If you have an online store and you sell to any customers in the EU, the answer is yes. The new GDPR rules that go into effect May 25, 2018 require it. But for many small businesses, that person is going to be you.
Here are some of the responsibilities of data protection:
- Ensuring that your site is always using the latest version of WordPress.
- Ensuring that your site is always using the latest versions of WooCommerce and any other plugins.
- Deactivating and removing unneeded plugins or themes.
- Making regular, secure backups of your website data, especially WooCommerce data.
- Exporting and archiving completed orders to secure storage. The less data stored on your website, the less exposure you have — and the fewer customers you need to notify in the event of a breach.
- Requiring strong, unique passwords on all WordPress accounts.
- Limiting the number of people with access to wp-admin.
- Making sure each employee has a separate login. No shared accounts!
- Removing accounts immediately when employees or contractors leave your company.