Are you confused by GDPR, and how it will impact your WordPress site? GDPR, short for General Data Protection Regulation, is an European Union law that you have likely heard about. We have received dozens of emails from users asking us to explain GDPR in plain English and share tips on how to make your WordPress site GDPR compliant. In this article, we will explain everything you need to know about GDPR and WordPress (without the complex legal stuff).



What is GDPR?
The General Data Protection Regulation (GDPR) is a European Union (EU) law taking effect on May 25, 2018. The goal of GDPR is to give EU citizens control over their personal data and change the data privacy approach of organizations across the world. You’ve likely gotten dozens of emails from companies like Google and others regarding GDPR, their new privacy policy, and bunch of other legal stuff. That’s because the EU has put in hefty penalties for those who are not in compliance.

Fines
Basically after May 25th, 2018, businesses that are not in compliance with GDPR’s requirement can face large fines up to 4% of a company’s annual global revenue OR €20 million (whichever is greater). This is enough reason to cause wide-spread panic among businesses around the world.

This brings us to the big question that you might be thinking about: Does GDPR apply to my WordPress site? The answer is YES. It applies to every business, large and small, around the world (not just in the European Union).

If your website has visitors from European Union countries, then this law applies to you. But don’t panic, this isn’t the end of the world.

While GDPR has the potential to escalate to those high level of fines, it will start with a warning, then a reprimand, then a suspension of data processing, and if you continue to violate the law, then the large fines will hit.

GDPR Fines and Penalties
The EU isn’t some evil government that is out to get you. Their goal is to protect consumers, average people like you and me from reckless handling of data / breaches because it’s getting out of control.

The maximum fine part in our opinion is largely to get the attention of large companies like Facebook and Google, so this regulation is NOT ignored. Furthermore, this encourage companies to actually put more emphasis on protecting the rights of people.

Once you understand what is required by GDPR and the spirit of the law, then you will realize that none of this is too crazy. We will also share tools / tips to make your WordPress site GDPR compliant.


What is required under GDPR?
The goal of GDPR is to protect user’s personally identifying information (PII) and hold businesses to a higher standard when it comes to how they collect, store, and use this data. The personal data includes: name, emails, physical address, IP address, health information, income, etc.

GDPR Personal Data
While the GDPR regulation is 200 pages long, here are the most important pillars that you need to know:

Explicit Consent – if you’re collecting personal data from an EU resident, then you must obtain explicit consent that’s specific and unambiguous. In other words, you can’t just send unsolicited emails to people who gave you their business card or filled out your website contact form because they DID NOT opt-in for your marketing newsletter (that’s called SPAM by the way, and you shouldn’t be doing that anyways). For it to be considered explicit consent, you must require a positive opt-in (i.e no pre-ticked checkbox), contain clear wording (no legalese), and be separate from other terms & conditions.

Rights to Data – you must inform individuals where, why, and how their data is processed / stored. An individual has the right to download their personal data and an individual also has the right to be forgotten meaning they can ask for their data to be deleted. This will make sure that when you hit Unsubscribe or ask companies to delete your profile, then they actually do that (hmm, go figure). I’m looking at you Zenefits, still waiting for my account to be deleted for 2 years and hoping that you stop sending me spam emails just because I made the mistake of trying out your service.

Breach Notification – organizations must report certain types of data breaches to relevant authorities within 72 hours, unless the breach is considered harmless and poses no risk to individual data. However if a breach is high-risk, then the company MUST also inform individuals who’re impacted right away. This will hopefully prevent cover-ups like Yahoo that was not revealed until the acquisition.

Data Protection Officers – if you are a public company or process large amounts of personal information, then you must appoint a data protection officer. Again this is not required for small businesses. Consult an attorney if you’re in doubt.

GDPR Data Protection Officer - To put it in plain English, GDPR makes sure that businesses can’t go around spamming people by sending emails they didn’t ask for. Businesses can’t sell people’s data without their explicit consent (good luck getting this consent). Businesses have to delete user’s account and unsubscribe them from email lists if the user ask you to do that. Businesses have to report data breaches and overall be better about data protection.


As of WordPress 4.9.6, the WordPress core software is GDPR compliant. WordPress core team has added several GDPR enhancements to make sure that WordPress is GDPR compliant. It’s important to note that when we talk about WordPress, we’re talking about self-hosted WordPress.org (see the difference: vs WordPress.org).

Having said that, due to the dynamic nature of websites, no single platform, plugin or solution can offer 100% GDPR compliance. The GDPR compliance process will vary based on the type of website you have, what data you store, and how you process data on your site.

By default WordPress 4.9.6 now comes with the following GDPR enhancement tools:

Comments Consent - WordPress Comments Opt-in for GDPR
By default, WordPress used to store the commenters name, email and website as a cookie on the user’s browser. This made it easier for users to leave comments on their favorite blogs because those fields were pre-populated.

Due to GDPR’s consent requirement, WordPress has added the comment consent checkbox. The user can leave a comment without checking this box. All it would mean is that they would have to manually enter their name, email, and website every time they leave a comment.

Update: If your theme is not showing the comment privacy checkbox, then please make sure that you have updated to WordPress 4.9.6 and are using the latest version of your theme. Also please make sure that you are logged-out when testing to see if the checkbox is there.


If the checkbox is still not showing, then your theme is likely overriding the default WordPress comment form. Here’s a step by step guide on how to add a GDPR comment privacy checkbox in your WordPress theme.

Data Export and Erase Feature - WordPress Data Handling - GDPR
WordPress offers site owners the ability to comply with GDPR’s data handling requirements and honor user’s request for exporting personal data as well as removal of user’s personal data.

WordPress Privacy Policy Generator for GDPR
WordPress now comes with a built-in privacy policy generator. It offers a pre-made privacy policy template and offer you guidance in terms of what else to add, so you can be more transparent with users in terms of what data you store and how you handle their data.

These three things are enough to make a default WordPress blog GDPR compliant. However it is very likely that your website has additional features that will also need to be in compliance.

Areas on Your Website that are Impacted by GDPR
As a website owner, you might be using various WordPress plugins that store or process data like contact forms, analytics, email marketing, online store, membership sites, etc. Depending on which which WordPress plugins you are using on your website, you would need to act accordingly to make sure that your website is GDPR compliant. A lot of the best WordPress plugins have already gone ahead and added GDPR enhancement features.

read more @ https://wordpress.assure.ng/webmaster-gdpr-compliance-everything-you-need-to-know/

Thanks for sharing.

Quite informative

Nice share