The General Data Protection Regulation (GDPR), came into effect on the 25th of May 2018. It is one of the biggest changes ever made in the data privacy regulation law.
This new law combines all the existing data privacy laws into a single regulation. The aim is to provide the citizens of the European Union (EU) a better understanding. Mostly on the collection, storage, and usage of their personal data.
In fact, the GDPR compliance applies to the businesses and websites in the EU. However, almost every website owner and developer across the globe come under the law. A website that tracks, collects and stores personal details about the EU citizens come under GDPR. And these websites have to follow the GDPR law.
If you run a WordPress website that monitors the personal data of the EU citizens, this guide is a must-read for you.
What is GDPR?
GDPR describes a set of rules that individuals, organizations, and companies must follow. The goal is to protect the EU citizen’s data from inappropriate use. The companies holding the personal data of the citizens need to ensure that it is safe. The protection is from theft, distortion, and any kind of altercation. Making GDPR-compliant websites is one way to ensure that data is not at risk from any kind of outside influence.
In technical terms, any kind of website collecting citizen data in any form is a data controller. The responsibility of protecting this data and making the online website GDPR compliant is on the data controller. Failure to do so will result in the levying of penalties. (As much as 4% of the company’s annual revenue or €20 million).
A total of 172 million websites across the globe operate on WordPress. The GDPR compliance has crossed the territorial borders. All businesses that in any form cater to EU citizens fall under this law. A business in India working with an EU-based client has to make the business website GDPR compliant. This is to avoid the repercussions of data theft.
Here is a small video that gives a brief introduction about GDPR:
What about WordPress itself, is it GDPR Compliant?
The latest WordPress version 4.9.6 is compliant with GDPR.
What are the Requirements to make a Website GDPR Compliant?
The aim of GDPR compliance is to give protection to the users. The protection is from information sharing and holding data controllers accountable. For how they collect, store, and use this personal data.
The GDPR regulations are 200 pages long. Here we highlight the key requirements that you should know about:
#1. Right to be Informed: Under Articles 12,13 & 14 GDPR
Often you see the “Accept Cookies” notification while accessing a website. The website is asking for your permission to collect your personal data. Also, the websites inform the visitor about information collection. They are also told how this information is accessed and stored.
The website owner shares where the acquired information is liable for usage. The motive is to make the visitor a better judge of accessing or not accessing the account.
#2. Right to Access: Under Article 15 of the GDPR
The right to access gives every user the freedom to download their data. You can do this via an electronic copy that must be provided by the owner of the WordPress website, free to charge.
#3. Right to Change: Under Article 16 of the GDPR
Rectification of the collected personal is an equally important condition. This is the responsibility of the controller of the website. However, it is the duty of the individual to get it changed. You have to inform the data controller about the changes and edits without any kind of delay in the process.
#4. Right to Erasure/Forgotten: Under Article 17 of the GDPR
All the citizens of the EU have a right to edit or omit their data. They also have the right to get it deleted from the controller’s database completely.
The clause aims to restrict the use of personal information for marketing or any other purpose.
All these rights are under the purview of WordPress GDPR Privacy Policy. The websites which run through WordPress have to follow them. Apart from this, even the websites that are not operated by WordPress. They are also liable to follow these regulations.
Who does GDPR Impact?
GDPR is pan-EU legislation. It applies to every WordPress website that collects data of the EU citizens. Irrespective of being inside or outside of the EU.
If you don’t want to dive into the 39-page guide on consent under GDPR, we’ve highlighted the 4 major sectors that GDPR impacts.
#1. WordPress Blogs for Newsletter Subscription.
If your newsletter blog asks the readers for their email addresses and other details, you fall under the purview of WP GDPR compliance rules. Email address, name, address, location, cookie data, and health information is personal data. This data is dictated by the European Commission Data Protection. Monthly income, religion, and identity also come under its purview.
#2. WordPress Community Sites for Collection User Profile.
Community sites include forums, social networking sites, and shared blogs. BuddyPress plugin in WordPress is a tool to build community websites. Even the plugins come under the WordPress GDPR Compliance rules & regulations.
#3. WordPress Themes and Plugins Marketplace for Signup.
WordPress has its own portfolio of themes and plugins. They help develop a bespoke website. These tweaks and additions need the inclusion of themes and a few other plugins. They are installed on the WordPress backend for better functioning.
Any user looking to use WP themes and plugins has to create an account and fill in their personal information. The data controller collects and stores this information. Hence the GDPR regulations also have an impact on the plugins and themes.
