Updated: 1st July 2019
GDPR is a data protection law, (General Data Protection Regulation) that you will have likely come across, and now anyone who uses WordPress needs to make sure their sites are compliant with the GDPR laws. In this updated article for 2019, we explain GDPR in its simplest form, offering you an easy guide to ensure your WordPress site meets GDPR standards.
It needs to be clear that businesses who fail to comply with GDPR law requirements can face fines, therefore, to avoid the panic and bad press, all business websites must be updated and inform users of these changes to avoid facing any penalties.
What is GDPR Compliance?
GDPR compliance is the protection of EU citizens data and the obligations a site owner has in relation to their data, which are detailed below:
- Users must be informed why their data is been collected
- Users consent is crucial before collecting any data
- Users are allowed to know who will be receiving the information?
- Users can ask how long their data will be held
- Users must be made aware of any data breaches
- Access to their own data is allowed if they choose to
- Users can delete their data if they choose to
GDPR Compliance with WordPress
The core WordPress software 4.9.6 is currently GDPR compliant, with the core team at WordPress adding features to make this software and site compliant for all users and visitors.
New WordPress GDPR plugins have been introduced which means there will be a unified descriptive methodology of the type of data being stored, where it is stored and how long it is there for. This plugin standard will also offer key information on how to safely handle the deletion of any user data.
The standard of the new plugin from WordPress, attempts to offer a solution of GDPR compliance when validating a plugin. This means that administrators will be able to handle GDPR compliance tasks. This solution of GDPR WordPress compliance is free and offers a simple guide in creating a file which will describe the different data the plugin is likely to use and is available for all to read.
It is important to figure out what cookies and data are been collected on your website. Common cookies collected are google analytics, video players, push notifications and much more. Big sites like Google and Facebook also have to abide by the new GDPR law, no site should be avoiding sending out GDPR opt in forms to their consumers and visitors of their site. Abiding by a GDPR checklist will help you make sure your site is following the law, avoiding any fines.
What Areas Are affected on a WordPress site and how to make these GDPR Complaint?
On your website, the various plugins you use need to be GDPR compliant. These plugins store or process data like analytics, online store, membership sites, email marketing and contact forms.
Many WordPress plugins have already added GDPR enhancement features, for example Google Analytics has started anonymizing data before it is stored and processed, along with adding an overlay to make visitors to the site aware cookies are used, asking for their consent before tracking.
Google Analytics has started to anonymize data before it is stored and processed, along with adding an overlay to make visitors to the site aware cookies are used, asking for their consent before tracking. To be able to do this using a plugin such as MonsterInsights can make the process easier.
WordPress sites that use contact forms must have extra transparency measures added for if data will be stored or used for marketing purposes. To ensure your form is WordPress GDPR compliant you must get user consent to store the data and explain what their data will be used for. Complying with data request and data deletion is almost important.
Email marketing is similar to contact forms, explicit consent from users’ needs to be established before collecting data and adding them to any opt-in forms etc.
How to make a Woocommerce Site GDPR Compliant?
Each website will be using a different set of plugins; therefore, it is important to research GDPR compliance on each WooCommerce site. The one size fits all approach doesn’t work; you need to be aware of what you need to do for your specific site to ensure you are abiding by regulations.
What GDPR WordPress Plugins are available?
- MonsterInsights – Ideal for Google Analytics, it is their EU compliance addon.
- WPForms – A user friendly contact form plugin, offering GDPR fields and other features.
- Cookie Notice – Integrates with top plugins like MonsterInsights and is a free plugin to add to an EU cookie notice.
- Delete Me – A plugin that allows users to automatically delate their profile on your site.
- OptinMonster – Advance software that has targeting features to boost conversions while being GDPR compliant.
- Shared Counts – A plugin that loads static share buttons while displaying share counts.
What Resources Are Available to Help with GDPR Compliance?
There is a complete WordPress GDPR guide from Code in WordPress offering detailed information on how they will help plugin developers ensure they are GDPR compliant. GDPR will impact how every site in the EU operates, but luckily there are plenty of resources and help to assist you.