个人信息(例如信用卡详细信息),它将保持安全。
4.确保您具有远程备份 (4. Ensure you have remote backups)
Remote backups are essential in case your website or server goes down and you need to restore it quickly. However, from a GDPR perspective, you need to make sure that the backup itself is secure as it will contain a copy of all the personal data you hold.
如果您的网站或服务器出现故障并且您需要快速还原它,则远程备份是必不可少的。 但是,从GDPR的角度来看,您需要确保备份本身是安全的,因为备份将包含您持有的所有个人数据的副本。
5.加强电子邮件保护 (5. Strengthen email protection)
Email addresses you keep on your computer or in web accessed systems are also deemed as personal data. The last thing you need is to open a spam email that gets access to your mailing list and begins sending malicious emails to your customers. To keep your email safe, make sure you have all mail scanned, you can do this by using tools such as SpamExperts.
您保留在计算机或网络访问的系统中的电子邮件地址也被视为个人数据。 您需要做的最后一件事是打开垃圾邮件,该邮件可以访问您的邮件列表,并开始向您的客户发送恶意电子邮件。 为了确保您的电子邮件安全,请确保已扫描所有邮件,您可以使用SpamExperts之类的工具进行扫描 。
6.提高登录安全性 (6. Improve login security)
Poor login security makes it easier for hackers to break into your website and steal personal data. Although many people find that two-factor authentication can be a long-winded process for logging into your dashboard, it is highly secure and much better than just having a username and password. You can install the Two-Factor Authentication plugin from your dashboard.
登录安全性差,使黑客更容易闯入您的网站并窃取个人数据。 尽管许多人发现双重身份验证可能是登录仪表板的漫长过程,但它具有高度的安全性,并且比仅具有用户名和密码要好得多。 您可以从信息中心安装“ 双重身份验证”插件。
7.更新您的隐私政策 (7. Update your privacy policy)
One of the things you need to do under GDPR is inform your users about:
根据GDPR,您需要做的一件事就是向您的用户告知:
- the types of data your website collects 您的网站收集的数据类型
- why you collect that data and how you use it 为什么收集这些数据以及如何使用它们
- how that data is used and stored 该数据的使用和存储方式
- how data is shared 数据如何共享
- how users can get a copy of any personal data that you hold on them 用户如何获取您持有的任何个人数据的副本
- how to ask for that data to be erased or moved 如何要求删除或移动该数据
All this information should be put together in your privacy policy and a privacy policy page created. In the latest version of WordPress (v 4.9.6) a new privacy policy setting has been created to enable you to create and display your privacy policy page.
所有这些信息都应放在您的隐私政策中,并创建一个隐私政策页面。 在最新版本的WordPress(v 4.9.6)中,已经创建了新的隐私策略设置,使您可以创建和显示隐私策略页面。
8.安装GDPR插件 (8. Install a GDPR plugin)
To fulfil some of the other requirements of GDPR we suggest you download and install a GDPR plugin, such as GDPR or WP GDPR Compliance. These plugins are useful because they carry out a number of tasks you need to comply with. These include:
为了满足GDPR的其他一些要求,建议您下载并安装GDPR插件,例如GDPR或WP GDPR Compliance 。 这些插件很有用,因为它们可执行您需要遵守的许多任务。 这些包括:
- Cookie management Cookie管理
- Getting user consent for the privacy policy when they register with your site 在用户向您的网站注册时获得用户对隐私政策的同意
- Asking for privacy policy consent when you make changes to your policy 更改政策时征求隐私政策的同意
- Handling requests for data erasure 处理数据删除请求
- Handling users’ requests to access their data or move it elsewhere 处理用户访问其数据或将其移至其他位置的请求
- Create data breach notifications (by law you now have to do this within 72 hours of any breach) 创建数据泄露通知(根据法律,您现在必须在任何泄露后72小时内执行此操作)
- Keep records of all data being sent from plugins to third-party sites 保留从插件发送到第三方站点的所有数据的记录
9.确保您的虚拟主机符合要求 (9. Ensure your web host is compliant)
If your website is hosted on a service provider’s server, you also need to make sure that adequate security measures are in place on that server. You should have a ‘Data Processing Agreement’ with your host which explains how they handle any data that you store on their systems.
如果您的网站托管在服务提供商的服务器上,则还需要确保该服务器上已采取适当的安全措施。 您应该与主机达成“数据处理协议”,其中说明了主机如何处理您存储在系统中的任何数据。
10.检查是否需要向ICO注册 (10. Check if you need to register with the ICO)
If you handle personal data in certain ways, you are required, by law, to register with the ICO. If you are unsure, there is a self-assessment tool on their site which you can use.
如果您以某些方式处理个人数据,法律要求您在ICO中注册。 如果不确定,则可以在他们的网站上使用自我评估工具 。
结论 (Conclusion)
GDPR will have an impact on everyone who collects personal data, so it is important that you comply with the regulation. For WordPress users, there are many things you need to do to ensure that personal data is kept safe and that you enable users to exercise their rights over their data. Hopefully, the tips given here will help you achieve compliance.
GDPR将对每个收集个人数据的人产生影响,因此遵守该法规非常重要。 对于WordPress用户,您需要做很多事情来确保个人数据的安全,并使用户能够行使其对数据的权利。 希望这里提供的提示将帮助您达到合规性。
翻译自: https://www.eukhost.com/blog/webhosting/10-tips-to-make-your-wordpress-website-gdpr-compliant/
gdpr 第32条
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
