Data privacy has been a huge issue for end-users in the last few years. Since the beginning of the internet, companies have opted to gather more and more information from their users to provide better-tailored content.
While this can improve user convenience, with huge leaks such as Cambridge Analytica, data privacy is becoming more and more of an issue.
What is GDPR?
The General Data Protection Regulations – or GDPR for short – applies to all companies which are based in the EU and any companies that have customers in the EU.
It’s a policy that is meant to improve the privacy of end-users and ensure that any data-gathering is clearly mentioned to the user or visitor.
One example of this is that a website must include a banner to inform you about cookies that are being used on your website – and to give an option to reject the usage of cookies.
Below are some key points of GDPR:
- Websites must disclose that they are gathering personal data
- Visitors or customers must be informed about why, how, and where their data is stored
- Customers have a right to request a copy of their data or for their data to be fully deleted
Consequences of not complying
If you are the owner of a larger website, the chances are higher that your website might be reported for any violations.
The fines for GDPR violations can range up to €20 million, or 4% of the annual revenue.
How to make sure your website is GDPR-compliant
Most websites from pre-GDPR times were built in a more lenient way, with analytics, cookies, IP logging, and more. With GDPR, this all changes, and any data gathering has to be explicitly explained.
Due to this, you will need to make changes to your website to ensure it is compliant with GDPR.
Where applicable, also state the ways in which you don’t use data, such as:
- We do not sell user data
- We do not share user data with third parties
However, if they reject, you need to stop placing cookies in that visitor’s browser. This is not always the easiest to accomplish, but you have to do it to be compliant.
When it comes to WordPress GDPR compliance, you can use a cookie consent plugin that blocks cookies if the visitor declines the permission.
Some WordPress plugins for Cookie Compliance do not actually block cookies, so make sure to find a good plugin that will also block cookies in the event that the visitor rejects them.
3. Update your software
WordPress versions 4.9.6 and higher have more privacy options integrated directly into them, such as:
- Explicit consent to save data while commenting
- More data export and erase features
WordPress as one of the most used applications has to update the software with GDPR compliance to stay relevant.
This is the same with most other code such as Themes, Plugins, or other applications. If they do not update to better support GDPR, then they lose a huge percentage of the market, which is Europe.
Benefits from updating your software will vary depending on what you are using, you can look through the changelogs for any information.
4. Make sure to check your forms
Contact forms have the potential – and on some websites already store – a large amount of information. When it comes to forms, the best policy is to not store any data. The next best option is to store as little as possible for only as long as you need it.
If you are storing full form data, make sure to check how much of that data you actually need.
In case you need to store this information, make sure to provide a checkbox under the form where the user can explicitly consent to store the data.
Bear in mind that for WordPress GDPR compliance, you have to check which form plugins you are using. There are some plugins that store the data in the database for referencing later. Usually, you can disable this feature, so check your settings to make sure you are compliant.
Have in mind that it is not possible to cover all the steps you need to take to ensure your website is GDPR-compliant in one article. Take this article for what it is – a guideline or starting point for your GDPR compliance.
There are online scanners available to help you scan your website and find any issues.
We hope this article helped you with GDPR and WordPress GDPR compliance and allowed you to take the first steps to full compliance with GDPR.