In 2018 the General Data Protection Regulation – or GDPR – came into effect. While it’s a European law, the regulations require websites that have visitors from EU states to comply with the law.
The good news it it’s easy to make your site compliant. The dad news is it’s not very clear what you need to do.
So, we’ve written a tutorial to help you make your WordPress site GDPR compliant.
Update to the latest version of WordPress
In each update of WordPress since version 4.9.6, there’s several new pre-packaged privacy settings which will help you make your site GDPR compliant.
To find out which version of WordPress you’re running, log in to your Admin Dashboard.
Scroll to the bottom of the page & on the right-hand side on the screen the version number will be displayed. As of November 2018, the current version of WordPress is 4.9.8, so if you’re running an earlier version, you should update immediately.
Comment Form Cookie Opt-In
WordPress stores cookies by default so users don’t have to re-type all of their details when leaving a comment.
There is usually an opt-in automatically included in the comment form which users can check.
You don’t have to do anything specific for this, although you may want to explore your customization options if you don’t like the way it looks.
Some theme authors use custom comment forms and may not include this opt-in, so you’ll need to add it yourself.
Export and delete personal data
Two options exist which allow you manage personal information.
To find these settings, look in your Admin Dashboard in the left-hand menu. Under Tools, you will find Export personal data, and Erase personal data.
You can quickly and easily export a user’s information or completely erase it from your database at their request.
Here’s some common areas where cookies will be collected and you’ll need to include disclosure in your policy:
- Google Analytics and other tracking services
- Google Adwords, Bing, and other ad networks
- Cloudflare and CDN services
- Opt-ins or pop-ups
- Push notifications
- Video players
- Shopping carts
Include a checkbox that allows users to opt in (or not) on your contact forms (if you have any). The good news is that a lot of the more popular plugins have been updated to make GDPR compliance easier.
Contact Form 7 Plugin: A simple line of code will add a checkbox to your forms.
[acceptance accept-this-1] I understand that by checking this box agrees that this website and company may store any information I provide. [/acceptance]
wpForms Plugin: If you’re looking for an easy way to add GDPR agreement modules, wpForms has a module you can add. In the wpForms settings enable GDPR Enhancements. This will allow you to edit your existing forms to make sure they match up.
One of the important points of GDPR is that however you collect information, you need work out a safe way to store it. So just like in your contact forms, you’ll have to ask users to consent to having their data stored. In most cases, this can be easily done by including a checkbox that users can select to opt-in, or by enabling double opt-in.
If you have an online store, then you’re going to need to collect a lot of customer data, so it’s important you specify what you collect, for how long, and what you do with it.
WooCommerce has built-in privacy features to make this easier for you.
Start by making sure you have the most recent version of the plugin installed.
Add a Cookie Notice
Obviously, this means that you do too!
Many popular themes have now updated themselves to make this an easy option to enable on your first page. However, if yours doesn’t, there are plugins which can help to make sure you’re compliant
A search for GDPR cookie compliance in the Plugins area of WordPress will introduce a host of useful plugins, ranging from free use to paid options.
Make it Easy for Users to Request/Delete Their Info
WordPress has streamlined a lot of the process of data collection and storing, so that you can find what you need in one place. However, it is up to you to make sure that you provide the necessary information for a user to contact you should they want their data erased.
Notify Users of Policy Updates or Data Breaches
You also need to have an email ready should you ever have a data breach. People are particularly data sensitive today, and it’s vitally important that you let them know when there’s a risk that their data may have been infringed upon. There are easy templates you can find for this online.
Above all else, you just need to make sure that you have put in the steps to be GDPR compliant. Be aware of the fact that this information is built up and compiled from people who daily build WordPress sites – however, if you’re remotely uncertain of what you should do about something, it can pay to get in touch with a GDPR specific lawyer, just to ensure that you’re getting the best information for your needs.