Are you confused by GDPR and how will this affect your WordPress website? This tutorial will show you everything you need to know – WordPress GDPR plugins, settings and more.
WordPress GDPR – this abbreviation has become increasingly common in recent months. Probably everyone has already heard about it. To consistently meet all the requirements of this regulation on your website, you need to make several changes
Note: I am not a lawyer. Installing some of these plugins does not guarantee that your site fully meets the GDPR requirements. These are just tools that can help you meet the technical requirements of Data Protection. Each page is unique, so if in doubt, contact a lawyer or consultant.
What is GDPR?
GDPR is an abbreviation of General Data Protection Regulation. This is a European Union regulation regarding the protection of personal data. This Regulation replaces the applicable law on the protection of personal data. It entered into force on May 25, 2018.
Compliance with this Regulation
The obligation to comply with the GDPR rules applies to anyone who collects and processes personal data of European Union citizens. This applies to companies and individuals, regardless of their sector of activity. Personal data covered by the previous regulation (name, address, age, email address and telephone number) have been extended by the EU by data of technical nature: IP address and cookies.
GDPR for websites
Every website owner has the following obligations under new EU Regulation:
- Inform site visitors about the amount of data collected (name, surname, age, date of birth, gender, email address, IP address, photo, religion, health condition, etc.).
- Inform on the purpose for which data is collected, who has access to the data and how long they will be stored.
- Allow users to access their data, correct and erase it, and limit processing.
- In the event of a data leak, the website owner is required to inform the user within 72 hours.
- Consent to data collection and processing must be informed, free and clear.
What does this mean for WordPress websites?
Your site should comply with this regulation by May 25, 2018. If you haven’t made the necessary changes yet, it’s time to do so. Indeed, non-compliance with this Regulation shall be fined.
Your site should be GDPR-compliant by May 25, 2018. If you haven’t made the necessary changes yet, it’s time to MAKE them.
Instructions on how to comply with WordPress
WordPress complies with this regulation since version 4.9.6. New features have been added to this version to help you work with personal data. It also includes privacy section. It is necessary to make the following specific changes:
Tell users what data and for what purpose you collect, who will have access to it and how long it will be stored. The information should also include the abovementioned right to delete data.
3. Tools for export / erasure data
If necessary, WordPress also includes tools for exporting and erasing personal data. To work with personal data, go to the administrative menu to find the tools you need.
4. Checkbox in the comments
In the new version, WordPress automatically adds a field to the comments that allows visitors to save their name, email address and website using cookies. If they do not check this box, their data will not be saved.
In practice, this means that if they do not check this box, they will have to fill out this information again if they want to write a comment next time they visit the site. Make sure you have the current version of the theme installed, which contains this field.
Personally, I think this field is not necessary because the user approves cookies throughout the site using the cookie bar.
5. Checking WordPress plugins
The next step in complying with this EU regulation for your site is to check the plugins. Plugins collect a lot of data. These are mainly plugins for contact forms, email messages, electronic shopping tools and so on.
Many WordPress plugins already contain the necessary modifications. However, some of them require your attention:
Many website owners use this tool to track website traffic. If you belong to them, it means that you collect your users’ IP addresses, their identifiers and cookies. To comply with regulations, you must collect and store this data anonymously. You should also include a notification on your site that you are using cookies to track site traffic.
In order for your contact forms to comply with the requirements of the regulation, you should ask users of your site to:
- agree to the storage of data,
- agree to the use of data for advertising purposes.
If a user asks you to do so, you must comply with their request for data erasure. If you use a SaaS solution, make sure you have a data processing agreement with its provider. Some contact form plugins, such as WPForms, already contain the necessary changes.
Newsletter subscription form
WooCommerce and GDPR
It also includes a data export tool, anonymization tools for older orders, a reduction in the amount of personal data stored, and you can also set how long this information will be stored. Site visitors will also be able to disable some optional fields at the checkout.
WordPress GDPR plugins
These plugins will help you meet most of the technical requirements:
This free plugin will help you set up multiple websites or an online store. The plugin currently supports Contact Form 7, Gravity Forms, WooCommerce and WordPress comments. Support for other plugins should be available soon.
This premium plugin can do many advanced things, so it is also suitable for more complex websites. For example: data removal request form for users, data delivery form, notification of cookie files, integration with WooCommerce, Contact Form 7, Gravity Forms, Mailchimp, Events Manager, BuddyPress, Formidable Forms, Google analytics, Facebook pixel.
This plugin allows site visitors to access their data, export data and erase data. It also contains a number of functions in relation to the EU regulation, such as data anonymization.
The tools alone will not make your WordPress site complying with GDPR. You will have to do much more to meet all the requirements of the regulation. Creating a compatible website is a more difficult process. It depends on the type of website, the type of data obtained from visitors and the way you receive it.