Make your WordPress Website GDPR Compliant

Posted: Aug 29, 2018 | Topic: WordPress

Data Privacy is a priority and if you’re an online business you should be taking note of what they need to do to avoid heavy fines from the European Union(EU). The Policy was heavily debated for years and passed on April 14th, 2016, then being put into enforcement on May 25th, 2016 it gave companies little time to prepare their online web presence for the sweeping changes. Let’s cover the basics first 1) what is GDPR actually and 2) Does it apply to your site?

What is GDPR?

The General Data Protection Regulation (GDPR) standardizes data protection and privacy law for all 28 EU countries. It imposes strict new rules for processing personally identifiable information (PII) and the handling of such sensitive information. For many websites currently in compliance, it can be easily identified as a little pop up when you land on the page that either allows or disallows website tracking through cookies(example below), you also may have seen this on our website.

Does GDPR apply to my site?

In short, if the company is NOT based in the EU and does not market to the EU then most likely not.

It should be noted that the EU General Data Protection Regulation (GDPR) is going to apply specifically to websites/companies in the EU and marketing specifically to the EU. Free or paid any websites that are found outside of compliance will face heavy fines of up to €20 Million or 4% of your annual turnover, whichever amount is greater.

The GDPR information center is pretty good so if you have any other specific questions about if you need to comply with the new policy or not see: Who Does the GDPR Law Apply to?


Implementing GDPR on WordPress

If you’re looking to follow the general practices of GDPR on your site or have determined that you need to be compliant here’s what you can do to make your WordPress compliant quickly.

First, we recommend downloading and activating the plugin WP GDPR Compliance. It is lightweight and easy to use, but will still need configuration to ensure compliance. This plugin will work for most simple instances of WordPress and takes into account other active plugins that may be vulnerable to violating the GDPR. Their team is constantly making updates to keep the plugin compliant, so it is trusted.

Setting up the WP GDPR Complience Plugin

Follow the prompts in the plugin settings to finish the configuration, ensuring that tracking scripts, email collection, forms and any other form of PII collection are being disallowed if a user doesn’t allow tracking. This is found under the WordPress option Tools > WP GDPR Compliance.

The plugin will help you through these items:

  • Disallowing cookies and tracking scripts until a user agrees, like the example above.
  • For any web form, users should have a checkbox to agree to their data being accepted and stored by the website explicitly. Web forms also include email subscriptions and comment forms.
  • Users also need the option to adjust their settings and view personal data if needed, again while most sites won’t have many wrinkles here make sure you’re thorough and accounting for all collection methods.

While most sites will be fine with a basic set up and never have to worry about compliance if you have any data collection or additional web tracking that may need to be considered contact a GDPR consultant for reassurance instead of taking an unnecessary fine.