WordPress GDPR – Breach Notification
Under the GDPR compliance, if your website is experiencing a data breach of any kind, that breach needs to be communicated to your users within the first 72 hours of you becoming aware of the data breach. Depending on how your website is setup, the term “users” can be vague and could be people registered on your site, commenters, or even contact form entries. The GDPR basically creates a legal requirement to assess and monitor the security of your website. This could be as simple as monitoring server logs, but that is a manual process. A better solution is to use a WordPress security plugin like Wordfence, Sucuri Security, or the All-In-One WordPress Security and Firewall Plugin. When setup correctly, these security plugins will notify you of issues immediately.
WordPress GDPR – Data Collection, Processing and Storage
WordPress GDPR – Use of Plugins
As you know, WordPress itself is just a content management system (CMS). Nearly all WordPress sites will make use of the vast Plugins library. You’ll want to make sure all of your plugins are updated and start removing ones that aren’t GDPR compliant. As a website owner, it is your responsibility to make sure that every plugin can export/provide/erase user data it collects to be in compliance with the GDPR rules. If you’re using a plugin that isn’t GDPR compliant, you should deactivate that plugin and start looking for alternatives.
The most common plugins that need to be GDPR compliant are commenting systems, e-commerce, newsletter or subscription systems, and contact forms. Popular WordPress plugin developer Jetpack has said they’re working on a privacy release that will make their plugins GDPR compliant.
Final Thoughts on WordPress GDPR
While this regulation has been years in the making, the May 2018 deadline is fast approaching. As a website owner, it is important that you perform your due diligence to make sure your website is GDPR compliant to the best of your knowledge because the penalty fines can be quite large.
Do you have a WordPress site? What plugins have you used to assist with being GDPR compliant?