We have just released updates for all of our themes and plugins to improve compliance with the new General Data Protection Regulation (GDPR) of the European Union. Read this post to learn more about the changes introduced with the updates.
What is the GDPR?
As most of you already know, the new EU GDPR will be enforced on May 25th, 2018.
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
Source: Wikipedia.org
For more information about the GDPR, please see this Infographic from the European Commission.
Theme Updates: Using Local Fonts instead of Google Fonts
Loading Fonts from the Google Web Fonts API might be not compliant with the GDPR, since the IP adress of your website visitors is personal data and transferred to Google for the request.
To ensure GDPR compliance, we have just released updates for all of our themes. After installing the update, our themes will now embed all fonts locally instead of loading them from Google. You won’t notice any visual changes since the themes still use the same fonts, but from your own server.
Pro Add-on Updates: Improved Custom Font Settings
Our Pro-Addons include additional settings to change fonts.
While it is technically not feasible to embed over 600 different fonts within the add-on plugins, we have at least added a bunch of local fonts. For GDPR compliance, you should choose a local font instead of external Google Fonts in the Typography Settings.
We have not removed Google Fonts completely because we think that Google might find a way to make their Font API compliant with the GDPR at some point in the future.
Plugin Updates for Social Features
We have also updated our Widget Bundle plugin to remove the Facebook Like Box widget. It needed a direct connection to Facebook which is problematic with the GDPR. Since the widget is not our main focus we recommend to switch to another plugin if you really need it.
Our Social Sharing plugin uses static links and does not transfer any data with any social networks.
<a class="tzss-facebook" href="https://www.facebook.com/sharer/sharer.php?u={URL}" target="_blank">Facebook</a>
<a class="tzss-twitter" href="https://twitter.com/intent/tweet?text={URL}" target="_blank">Twitter</a>
<a class="tzss-gplus" href=https://plus.google.com/share?url={URL}" target="_blank">GooglePlus</a>
We therefore do not have any update for the Social Sharing plugin, since there is currently no data exchanged with external websites.
There will be an update to the Social Sharing plugin for new features later this year, though 🙂
Disclaimer
Installing our latest updates improves compliance with the GDPR but is NO GUARANTEE that your website fully complies to all rules. There might be other plugins you are using which are affected by the GDPR. Please contact a GDPR consultant or lawyer to assess your complete website.