Even though the GDPR is a European Union law, your website should be compliant with the regulation. Why? Because the internet doesn’t observe political or national boundaries. It’s global. As we read on a WordPress Forum: “The target group is ‘everyone’ since GDPR applies everywhere and to anyone that interacts with EU citizens.”
This post will help you, as a website owner/user, to navigate the changes you should make so that you can be compliant with new privacy regulations.
The content in this post does not replace legal advice. If you are unsure about your obligations under GDPR, talk to a lawyer.
An Overview of the GDPR
The General Data Protection Regulation – known as GDPR – is a European Union Law which came into effect on May 25, 2018. The aim of the GDPR is to protect the privacy and data of EU citizens.
- The GDPR provides privacy protection to EU individuals by regulating the processing, transfer, and storage of data [information] that is deemed private or personally identifiable.
- The GDPR applies to anyone who sells services or products to EU citizens or whoever monitors their behavior.
- GDPR imposes obligations on any organization that stores, processes information from individuals. Businesses are subject to the GDRP’s compliance regulations.
- Activities such as “marketing to” or “monitoring behavior” may be deemed as subject to GDRP guidelines – even if the processing and collection of information is outside of the EU.
How GDPR Applies to Your WordPress Site
User Registrations and Comments
When a visitor leaves a comment on your site, they fill out their email address, along with their IP address, this personal information is stored in the WordPress database.
Some WordPress plugins collect and store visitor information, others link to third-party servers for data storage. What this means is that you need to think about how the plugins you’ve installed on your site will impact data privacy. Examples of commonly used plugins that store visitor information are:
- Contact forms (Formidable, Fast Secure, Contact Form 7)
- Email Marketing Service (Mailchimp, AWeber, Constant Contact)
- E-commerce (WooCommerce, Event Espresso)
- Google Analytics (Monster Insights)
So That Your Website Complies with GDPR
- You must allow visitors to opt out /control their information – including exporting or erasing it (WordPress has provided tools for this in their newest version).
- Notify visitors of data breaches.
WordPress GDPR Support for Website Owners
In order to help all website owners comply with GDPR, WordPress now provides
- Tools to erase or export personal data
- Plugins for GDPR compliance
- You have a new WordPress installation
- Go to Settings Privacy
- Select your existing page
- Click “Use this page”
- Under Settings Go to → Privacy
- Click create a new page
- The page will be populated with the suggested draft content
- Add the page to your footer menu
- Go to Customize→ menus
- Select footer menu
- Save menu changes
Case #3: You have a fresh installation of WordPress
- Click the link to get to the guide
Tools to Erase or Export Personal Data
If someone emails you and requests that you remove [export] or erase their personal information, go to Tools and select either Export Personal Data or Erase Personal Data. In this screen, you will send an email verification to the person making the request.
Once you send the request from the WordPress Dashboard, the email owner will have to confirm that they requested to have their personal data erased or exported. Once the person requesting the action clicks the link in the email, they will receive this message:
“Thanks for confirming your erasure request. The site administrator has been notified. You will receive an email confirmation when they erase your data.”
WordPress closes the loop on the action. You will be notified when the data is erased. We like that!
GDPR Compliance Plugins
WordPress plugin developers have added another level of support by providing plugins for GDPR compliance. Websites requiring a greater degree of GDPR compliance will find GDPR tools in the WordPress Repository.
And remember, this information is not meant to replace the legal advice you would receive from a lawyer.