General Data Protection Regulation (GDPR) is a new privacy regulation passed by the European Union (EU) that will have significant impact websites around the world. This new law has essentially sent everything online in a speed rush of policy & privacy updates.
The WordPress world has been firing up some resources to help you get closer to GDPR compliance. Although the host I use for my WordPress Maintenance/Hosting is compliant, the plugins you use on your website may not be and this could cause some issues. Essentially make sure anything that is collecting data is compliant and can handle a request for removal of data.
Let’s take a look at some ways you can be prepared for GDPR.
Legal Disclaimer: Due to the dynamic nature of websites, no single plugin can offer 100% legal compliance. Please consult a specialist internet law attorney to determine if you are in compliance with all applicable laws for your jurisdictions and your use cases. Nothing on this website should be considered legal advice.
With WordPress 4.9.6 is now available. This version is a privacy and maintenance release. If you are on our maintenance plan this update has already been applied and is a great start! You can read more about this release: https://wordpress.org/news/2018/05/wordpress-4-9-6-privacy-and-maintenance-release/.
The new privacy tool helps make sure you have your privacy page made and ready for GDPR.
One way to help with GDPR is Anonymize IP addresses and get consent with Google Analytics.
I use Monster Insights and in the settings I can easily set to anonymize IP’s. Be sure to check your Google Analytics plugin for this setting. Due to how GDPR works you will also need to look at how to Obtain explicit consent before loading the Google Analytics script. Monster Insight covers this in depth here: https://www.monsterinsights.com/gdpr-and-monsterinsights-everything-you-need-to-know/.
With GDPR it is important to make sure newsletter collection has a checkout asking for consent. Most major email marketing services have already been working hard to update their forms to meet this criteria. Not only do you have to get consent but EU subscribers will need to be filtered so that upon request the data can be purged or exported easily.
Mailchimp has been releasing updates to it’s services and the plugin should be bringing in the new forms to help: https://blog.mailchimp.com/gdpr-forms-and-more-tools/
Mailerlite has been releasing updates to it’s services and the plugin should be bringing in the new forms to help:
The best way is to look up each plugin on your website and see if they need to meet GDPR requirements, this can be very broad and may require removal of plugins.
If you use WooCommerce, you will need to change some of the approaches to meet GDPR requirements. WooCommerce has already published several articles to help you in this process:
Although Shopify is not a WordPress plugin, it is an Ecommerce solution that can work with WordPress. There is the Buy Button or using a plugin like: https://wpshop.io/. They also have help docs that talks about GDPR and customers who use their services:
GDPR is not an easy subject, but it is your responsibility as a business owner to comply with GDPR. This will be an ongoing process and may be subject to change as time goes on.