Complete WordPress GDPR Compliant Guide

Share This:

Complete WordPress GDPR Compliant Guide 1

The GDPR (General Data Protection Regulation) is a new regulation by the EU which will become effective May 25th, 2018. The goal of the GDPR is to give citizens of the EU control over their personal data, and change the approach of organizations across the world towards data privacy. Basically, users must confirm that their data can be collected, there must a clear privacy policy showing what data is going to be stored, how it is going to be used, and provide the user a right to withdraw the consent to the use of personal data. Even though this is an EU regulation, it applies to any website that could have EU visitors, even if the website is located in another country like the United States. You can read more about the GDPR on their website. There are three main things to look at to make sure your WordPress is GDPR compliant.

WordPress GDPR – Breach Notification

Under the GDPR compliance, if your website is experiencing a data breach of any kind, that breach needs to be communicated to your users within the first 72 hours of you becoming aware of the data breach. Depending on how your website is setup, the term “users” can be vague and could be people registered on your site, commenters, or even contact form entries. The GDPR basically creates a legal requirement to assess and monitor the security of your website. This could be as simple as monitoring server logs, but that is a manual process. A better solution is to use a WordPress security plugin like Wordfence, Sucuri Security, or the All-In-One WordPress Security and Firewall Plugin. When setup correctly, these security plugins will notify you of issues immediately.

WordPress GDPR – Data Collection, Processing and Storage

The first step to this is to publish a detailed privacy policy on which personal data points you’re using, how they are being processed and stored. Then, you need to have a way to provide users a copy of their data upon request. Hopefully, there will be some plugins that will assist in this. There are a few available in WordPress, but they’re very basic and only tie into a limited selection of other plugins. The main things to look for are your comments, registration, commerce, and contact forms and how data is requested and stored. You’ll also want to create a form where users can request a copy of their data so you get notified.

WordPress GDPR – Use of Plugins

As you know, WordPress itself is just a content management system (CMS). Nearly all WordPress sites will make use of the vast Plugins library. You’ll want to make sure all of your plugins are updated and start removing ones that aren’t GDPR compliant. As a website owner, it is your responsibility to make sure that every plugin can export/provide/erase user data it collects to be in compliance with the GDPR rules. If you’re using a plugin that isn’t GDPR compliant, you should deactivate that plugin and start looking for alternatives.

The most common plugins that need to be GDPR compliant are commenting systems, e-commerce, newsletter or subscription systems, and contact forms. Popular WordPress plugin developer Jetpack has said they’re working on a privacy release that will make their plugins GDPR compliant.

Final Thoughts on WordPress GDPR

While this regulation has been years in the making, the May 2018 deadline is fast approaching. As a website owner, it is important that you perform your due diligence to make sure your website is GDPR compliant to the best of your knowledge because the penalty fines can be quite large.

Do you have a WordPress site? What plugins have you used to assist with being GDPR compliant?

Share This:


Leave a Comment