WordPress GDPR – everything you need to know [Tutorial]

Are you confused by GDPR and how will this affect your WordPress website? This tutorial will show you everything you need to know – WordPress GDPR plugins, settings and more.

WordPress GDPR - everything you need to know [Tutorial]

WordPress GDPR – this abbreviation has become increasingly common in recent months. Probably everyone has already heard about it. To consistently meet all the requirements of this regulation on your website, you need to make several changes

Note: I am not a lawyer. Installing some of these plugins does not guarantee that your site fully meets the GDPR requirements. These are just tools that can help you meet the technical requirements of Data Protection. Each page is unique, so if in doubt, contact a lawyer or consultant.

What is GDPR?

GDPR is an abbreviation of General Data Protection Regulation. This is a European Union regulation regarding the protection of personal data. This Regulation replaces the applicable law on the protection of personal data. It entered into force on May 25, 2018.

Compliance with this Regulation

The obligation to comply with the GDPR rules applies to anyone who collects and processes personal data of European Union citizens. This applies to companies and individuals, regardless of their sector of activity. Personal data covered by the previous regulation (name, address, age, email address and telephone number) have been extended by the EU by data of technical nature: IP address and cookies.

💡 Tip: Choosing the right hosting is crucial for a fast website ⏱ . I recommend betting on verified quality ➡️ Bluehost, SiteGround or GoDaddy.

GDPR for websites

Every website owner has the following obligations under new EU Regulation:

  • Inform site visitors about the amount of data collected (name, surname, age, date of birth, gender, email address, IP address, photo, religion, health condition, etc.).
  • Inform on the purpose for which data is collected, who has access to the data and how long they will be stored.
  • Allow users to access their data, correct and erase it, and limit processing.
  • In the event of a data leak, the website owner is required to inform the user within 72 hours.
  • Consent to data collection and processing must be informed, free and clear.

What does this mean for WordPress websites?


Your site should comply with this regulation by May 25, 2018. If you haven’t made the necessary changes yet, it’s time to do so. Indeed, non-compliance with this Regulation shall be fined.

Your site should be GDPR-compliant by May 25, 2018. If you haven’t made the necessary changes yet, it’s time to MAKE them.

Instructions on how to comply with WordPress

WordPress complies with this regulation since version 4.9.6. New features have been added to this version to help you work with personal data. It also includes privacy section. It is necessary to make the following specific changes:

1. Generating a privacy policy page

WordPress 4.9.6 allows you to add a link to the privacy policy page from both the login form and registration form. It also allows you to place a link to this page in the footer. The menu also contains a pre-prepared privacy policy page template.

wordpress gdpr návod
Where to find Privacy Policy in WordPress

The menu also contains a pre-prepared privacy policy page template.

wordpress zásady ochrany osobných údajov
Generated subpage of Privacy policy

2. Update of the privacy policy

Of course, the generated subpage Privacy policy must be tailored to your needs. Make the necessary changes to meet the requirements of the regulation.

Tell users what data and for what purpose you collect, who will have access to it and how long it will be stored. The information should also include the abovementioned right to delete data.

3. Tools for export / erasure data

If necessary, WordPress also includes tools for exporting and erasing personal data. To work with personal data, go to the administrative menu to find the tools you need.

wordpress ako exportovať osobné údaje
Exporting personal data in WordPress

4. Checkbox in the comments

In the new version, WordPress automatically adds a field to the comments that allows visitors to save their name, email address and website using cookies. If they do not check this box, their data will not be saved.

In practice, this means that if they do not check this box, they will have to fill out this information again if they want to write a comment next time they visit the site. Make sure you have the current version of the theme installed, which contains this field.

wordpress cookies komentáre
Consent to cookies in the comments

Personally, I think this field is not necessary because the user approves cookies throughout the site using the cookie bar.

💡 Tip for themes: From premium themes, I have good experience with themes Divi, Avada and with page builder Elementor.

5. Checking WordPress plugins

The next step in complying with this EU regulation for your site is to check the plugins. Plugins collect a lot of data. These are mainly plugins for contact forms, email messages, electronic shopping tools and so on.

You need to know what data is collected by the plugins used. Then adjust their settings to comply with this privacy policy. Check also plugin updates to see if these requirements are met.

Many WordPress plugins already contain the necessary modifications. However, some of them require your attention:

Google Analytics

Many website owners use this tool to track website traffic. If you belong to them, it means that you collect your users’ IP addresses, their identifiers and cookies. To comply with regulations, you must collect and store this data anonymously. You should also include a notification on your site that you are using cookies to track site traffic.

Contact Forms

In order for your contact forms to comply with the requirements of the regulation, you should ask users of your site to:

  • agree to the storage of data,
  • agree to the use of data for advertising purposes.

If a user asks you to do so, you must comply with their request for data erasure. If you use a SaaS solution, make sure you have a data processing agreement with its provider. Some contact form plugins, such as WPForms, already contain the necessary changes.

Newsletter subscription form

In order to comply with the Privacy Policy, it is necessary to agree to the processing of personal data in the subscription form to the newsletter. For example, you can do this by adding a checkbox for data processing.

WooCommerce and GDPR

WooCommerce has come up with several features that help all users edit the page to comply with this regulation. It shows information about saving personal data at checkout and profile, including a link to the privacy policy page.

It also includes a data export tool, anonymization tools for older orders, a reduction in the amount of personal data stored, and you can also set how long this information will be stored. Site visitors will also be able to disable some optional fields at the checkout.

💡 Do you want a faster ⏱ website? Website speed is important for both visitors and SEO. I got the best results thanks to the WP Rocket plugin, which I highly recommend.

WordPress GDPR plugins

These plugins will help you meet most of the technical requirements:

1. WP GDPR Compliance

This free plugin will help you set up multiple websites or an online store. The plugin currently supports Contact Form 7, Gravity Forms, WooCommerce and WordPress comments. Support for other plugins should be available soon.

More info

2. Cookie Notice for GDPR

cookie notice plugin
My favourite cookie notification plugin that allows visitors to process cookies in accordance with the Privacy Policy.

Cookie notification created by this plugin

More info

3. Ultimate GDPR Compliance Toolkit for WordPress

This premium plugin can do many advanced things, so it is also suitable for more complex websites. For example: data removal request form for users, data delivery form, notification of cookie files, integration with WooCommerce, Contact Form 7, Gravity Forms, Mailchimp, Events Manager, BuddyPress, Formidable Forms, Google analytics, Facebook pixel.

More info

4. The GDPR Framework

gdpr framework plugin

This plugin allows site visitors to access their data, export data and erase data. It also contains a number of functions in relation to the EU regulation, such as data anonymization.

More info


The tools alone will not make your WordPress site complying with GDPR. You will have to do much more to meet all the requirements of the regulation. Creating a compatible website is a more difficult process. It depends on the type of website, the type of data obtained from visitors and the way you receive it.

Was this article helpful for you? Support me by sharing, please. 👍
WordPress Návod v PDF


Please enter your comment!
Please enter your name here