• Resolved lauratraveler

    (@lauratraveler)


    Hi,

    My website doesn’t have users (people can’t create an account) nor do I have comments enabled. I have all backup options checked – file & databases, plugins, themes, uploads and any other directories found inside wp-content. To comply with GDPR, do I have to upgrade and encrypt the data? I’m not sure I backup any personal data from people visiting my site. How can I make sure of that?

    Thanks!

Viewing 9 replies - 1 through 9 (of 9 total)
  • Hi,

    I am interested in hearing the response to this question. Though my situation is different since comments are activated on my site and I have a newsletter subscription form, which means my site is storing personal data. In accordance to GDPR am I supposed to specify in my privacy notice that I use UpdraftPlus to backup all my data, including visitors personal data?

    Thanks!

    Thread Starter lauratraveler

    (@lauratraveler)

    @misscatherine I have a newsletter subscription form as well. But I don’t think subscriber data goes through or is stored on my server but rather on the server of the email marketing provider company. Or am I wrong?

    Hi @lauratraveler,

    Honestly I don’t know. I find this whole thing terribly confusing and don’t know how to write a proper privacy notice. I’ve been spending time online looking it up, but still don’t know what to do.

    I understand why this regulation is important, but it’s really hard to implement for individual small sites owners…

    Hope we get some clear answers here soon!

    Hi

    How does one comply with the new GDPR rules, because all backups must be encrypted, as we all now face a substantial fine could we receive an urgent reply

    thanks

    Plugin Contributor DNutbourne

    (@dnutbourne)

    Hi,

    Apologies for the delay.

    If backing up the site with UpdraftPlus, you will need to state that data backups are kept on the site. However, it is not necessary to state that UpdraftPlus is used, unless you are using UpdraftVault as a remote storage location.

    You will need to state where backups are stored (e.g. Dropbox), and include links to the appropriate third-party policies.

    The retention rules for backups should be sufficient to satisfy the requirement to only hold data for a reasonable amount of time.

    The backups are standard ZIP and GZIP archives, so can be encrypted manually.
    UpdraftPlus also transfers the backups to remote storage securely, whenever possible.

    We do have a premium, paid add-on that allows you to automatically encrypt the database backups. For more information, please see our site.

    For our full data protection policies, please see our data protection and privacy centre:
    https://updraftplus.com/data-protection-and-privacy-centre/

    Thank you for your response @dnutbourne.

    Plugin Author David Anderson

    (@davidanderson)

    N.B. It should be noted that there isn’t a one-size fits all recipe for GDPR compliance in relation to backups, and that as well as our generic/basic advice, you should do your own assessment of your particular setup.

    Thread Starter lauratraveler

    (@lauratraveler)

    @dnutbourne Not sure what you mean by ‘If backing up the site with UpdraftPlus, you will need to state that data backups are kept on the site.’ I store backups on Google Drive. How are data backups are kept on the site and on Dropbox or Google Drive or another service? I thought all backup are stored in the service of our choice (aka Dropbox, Google Drive, etc.) but not on the server. I’m confused.
    Laura

    Plugin Contributor DNutbourne

    (@dnutbourne)

    @lauratraveler, Apologies, I meant ‘backups of the site are kept’.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘GDPR for simple website’ is closed to new replies.