• Skip to primary navigation
  • Skip to main content
  • Skip to footer
WP Minder logo

WP Minder

  • WordPress Care Plans
    • Basic Care Plan
    • Advanced Care Plan
    • Premium Care Plan
    • Care Plans for Agencies
    • Compare Care Plans
  • FAQ
  • Blog
  • About
  • Contact
  • Find A Care Plan
  • Log In

Elementary GDPR for WordPress Site Owners

August 7, 2018 by Debbie Campbell Leave a Comment

The GDPR (General Data Protection Regulation) went into effect on May 25, 2018. Even if you are not selling or marketing to EU customers directly, this is still very important for website owners. And it is very much a moving target – you’ll see conflicting information, very little in the way of direction, and this is unlikely to change until the new rules are actually tested in court. It’s frustrating, but I’ll try to share the basics of what I’ve learned here.

Note: I am not an attorney and this is not legal advice; it’s recommended that you contact your attorney to review your privacy policy, terms of service, opt-in forms and other aspects of use that involve personal data.

What’s it all about?

User privacy concerns
Photo by Hannah Wei on Unsplash

It’s about privacy, an overriding concern these days. It’s all about personal data – we have to all be good stewards of our customers’ personal information.

Some sites don’t store personal data, but if they do they have to comply with requests from EU users to remove that data and to share information about why the data is collected, how it’s used, and and how it’s stored.

I’m not in Europe – does this matter to me?

If you’re not selling anything, or focusing on EU users in your marketing, does it still affect you? Most likely. If you have a comment or contact form on your site that asks for name and email address, that’s personal data. If someone from the EU fills out your form, then GDPR applies. From Red Kite’s point of view, compliance is a good target for all website owners.

You may be collecting personal data through:

  • User registrations
  • Payments
  • Comments
  • Contact form requests
  • Chats
  • Plugins
  • Analytics and traffic logs
  • Security tools and plugins

This are serious penalties involved here too – fines can go up to 20 million Euros or 4% of total company annual earnings.

GDPR for WordPress Site Owners – How WordPress is Helping You

You’ll probably be relieved to hear that WordPress is taking this seriously, and as of release 4.9.6 has put some new tools in place right in the admin dashboard to assist you with compliance. These are:

  • Under Tools, new features to make it easy for you to export or erase the data for a user by their username or email address.
  • Under Settings, a new Privacy feature that lets you specify an existing privacy page or have WordPress create a default one (which you must edit) for you.

For more information, check out this helpful post by BlogAid on using the new WordPress GDPR tools.

Keep in mind…

Some key aspects about GDPR to consider (remember: I am not an attorney!).

  • Breach notifications – if you have a security issue with your site, notify users with personal data storage within 72 hours. This means you need to be monitoring security with a plugin and/or a service like Sucuri. Security is going to become even more important!
  • Data collection, processing and storage – a terms of service or privacy page should detail what data is collected, how it’s used, why it’s stored, and how it will be stored. You’ll also need to provide a copy of the data stored if a user requests it, and remove the data if requested (which will mean removing an account in most cases).
  • How plugins on your site store data collected from users – this is a big issue, and a lot of plugin developers are working to make it easy to access/remove user data.

What should you do to make your WordPress site compliant?

Chat with your attorney about this, but these are steps to take that are likely common to most small business sites.

  1. Look at all the different ways you’re collecting user data on your site.
  2. Put mechanisms in place so users can control their data (make sure you’re asking for consent for forms, for example).
  3. Avoid collecting user data when it’s not completely necessary.
  4. Make sure your site’s plugins are also compliant. Site owners are ultimately responsible for the data collection and storage of plugins, so review your plugins carefully.
  5. Make sure all newsletters, downloads, etc. are asking for consent/are opt-in instead of opt-out. Already-checked consent boxes are a breach of GDPR.
  6. Consider a Cyber Liability insurance policy that protects against data breaches and other losses of personal data.

There is an excellent checklist in this post on these other considerations for compliance.

Is it likely that your small business site will ever be involved in a GDPR dispute? Hard to say, but it seems much more likely that the targets of such disputes will most likely be very large companies, at least in the beginning.

There will be more to come on this topic… GDPR is still in its early stages and evolving.

Some other references on GDPR:

GDPR: How it Affects WordPress Site Owners and Developers
GDPR Compliance Tools in WordPress
5 Actionable Steps to GDPR Compliance with Google Analytics
The Complete WordPress GDPR Guide
Worried About WordPress and the GDPR? Start Here
Ask Yoast: Preparing for the GDPR

Did you find this useful? Please share with your friends and colleagues!

Share this post...

Filed Under: Privacy, Security Tagged With: gdpr, personal data, privacy

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Previous Post
Next Post

Footer

iubenda Certified Bronze Partner
Cloudways Agency Partner

From the Blog

  • WordPress 6.0 Due Out Today

  • Excluding WooCommerce Pages from Caching

  • The Latest US Privacy Law News

Latest WordPress Security Alerts

  • The Importance of Website Logs
    on August 11, 2022
  • Fake Instagram Verification & Twitter Badge Phishing
    on August 9, 2022
  • How to Create Secure Passwords for Your Website in 6 Easy Steps
    on August 4, 2022
© Copyright 2022 WP Minder · All Rights Reserved · Privacy · Terms · Affiliates
We use cookies on our site to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept," you consent to the use of ALL cookies.
.
Manage Cookies >Accept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
Powered by CookieYes Logo
WP Minder logo
  • WordPress Care Plans
    • Basic Care Plan
    • Advanced Care Plan
    • Premium Care Plan
    • Care Plans for Agencies
    • Compare Care Plans
  • FAQ
  • Blog
  • About
  • Contact
  • Find A Care Plan
  • Log In