#4. WooCommerce stores for Selling Products.
To facilitate more informational insights & visibility to the residents of the EU, all the e-commerce websites that are in use by the citizens have to become GDPR compliant.
Non-compliance with these rules will invite penalties. It won’t matter where the website originates, whether it is inside or outside the territorial boundaries of the EU. If your WooCommerece website sells to an EU citizen, GDPR follows.
How to Make Your WordPress Site GDPR Compliant?
The last date to make a website GDPR compliant was 25th May 2018. Any website found not in concurrence to these laws and regulations invites a heavy fine.
For starters, update your WordPress CMS. Because the latest WordPress 4.9.6 is GDPR compliant.
Being GDPR compliant varies from website to website. In this article, we will highlight some important regulations of GDPR. It also includes some plugins that will help you for relevant compliances.
#1. Hire a Lawyer.
GDPR is often called as the common child of the IT patrons and legal representatives. The WordPress GDPR Privacy Policy is brimming with legal terms. And processes that are not common for most business and website owners.
As a data controller, you need to understand the consequences of a breach in the data protection laws. There are numerous intricacies in the GDPR guidelines that you, as a businessman, may not understand. A lawyer can help you case by case for filing the GDPR compliance.
#2. Review your Data Collection Policy.
The purpose of this review is to ensure transparency. Transparency means that you have to state to the subject or individual. The type of data you are collecting and the storage location of this data — also, the reason for collecting personal data, the duration, and purpose. And finally, you also need to convey your data protection procedures.
Only fulfilling them will make your website become GDPR compliant.
#3. Update all Legal Documents.
You must have noticed that now you cannot create a new account on a website unless you tick a checkbox at the end. Well, that checkbox has emerged because of GDPR.
Every website that serves the citizens of the EU has to update all the legal documents on the website. So that they are out there in the public forum and open for the users to read and give their consent. The legal documents include terms and conditions and privacy policy for the most part. It also includes marketing affiliate terms, account details, and other such documents. These documents explain to the individual how they can proceed with the GDPR legislation still in force.
#4. Self-certify your site under privacy framework.
Trade websites across the Atlantic are liable to ensure WordPress GDPR compliance. In the wake of making it easy for the websites, the US, EU, and the Swiss Administrations have set up EU-US & Swiss-EU Privacy Shield frameworks. The purpose of setting up these frameworks is to ensure smooth business transactions. Also, ensuring that small and medium business provides compliance evidence.
#5. Encrypt data by moving to HTTPS.
Data encryption is a quintessential part of the new GDPR directives. As a data collector and controller, it is your prerogative to protect the data.
Data encryption is more secure with HTTPS.
In WordPress, you can move from HTTP to HTTPS. With this, you make your website secure and, at the same time, be well under the limits of the GDPR Compliance.
Plugins to make WordPress site GDPR compliant
The following plugins can help with your WP GDPR compliance:
WP GDPR Cookie Consent Plugin:
This plugin provides every visitor on your website a unique prompt. This prompt is to allow their consent to the collection of cookies. This WordPress GDPR cookie plugin works with an administrator at the back end. They can classify cookies in categories. It will record the consent values and set the cookie details for a respective user. You can buy this plugin for $39.
WP GDPR Compliance:
This plugin has a similar function as of the WP Security Audit Log. Added to this, it can also put forward certain tips and suggestions. This WordPress GDPR Cookie Plugin works well with the WooCommerce sites.
GDPR Cookie Compliance:
This plugin is another one of the best WordPress GDPR plugins. That is because of its ability to alter the cookie consent policy and make it specific for every user or visitor. The pro-version of GDPR Cookie Compliance starts at £29.
WP Security Audit Log:
This WordPress GDPR Plugin gives you a detailed log of website activity. It will enlist all the contact forms, checkboxes, and registration columns. Also, WordPress multi-site changes and any other kind of changes. The basic idea is to record everything affecting the final outcome of the website’s WordPress GDPR Compliance. There are three premium packs for WP Security Auto Log, priced at $89, $99, and $149 per year.
Conclusion
WordPress GDPR Compliance is future-ready legislation. It has secured both the privacy rights of the EU citizens and comprehensive security.
The goal is to restrict the use, sale or tinkering with the personal data of the EU subjects. The end user can use the internet without risk of personal information theft.
The impact of the General Data Protection Regulation on WordPress websites is remarkable. Start working to make your website GDPR-compliant immediately.
