WordPress GDPR Compliance: A comprehensive guide for beginners
The General Data Protection Regulation (GDPR), came into effect on the 25th of May 2018. It is one of the biggest changes ever made in the data privacy regulation law.
This new law combines all the existing data privacy laws into a single regulation. The aim is to provide the citizens of the European Union (EU) a better understanding. Mostly on the collection, storage, and usage of their personal data.
In fact, the GDPR compliance applies to the businesses and websites in the EU. However, almost every website owner and developer across the globe come under the law. A website that tracks, collects and stores personal details about the EU citizens come under GDPR. And these websites have to follow the GDPR law.
If you run a WordPress website that monitors the personal data of the EU citizens, this guide is a must-read for you.
Table of contents covered in the guide:
- What is GDPR?
- Is WordPress GDPR compliant?
- Requirements to make the website GDPR complaint.
- Who does GDPR impact?
- How to make your website GDPR complaint?
- Plugins to make your WordPress website GDPR compliant.
What is GDPR?
GDPR describes a set of rules which individuals, organizations, and companies must follow. The goal is to protect the EU citizen’s data from inappropriate use. The companies holding personal data of the citizens need to ensure that it is safe. The protection is from theft, distortion and any kind of altercation. Making GDPR compliant websites is one way to ensure that data is not at risk from any kind of outside influence.
In technical terms, any kind of website collecting citizen data in any form is a data controller. The responsibility of protecting this data and making the online website GDPR compliant is on the data controller. Failure to do so will result in levying of penalties. (As much as 4% of the company’s annual revenue or €20 million).
A total of 172 million websites across the globe operate on WordPress. The GDPR compliance has crossed the territorial borders. All businesses that in any form cater to the EU citizens fall under this law. A business in India working with an EU based client has to make the business website GDPR compliant. This is to avoid repercussions of data theft.
Here is a small video which gives a brief introduction about GDPR:
What about WordPress itself, is it GDPR Compliant?
The latest WordPress version 4.9.6 is compliant with GDPR.
What are the Requirements to make a Website GDPR Compliant?
The aim of the GDPR compliance is to give protection to the users. The protection is from information sharing and holding data controllers accountable. For how they collect, store and use this personal data.
The GDPR regulations are 200 pages long. Here we highlight the key requirements that you should know about are:
#1. Right to be Informed: Under Article 12,13 & 14 GDPR
Often you see the “Accept Cookies” notification while accessing a website. The website is asking for your permission to collect your personal data. Also, the websites inform the visitor about information collection. They are also told how this information is accessed and stored.
The website owner shares where the acquired information is liable for usage. The motive is to make the visitor a better judge of accessing or not accessing the account.
#2. Right to Access: Under Article 15 of the GDPR
The right to access gives every user the freedom to download their data. You can do this via an electronic copy that must be provided by the owner of the WordPress website, free to charge.
#3. Right to Change: Under Article 16 of the GDPR
Rectification of the collected personal is an equally important condition. This is the responsibility of the controller of the website. However, it is the duty of the individual to get it changed. You have to inform the data controller about the changes and edits without any kind of delay in the process.
#4. Right to Erasure/Forgotten: Under Article 17 of the GDPR
All the citizens of the EU have a right to edit or omit their data. They also have the right to get it deleted from the controller’s database completely.
The aim of the clause is to restrict the use of personal information for marketing or any other purpose.
Who does GDPR Impact?
GDPR is pan-EU legislation. It applies to every WordPress website that collects data of the EU citizens. Irrespective of being inside or outside of the EU.
If you don’t want to dive into the 39-page guide on consent under GDPR, we’ve highlighted the 4 major sectors which GDPR impacts.
#1. WordPress Blogs for Newsletter Subscription.
If your newsletter blog asks the readers for their email address and other details, you fall under the purview of WP GDPR compliance rules. Email address, name, address, location, cookie data and health information is personal data. This data is dictated by the European Commission Data Protection. Monthly income, religion, and identity also come under its purview.
#2. WordPress Community sites for Collection User Profile.
Community sites include forums, social networking sites, and shared blogs. BuddyPress plugin in WordPress is a tool to build community websites. Even the plugins come under the WordPress GDPR Compliance rules & regulations.
