GDPR Compliance & Your WordPress Website

Jason Davis — May 22, 2018

I’m sure you’ve seen the news or alerts about GDPR compliance about data privacy. If you are using the web you’ve seen those notifications about cookies appearing on your favorite websites. If you are a business that operates in the United States, and has a website that can get you new business from the European Union, this affects you.

Disclaimer. This post is not legal advice. We’re not lawyers.

Note: If your site only has users reading your website, you’re fine. As long as you are not collecting a newsletter signup, using cookies to track behavior or other marketing technology, you’re not required to do anything. However, if you are, here’s what you need to make sure you are doing.

  • Tell the user who you are, why you collect the data, for how long, and who receives it.
  • Get a clear consent [when required] before collecting any data.
  • Let users access their data, and take it with them.
  • Let users delete their data.
  • Let users know if data breaches occur.

May 25th is the deadline to become compliant with GPDR (General Data Protection Regulation) Privacy laws. So there was a long time for a lot of businesses to figure out how to become compliant. Unfortunately, this left the smaller business at a disadvantage to wait until more information was released. Now that information is here. As of May 18th WordPress released version 4.9.6 which contains privacy law compliance for GDPR. Below are some things you’ll notice on your WordPress websites dashboard and notifications.

The new privacy page settings

Under “settings” there is a new option called “privacy.” This allows you to create or link to an existing page with your privacy policy on it. This page should be linked somewhere in your site’s menu, or in the footer. If you are running a cookie notification plugin you can add the link there. If you need help creating a privacy page, we can recommend someone, or work with one we have and modify for you. However, it’s not a guarantee that ours modified will 100% ensure compliance, but it’s a start.

GDPR WordPress SettingsGDPR WordPress Settings

Comments on WordPress

The comments system on WordPress is robust enough. But now there is a new component that will show up. That’s a check mark to not allow the site to save your information upon commenting. By default WordPress does this to assist with response and marketing. Therefore it places the responsibility in the commenters hands. Another way WordPress has you covered.

GDPR WordPress Comments SettingsGDPR WordPress Comments Settings

Data handling

The biggest requirement for GDPR is how data is handled. If you run a site that has subscribers or members then this is important. You have to give the option that their information not only will be deleted upon request, but can be removed by them and stored by them off your site. It’s more than just data exporting but also data erasure. This is now under “tools” in WordPress when exporting or importing.

GDPR WordPress Export Settings

What sites are affected?

All of them that display in the European Union. Even if you don’t do business there, you’ll be responsible and susceptible to European fines if not compliant and there is a complaint. The situation can be terrible if there is a data breach in multiple countries. Sidebar: How is your site’s security?

Unlike here in the U.S., each country has its own laws and lawyers. So you’ll need representation for each country which makes your protection legally very expensive. So don’t delay in having this handled.

GDPR Plugins

Be careful about seeing all the new plugins on the WordPress repository on GDPR. Not all are good quality, though time will tell. GDPR is new and again, it’s European law. Sorry, I don’t know any experts on it. Mostly because I don’t know any European Union lawyers. However, these plugins can help you take steps toward compliance and avoid trouble. Be aware, you’ll still need a privacy policy even if your site is just an informational (brochure) site.

If you are collecting data then that is information on your site visitors. Therefore you need to become compliant. For now, I recommend this plugin aptly named GDPR. Or if you just need the cookies notification, you can use EU Cookie Law plugin it’s on our site at the moment of writing this article.

What about eCommerce sites?

These sites are not excluded either. But the good news is that if your store is PCI compliant you’ve already got yourself covered. Remember when Target was hacked? Well if this happens post May 25th, 2018 then Target has problems and you will too with European consumers if you sell there. As WooCommerce is the premier choice for selling online, and since being acquired by Automattic (WordPress), it’s also GDPR compliant. So if you’re running a woo store you might be fine. It’s not a one size fits all with online stores with WooCommerce due to various customizations of shipping, payment and other functions that exists from 3rd party sources.

With WooCommerce like other sites make sure you have a Terms and Conditions page and Privacy Policy attached with it. In WooCommerce you can set this up easily. Please view the snapshots below:

WooCommerce GDPR terms conditions assign pageWooCommerce GDPR terms conditions assign page

Which results with this checkbox on your checkout page:

WooCommerce GDPR terms conditions checkout checkboxWooCommerce GDPR terms conditions checkout checkbox

Source: https://woocommerce.com/2017/12/gdpr-compliance-woocommerce/

Deleteme plugin allows users to completely delete their profile:
https://wordpress.org/plugins/delete-me/

You can read more on EU data protection here:
http://ec.europa.eu/justice/smedataprotect/index_en.htm

Digital & Social Articles on Business 2 Community

(77)