Running websites: Why you need to routinely purge data from your website
Blog Audio: Read/listen time: 6 minutes
It is easy to fall into the trap of thinking that once your website is running that there is nothing else to do… I’m sure are aware of GDPR by now and that it puts responsability upon you to responsibly ask for, store and purge personal and sensitive personal data that you may gather from your users.
My name is Paul Edwards, I am a web consultant and frontend developer based in Worthing, West Sussex. If you feel that you have any unanswered questions I would be happy to have a chat to you about your specific situation. Call me on 01903 527927.
Today I answer the question:
Why you need to routinely purge data from your website
Why should you purge information from your website, and what does that even mean?
Websites can hold a huge array of different data. From data about user interactions (analytics) to information from user-submitted forms, purchases, uploads and more, the web is filled with both personal and sensitive personal data about many of us.
What information would a typical website be storing?
I tend to work with three types of website:
- Ecommerce websites which sell products or services and take payments either directly or using a payment gateway
- Business websites which advertise products and services and provide information for users
- Websites for NGO’s (non-government organisations), charity and academic institutions which tend to be sites which champion and support a nominated good cause or project (often in developing countries)
Each of these types of website can store lots of types of information. Often there are common types of information that all store, either intentionally or unintentionally:
So, what kind of information is stored?
User-submitted data
Form submitted data such as those used for mailing list signups etc. typical information could be:
- email address
- name
- postal address
- age
- date of birth
- interests
- landline number
- mobile number
Payment information submitted during a purchase of a product or service such as:
- credit card/debit card information
- PayPal account information
- billing address
- postal address
- bank account information
Data potentially exposed by your browser
- Your location
- Device being used
- What adverts you have clicked on
- IP address
- Browser being used
- What operating system you are running
- Cookies (holding preferences and history)
- Identity
- Identity of those you communicate with
- Interests
- Every move of your mouse pointer within the browser and every scroll and click
What does purge mean?
OK, as a website owner you aren’t responsible for every bit of data out there, however, it is your responsibility under the old Data Protection Act and now GDPR to only ask for the information you genuinely need to carry out your task and to only hold that information for as long as is necessary to carry out that task.
Purging your website of data means that you delete it from wherever it is being stored.
Purging your website of data means that you delete it from wherever it is being stored. In WordPress and other sites that run on content management systems, this tends to be information that is held in the database that the site uses.
When a user submits a form that data is entered into the database on the server and is exposed to you, the site owner, as the information you see in the backend of your website such as a plugin that stores messages and contact details. Your duty would be to purge your site of the data that is no longer needed as soon as it is no longer needed. For practicality, I suggest that a site holds data for no more than 30 days and purges anything older than 30 days as part of routine monthly website maintenance. Naturally, you will have to hold onto some data for longer, such as anything relating to transactions etc where you will be required to hold those financial records for a set period of time. You may, however, choose that for reasons of security, that it is better to store that information away from your website, possibly even offline.
If you are using third parties such as Mailchimp to manage email list signups, you need to be aware that the information you gather is being sent there too, and that you are responsible for that as well.
How do you delete information from a website?
The methods for removing data from a website vary depending upon the type of data but if your website runs on WordPress you will likely find that most of your data is accessible and able to be deleted from the dashboard/interface of the plugin that is storing the data. If the information that you want to delete from the site is required for your records, you can normally export that information as a file before deleting it from your website.
most of your data is accessible and able to be deleted from the dashboard/interface of the plugin that is storing the data
Flamingo is a commonly used plugin that stores messages and contact details in WordPress. If you view contacts or messages, you can simply select those you wish to delete and then move them to your bin. Once you do that don’t forget to empty the bin too.
You may find that in addition to data stored by plugins that your website also records data that can be used to identify visitors in error logs on your server. One option is to tell WordPress and your server not to store log files (this will also speed up your website) or alternatively you can routinely purge those log files from your server or WordPress installation from a file manager plugin or from Cpanel on your server.
Is there a way to make data deletion easier?
Yes, there is. You can employ the services of a company or freelancer to carry out routine data purges as part of your website maintenance routine.
A routine can be agreed with your chosen contractor along with what will be deleted and how so that you can add this information to your website data protection/privacy policies.
Still need more help?
If you feel that you need more detailed guidance to work out a budget for your web design project please get in touch with me on 01903 527927. I am very happy to offer advice and guidance that will help you in your particular situation and get you on the road to achieving your goals.