Data protection has become THE hot topic among website designers, thanks to the prevalence of decades of internet hacking, an uptick in Russian election hacking in the US and elsewhere, easy collection and sale of data such as that coming to light about Facebook and Cambridge Analytica, and the looming GDPR (General Data Protection Regulation), adopted in April 2016 that will be enforceable starting 25 May 2018.

You might think as a US citizen with a business only in the States that you needn't worry about laws set up in Europe. But that may not be true. Your website is still visible across western Europe, and the GDPR covers European citizens who travel or make online purchases outside the EU.

Plus, Congress already has its own version of the GDPR in development for website owners and internet users in the US.

So I want to draw your attention to a couple things, and ask you to watch my blog for additional info on this topic over the next year.

Wix Insights

If a Wix blog has been set up for you on you website, you may be able to see some traffic stats that Wix tracks for you, not just on your blog posts, but on the use of your whole website. Wix calls those stats Insights and you can access for free from your blog dashboard (see photo above).

While not as detailed as Google Analytics, Insights still provides a lot of interesting data, including:

• countries your visitors are in

• how long they stay on your site

• what kind of device they use to view the site (desktop, phone, tablet)

• how they reached you (direct link, search, social media, other)

• whether they liked and shared a blog post

• where posts are shared to (e.g.: Pinterest, Facebook, LinkedIn

• which keyword tags and categories get the most clicks

• which days of the week get the most traffic to your site

• what time of day you have the most readers

• and more

This data is tracking visitor behavior, often unbeknownst to them. While this is great for tweaking your website to provide most of what visitors are looking for, and thereby, wonderful for client attraction marketing, when people know their online behavior can be tracked this way, a lot of folks get pretty nervous. Big Brother really is watching.

Unlike some other analytics programs, Wix does NOT provide you with the IP addresses and specific cities for the people who visit your site. What Wix does is aggregate data -- showing you generic anonymous information without it being able to be traced back to any specific individual (which can be does if you have the IP address because that IP is attached to a particular computer /phone/ tablet -- which is how law enforcement catches the bad guys).

Nonetheless, the GDPR and various forward leaning states already require and soon possibly the US congress will require website visitors to be informed as to what kind of details of visitor behavior are being tracked.

Your Data Privacy policy page should spell this out, even if you don't have a blog on your website because the tracking of these details is still happening even if you can't access it.

Additionally, it is a standard practice for the sitemap for all websites to be submitted to Google, which enables Google to track visitor behavior even if you haven't activated the Google Analytics on your end. (De*WriteSites does NOT routinely add Google Analytics to any site because most of my clients do not want to be consumed by these stats.)

Contact Forms

Most website owners have contact forms to encourage site visitors to reach you. Even when those forms ask only for name and email address, that information is considered data that should be protected.

Wix keeps copies of that data, plus any messages sent to you via these contact forms. Most of the forms I set up for your website forward these messages to your own email inbox (Gmail, Outlook, AOL, Yahoo, etc), but the copy remains in your Wix dashboard and has to be manually deleted.

Under the GDPR, site visitors have the right to request that you erase all their emails ever sent to you via your website, and that their name and email address be removed from any storage database. This is the right to be "forgotten". We all could be liable to ensure that we do so.

Your Privacy Policy page should outline what data from contact forms you keep, how it is stored and protected, and how anyone using the contact forms can request to be forgotten.

PayPal Buttons

If you have PayPal buttons on your site, this is another function that gathers and stores user data that must be protected. Fortunately, that collection and storage occurs at PayPal and not on Wix, and as such is covered by PayPal's data privacy policies. Still, that should be explained in your Privacy Policy page.

If you have an ecommerce store set up on your Wix site -- which is design work that De*WriteSites does not do -- you will need to take extra precautions about the storage of data pertaining to what purchases have been made, payment info, shipping addresses, and so on. Be sure to spell out in your Privacy Policy how this data is stored and protected, as well as what your returns and refunds policies are. This can apply to website owners who sell digital products or internet-based workshops as well.

For further information on this topic, read this article from Wix:

https://support.wix.com/en/article/general-data-protection-regulation-gdpr