A GDPR Compliance Guide for WordPress Websites
The General Data Protection Regulation is a privacy law providing citizens with the right to take control of their data. With this law, every single business operating in Europe has to make changes in its policies and practices for handling users’ data.
Even when you are running a small and simple WordPress website, you have to adhere to GDPR regulations. These regulations are not for EU-based WordPress websites only.
If you are planning to bring your business online with a WordPress website, we have a GDPR compliant guide for you. It takes 5 steps to make your website GDPR compliant.
Keep in mind that there are serious financial consequences of not following the GDPR regulations. You will have to pay a fine that can be at least 4% of the annual revenue you are generating to up to €20mil.
Update to WordPress 4.9.6 or Higher
Update your WordPress installation to the latest version. The core of the latest version comes with a lot of built-in privacy settings. It is already developed by following GDPR rules and regulations. Existing privacy settings are changed and a lot of new privacy features are added in the latest release.
Just follow this simple step and you are already set up for GDPR compliance success. Following are some of the key features you have to check out:
Policy Generator
You can use Policy Generator to auto-generate policy for your website. Just log into WordPress, go to Settings and then go to Privacy. Now, you have two options. You can either use your existing privacy policies or you can Create New Page.
The page already contains WordPress core related privacy information and disclosure. You can also find helpful headings suggesting more information you can add for GDPR compliance. These suggestions are related to contact forms, breach disclosure, data protection etc.
Data Export and Erase
Export Personal Data and Erase Personal Data is an important feature for WordPress website GDPR compliance. There are different ways your website is collecting users’ data. Customer profiles, subscriber accounts and there are a few other ways you are collecting and storing users’ data in your database.
This feature allows you to quickly and easily erase or export complete information of the user from your database on his request.
Comments Cookie Option
This most used content management system stores a cookie by default. Cookie is a small file that stores user’s data so that he does not need to type some information again. The default WordPress comment form comes with a comment privacy opt-in checkbox.
This checkbox is automatically displayed with the comment form. Now, it is in the user’s hands whether he wants his information to be stored in the cookie or not.
Update Privacy Policies
You can start with an auto-generated policy. Depending on your services/products and plugins you are using, update your policies. Make sure that you have included disclosures for data your website is collecting and data being stored in cookies.
Following are the most common cookies collected:
- Tracking services such as Google Analytics
- Ad networks such as Google Adwords
- CDN and Cloudflare services
- Pop-ups or Options
- Video players
- Push notifications
- Shopping carts
- Heatmaps
Don’t just disclose the cookies your website is using, also tell the user how he can delete or disable cookies in his browser.
Contact Forms
If you have any contact forms on your website, give your visitors with a checkbox for consent. Most of the popular WordPress plugins have already been updated and made GDPR compliant, aligning with data privacy regulations such as DMA and DSA. This checkbox allows the contact form user to give his consent before submitting his personal data.
He can allow or disallow you to store the information your contact form is collecting. In addition to adding GDPR consent confirmation, also link the contact form to your Privacy Policy section because you are collecting information through the fields such as name, address, email, age etc.
Newsletter
Just like comment form and contact form, confirm user consent for newsletters as well. You can achieve this either with a checkbox or double-optin to your email list. A MailChimp user can easily enable double-optin.
Log in > Lists > “Opt-in Settings”
Now, select mailing lists for adding a double opt-in and then save.
WooCommerce Data
When you are running an online store, you have to disclose how you are collecting, retaining and using the customer’s data. Also, disclose for how long you are going to retain this data. Just like WordPress, WooCommerce also comes with built-in privacy features. Make sure that you are using the latest version.
- Go to the Settings
- Go to Accounts & Privacy section
- Now you can control options related to customer accounts and data retention.
Also, add disclosures to your privacy policy.
Add A Cookie Notice
Make sure that your website is the EU Cookie Law compliant. You have to disclose that your website is using cookies. There should be a cookie disclosure and acceptance on the very first page visited by the user. You can install a GDPR complaint plugin for this. Following are some of the plugins:
- GDPR Cookie Consent By WebToffee
- WP DSGVO Tools (GDPR) By legalweb
- Cookiebot | GDPR/CCPA Compliant Cookie Consent and Control By Cybot A/S
- EU Cookie Law (GDPR) By Alex Moss, Marco Milesi
- LiteSpeed Cache By LiteSpeed Technologies
- Cookie Notice by dFactory
Allow Users To Request/Delete Their Information
From WordPress 4.9.6 onwards, the content management system is offering user data management that is GDPR compliant. So, you can easily delete your customer’s information and provide him with a copy of his information when he requests. However, your customer/user should be able to get in touch with you. So, make sure that there is a contact form or page on your website. If you are dealing with a large number of users, install a contact plugin form. Ninja Forms is one of the most popular plugins. If you don’t have a contact form, include your email address in your privacy policy.
Notify On Policy Updates Or Data Breach
First of all, update your policies according to the GDPR. Notify your users whenever you make any update in your policies or a data breach occurs. Do this when you are maintaining a newsletter, collecting customer information or offering user accounts on your website. GDPR compliant WordPress plugins already come with notification systems. These plugins allow you to automate notifications on policy updates and data breaches.
Conclusion
When all the businesses are digitized and data is playing an important role in this transformation, privacy and data protection has become a serious concern of citizens. User’s data is being used everywhere. The potential for data misuse is also growing. People want to deal with the businesses ensuring the protection of their privacy and data. So, make sure that your WordPress website is GDPR compliant.