#3. WordPress Themes and Plugins Marketplace for Signup.
WordPress has its own portfolio of themes and plugins. They help develop a bespoke website. These tweaks and additions need the inclusion of themes and a few other plugins. They are installed on the WordPress backend for better functioning.
Any user looking to use WP themes and plugins has to create an account and fill in the personal information. The data controller collects and stores this information. Hence the GDPR regulations also have an impact on the plugins and themes.
#4. WooCommerce stores for Selling Products.
To facilitate more informational insights & visibility to the residents of the EU, all the e-commerce websites that are in use by the citizens have to become GDPR compliant.
Non-compliance to these rules will invite penalties. It won’t matter where the website originates whether it is inside the territorial boundaries on the EU or outside. If your WooCommerece website sells to an EU citizen, GDPR follows.
How to make your WordPress Site GDPR Compliant?
The last date to make a website GDPR compliant was 25th May 2018. Any website found not in concurrence to these laws and regulations invites a heavy fine.
For starters, update your WordPress CMS. Because the latest WordPress 4.9.6 is GDPR compliant.
Being GDPR compliance varies from website to website. In this article, we will highlight some important regulations of GDPR. It also includes some plugins which will help you for relevant compliances.
#1. Hire a Lawyer.
As a data controller, you need to understand the consequences of a breach in the data protection laws. There are numerous intricacies in the GDPR guidelines that you as a businessman may not understand. A lawyer can help you case by case for filing the GDPR compliance.
#2. Review your Data Collection Policy.
The purpose of this review is to ensure transparency. Transparency means that you have to state to the subject or individual. The type of data you are collecting and the storage location of this data — also, the reason for collecting personal data, the duration, purpose. And finally, you also need to convey your data protection procedures.
Only fulfilling them will make your website become GDPR compliant.
#3. Update all Legal Documents.
You must have noticed that now you cannot create a new account on a website unless you tick a checkbox at the end. Well, that checkbox has emerged because of GDPR.
#4. Self-certify your site under privacy framework.
Trade websites across the Atlantic are liable to ensure WordPress GDPR compliance. In the wake of making it easy for the websites, the US, EU, and the Swiss Administration have set up EU-US & Swiss-EU Privacy shield frameworks. The purpose of setting up these frameworks is to ensure smooth business transactions. Also, ensuring that small and medium business provides compliance evidence.
#5. Encrypt data by moving to HTTPS.
Data encryption is a quintessential part of the new GDPR directives. As a data collector and controller, it is your prerogative to protect the data.
Data encryption is more secure with HTTPS.
In WordPress, you can move from HTTP to HTTPS. With this, you make your website secure, and at the same time be well under the limits of the GDPR Compliance.
Plugins to make WordPress site GDPR compliant
The following plugins can help with your WP GDPR compliance:
This WordPress GDPR Plugin gives you a detailed log of website activity. It will enlist all the contact forms, checkboxes, and registrations columns. Also, WordPress multi-site changes, and any other kind of changes. The basic idea is to record everything that will have an effect on the final outcome of the website’s WordPress GDPR Compliance. There are three premium packs for WP Security Auto Log, priced at $89, $99 and $149 per year.
This plugin provides every visitor on your website a unique prompt. This prompt is to allow their consent to the collection of cookies. This WordPress GDPR cookie plugin works with an administrator at the back end. They can classify cookies in categories. It will record the consent values and set the cookie details for a respective user. You can buy this plugin for $39.
This plugin has a similar function as of the WP Security Audit Log. Added to this, it can also put forward certain tips and suggestions. This WordPress GDPR Cookie Plugin works well with the WooCommerce sites.
This plugin is another one of the best WordPress GDPR plugins. That is because of its ability to alter the cookie consent policy and make it specific for every user or visitor. The pro-version of GDPR Cookie Compliance starts at ￡29.
WordPress GDPR Compliance is future-ready legislation. It has secured both the privacy rights of the EU citizens and comprehensive security.
The goal is to restrict the use, sell or tinkering with the personal data of the EU subjects. The end user can use the internet without any risk of theft of personal information.
The impact of the General Data Protection Regulation on WordPress websites is remarkable. Start working to make your website GDPR compliant immediately.