Our Blog

Is WordPress GDPR Compliant?

DISCLAIMER

Content within this post should not be taken as legal advice and Identify will not take responsibility for any actions you take upon the information within this post.


The lengthy run up to GDPR coming into play had many website owners searching for information on what was needed from them, in order for their sites to be GDPR compliant. However, even now, with the legislation firmly in place, there still appears to be a lot of confusion on what exactly is expected of websites and how to make sure a website sticks to what the latest laws have enforced.

Many of our clients were, and still are, coming to us for information on GDPR and how it affects their websites. So we thought it’s about time that we share all that we know about GDPR and what is needed from a website in order to be compliant.

Let’s begin with focusing on WordPress websites specifically and what you, as a WordPress website owner, can do to make sure your site is GDPR compliant.

What is GDPR?

GDPR is confusing and it’s no wonder why so many site owners have been going round in circles wondering what the heck they need to do to stay compliant. In the most basic terms GDPR can be summed up with the following definition:

GDPR, otherwise known as the General Data Protection Regulation, is the latest data protection law to come into place. It gives all EU citizens control over their own personal data. With GDPR in place, EU citizens can pick and choose what information is collected and used by companies anywhere in the world.

To sum up, each and every website that has any EU customers or visitors must comply with GDPR and the latest data privacy requirements. Without GDPR compliance, websites can face warnings and extortionate fines.

Can I assume that WordPress is GDPR compliant?

The most up to date core software that WordPress uses is GDPR compliant – that includes any of the updates from 4.9.6. However, if you’ve added extra functionalities or plugins to your WordPress site, it might mean that it’s no longer 100% GDPR compliant. This will all depend on how your website typically stores data and how that data is processed on your site.

In general, most WordPress sites will typically collect data through comments and contact form. What’s more, if you’ve added any user tracking plugins such as Google Analytics, if your website requires ecommerce functionality or it contains any areas where visitors are required to login, then GDPR compliance needs to be assessed for each one of these additions to your website.

How to keep WordPress GDPR compliant

Right now, your mind is probably racing with thoughts on how you’re going to make sure your WordPress website is 100% GDPR compliant. At the end of the day, it’s all about making sure your website users are able to control which data you have access to and which data you can use. A major component of that is giving them that control across the different aspects of your website, which can be done using our top tips on WordPress GDPR compliance.

Make sure your WordPress software is up to date

There are those who constantly update their software whenever they get the chance to, and there there are others who hold off updating for as long as humanly possible. If you’re one of those in the latter group, now’s the time to get updating. Making sure your WordPress site and plugins are kept up to date is the very first step towards making your site GDPR compliant.

Need help keeping your website up to date? Contact us to discuss how we can make sure that your website keeps up to date.

Update your privacy policy information

With the latest version of WordPress they have added a built-in privacy policy generator to provide complete transparency to your site visitors on the type of data you might store and how you will handle it. The generator providers some basic templates if you’re struggling with how to go about creating your own privacy policy, which is enough to make sure you’re improving your site’s GDPR compliance.

Make it easier to opt in and out of cookies

If you’re using cookies on your website, which aren’t strictly necessary for the site work, then you need to get the users permission to store these and make it easy for them to change their minds in the future.

We’ve found it difficult to find a plugin which can bring cookie consent up to date with the new requirements and have therefore decided to create our own. If you’re interested in having our custom plugin installed on your website then please contact us.

Make sure users can give consent on forms

There are number of different forms that you may want to have on your website. Whether they’re contact forms or comment forms, if you’re storing or processing data which contains a personal identifier you will need to make sure there is a way in which the user can consent to this.

If you’re using a plugin such as Contact Form 7 to add forms to your website, they have added new functions in order to help you comply with GDPR such making it easier for you to add “acceptance checkboxes” in order to get consent from users.

WordPress has automatically added a consent tick box to each comment form, that allows users to save their details for next time they want to comment. If users don’t tick the box, the data can’t be stored for future reference. However, some themes have been known to hide the privacy tick box, so you’ll need to check that the box is visible to visitors.

Take a look at your website whilst you’re signed out WordPress and try to add a comment to see if the consent tick box appears. If not, you will either need to update the theme or manually add a consent tick box to your comment form.

Check that any and all plugins are GDPR compliant

Head over to the plugins section of your WordPress dashboard and check which plugins are GDPR compliant. If you find that there are some that haven’t been updated to comply with GDPR requirements, you’ll will need to remove them and replace them with a similar plugin that can offer the required compliance.

Ask users if you can export their data

WordPress’ “export personal data” area within the tools section of the dashboard, will allow you to contact your subscribers to ask for permission on how you can use can their data. From there, you can then make use of permitted data in a way that’s compliant with GDPR and the way in which your site visitors would like you to use their information.

Reduce data access to those who need it

An extra addition you can make towards improving GDPR compliance is to restrict your website’s visitor data to just those who need to see it. That way, you’re reducing the likelihood that the data will be misused and will only be making use of data for reasons that specifically require it.

We hope this guide has been useful and that you can make use of these top tips for boosting your WordPress website’s GDPR compliance. Alternatively, if you have any additional tips to share with us and our own visitors, feel free to contact us!