GDPR, short for General Data Protection Regulations, is the hot buzzword of the moment that has been clogging up inboxes all over the planet. If you haven’t heard of GDPR yet, or maybe the panic has just finally kicked in, don’t fret as in this post will give you the quick survival guide for GDPR for WordPress. Like all things in life once you are able to get an understanding of what something entails then solving it is a lot easier. So, let’s get right into it.
What Is GDPR
General Data Protection Regulations (GDPR) was introduced by the EU a little over 2 years ago but came into force on the 25th of May 2018. At it’s core GDPR is all about giving users control over their personal data and letting users hold businesses to account about what data they are harvesting or processing. The overarching idea behind GDPR is that businesses should not be using users personal data without their explicit consent and that users should be able to query businesses about what data they have on them and request that the business delete or remove it. That is what prompted the recent flurry of emails before the 25th May with businesses pleading with you to resubscribe to their list – they needed to get your explicit consent so that they could continue to market and sell to you (ahem aka, inform and entertain you).
GDPR is also global in scope insofar as any site that is collecting or using personal data from an EU citizen has to conform with the GDPR. In truth it will be interesting to see how this shakes out for non EU based businesses. Some businesses have taken the approach of banning traffic from EU rather than falling foul of the new regulations and that is probably just the start of the unintended consequences. I think in time the GDPR will be pared back significantly as some of the conditions are quite demanding and the burden will be too onerous for lots of small businesses. But, for now GDPR is here and so let’s talk about GDPR for WordPress and what you should do to try get compliant quickly.
GDPR for WordPress – Here’s A Caveat!
So, first things first here and an all important caveat. I’m not a lawyer, barrister, solicitor or wig wearer of any hue and as such my interpretation of what you should do to get your WordPress site GDPR compliant is just that, my interpretation. You should do some further reading to help solidify your own interpretation of GDPR for WordPress sites and continue to stay on top of it as it may change.
I’m not a lawyer, barrister, solicitor or wig wearer of any hue and as such my interpretation of what you should do to get your WordPress site GDPR compliant is just that, my interpretation.
Now, onto the good stuff.
GDPR Compliance for WordPress – What Should You Do?
From helping clients roll out GDPR compliance on their own sites and indeed by dotting the i’s on my own site, here are the steps you should take to try get your site GDPR compliant.
3. Personal Data Requests: Another key part of the GDPR is to allow users to request their own personal data. These requests should be completed within 30 days of receipt and to make things easier for users the core WordPress 4.9.6 update provided site admins with some tools they can use to query the WordPress database to see what, if any, data they may have about a certain site user. These core tools are great but somewhat limited if you use Gravity Forms or WooCommerce or MailChimp (or any of the other thousands of services/plugins that the core WordPress tools don’t query). One plugin which does query the 3 services mentioned (as well as some others) is the aptly titled WP-GDPR plugin. This plugin creates a specific standalone page where users can request their data from a variety of services. This is an approach I like as, if nothing else, by adding in these features and tools for users it will help show that attempts were made to be compliant with GDPR and, should the rubber hit the road, should stand you in good stead.
Getting GDPR Compliant
I hope the above guide to GDPR has given you a better understanding of what GDPR is all about and some of the steps you should take to try be compliant with GDPR. Realistically, I think things will be in a state of flux for the next few months (/years) as GDPR starts to get bedded down. I also think there may be some legal challenges to it in the future so will be interesting to see how that may impact it and as such would recommend keeping an ear to the ground so you don’t miss out on any GDPR related changes. Ultimately, the most important thing to do to get GDPR compliant is to take the first step to try be compliant – don’t fear it!
If you’ve any questions about GDPR, or how to get your WordPress site GDPR compliant, please comment below or get in touch here!