{"id":7079,"date":"2024-01-22T16:00:48","date_gmt":"2024-01-22T15:00:48","guid":{"rendered":"https:\/\/qodeinteractive.com\/magazine\/?p=7079"},"modified":"2024-01-22T16:27:36","modified_gmt":"2024-01-22T15:27:36","slug":"wordpres-gdpr-compliance","status":"publish","type":"post","link":"https:\/\/qodeinteractive.com\/magazine\/wordpres-gdpr-compliance\/","title":{"rendered":"The Ultimate Guide to WordPress and GDPR Compliance"},"content":{"rendered":"<div class=\"wpb-content-wrapper\"><p>[vc_row][vc_column][vc_column_text]It\u2019s been a long while since the internet has even remotely resembled a lawless new frontier with absolute freedom and perils threatening you with every click you perform. Not that there\u2019s not a lot of freedom to be had online. The internet sure isn\u2019t a safe place, either. But it manages to be all of that while still having regulations that affect every one of its users \u2014 you included. [\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]If you happen to own a website, you might have additional responsibilities to meet certain regulatory standards. The most recent such regulation that caused a lot of fuss is the EU\u2019s General Data Protection Regulation or GDPR. If you\u2019re not familiar with it, and you\u2019re wondering what WordPress GDPR compliance entails, we\u2019ll try to help you understand. You\u2019ll read about:[\/vc_column_text][vc_empty_space height=&#8221;22px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#what-is-gdpr\">What Is GDPR?<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#provisions-of-gdpr\">The Provisions of GDPR<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#wordpress-and-gdpr-compatibility\">WordPress and GDPR Compatibility<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#determine-compatibility\">How to Determine a Website\u2019s GDPR Compliance<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;5px&#8221;]<ul class=\"qodef-unordered-list-item qodef-toc\">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\"><a href=\"#make-a-website-more-in-line-with-gdpr\">How to Make a Website More in Line with GDPR<\/a><\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;31px&#8221;][vc_column_text]But before we start, <strong>it\u2019s important to make it clear that this article in no way constitutes genuine legal advice. It hasn\u2019t been written by a lawyer<\/strong>. It hasn\u2019t even been written by a person who plays one on TV.<strong> For legal advice regarding GDPR, you should consult a lawyer<\/strong>. And while we\u2019re on the topic, make sure to check out our article on <a href=\"https:\/\/qodeinteractive.com\/magazine\/how-to-make-wordpress-website-ccpa-compliant\/\">how to make your website CCPA-compliant<\/a>, too.[\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"what-is-gdpr\"><\/a>What Is GDPR?<\/h2>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;21px&#8221;]<div class=\"qodef-single-image-holder    \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"389\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/05\/What-Is-GDPR.png\" class=\"attachment-full size-full\" alt=\"\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/05\/What-Is-GDPR.png 700w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/05\/What-Is-GDPR-300x167.png 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/05\/What-Is-GDPR-620x345.png 620w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]In April of 2016, the European Union\u2019s legislative bodies adopted a set of rules regulating the collection of EU citizen\u2019s personal data. <strong>Called the General Data Protection Regulation, and commonly abbreviated as GDPR, this set of rules was adopted in replacement of an existing rule, the Data Protection Directive of 1995<\/strong>.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]Take a moment to think about how much has changed in the time between the two regulations were adopted. The original Directive was created before social media, Google Ads, engineered lead-capturing forms. The text of the Directive was brought forth in the same month Microsoft released the first version of Internet Explorer that supported cookies. [\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]<a href=\"https:\/\/qodeinteractive.com\/magazine\/best-gdpr-plugins-for-wordpress\/\">GDPR<\/a> was introduced to put additional protections on the personal data of EU citizens, expanding on those previously offered by the Data Protection Directive. Because it serves to protect the rights of EU citizens, <strong>any entity that gathers or processes their personal data must abide by GDPR, even if they\u2019re an entity registered in a non-EU country<\/strong>.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]The enforcement of the Regulation launched on 25 May 2018 to a rocky start, with surveys showing that up to <a href=\"https:\/\/www.itgovernance.eu\/blog\/en\/two-thirds-of-organisations-arent-gdpr-compliant\" target=\"_blank\" rel=\"noopener noreferrer\">two-thirds of organizations weren\u2019t GDPR-compliant<\/a>. <strong>GDPR fines, which can be up to $20 million or 4% of annual turnover in the year before, were levied in the thousands of euros in the first year, only to swell to millions in 2019<\/strong>. To this date, the biggest fine ordered under GDPR was the <a href=\"https:\/\/techcrunch.com\/2019\/07\/08\/uks-ico-fines-british-airways-a-record-183m-over-gdpr-breach-that-leaked-data-from-500000-users\/?guccounter=1\" target=\"_blank\" rel=\"noopener noreferrer\">\u00a3183.39 million British Airways had to pay<\/a> over a user data leak.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]The biggest change that came into effect with GDPR was the fact that it started applying to anyone who wants access to the EU market. <strong>So as long as EU citizens can access your website and you plan to gather some of their personal information, you are no longer capable of handling their data any way you want just because you\u2019re established outside of the EU<\/strong>.[\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"provisions-of-gdpr\"><\/a>What Are the Provisions of GDPR?<\/h2>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;21px&#8221;]<div class=\"qodef-single-image-holder    \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"389\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/05\/What-Are-the-Provisions-of-GDPR.png\" class=\"attachment-full size-full\" alt=\"What Are the Provisions of GDPR\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/05\/What-Are-the-Provisions-of-GDPR.png 700w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/05\/What-Are-the-Provisions-of-GDPR-300x167.png 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/05\/What-Are-the-Provisions-of-GDPR-620x345.png 620w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]So, let\u2019s say you have a website that collects data it then sends to third-party services for further processing. In the GDPR, a European citizen whose data you\u2019ve gathered is called the data subject. <strong>You, the owner of the website, are a data controller \u2014 an entity that decides why the data needs to be processed, and how the processing is supposed to happen<\/strong>. The entity that performs the processing is, of course, the processor. [\/vc_column_text][vc_empty_space height=&#8221;72px&#8221;][vc_column_text]<\/p>\n<h3 class=\"qodef-h5\">Adhering to the Stipulated Principles<\/h3>\n<p>[\/vc_column_text][vc_column_text]When a soon-to-become data subject lands on your website, you need to ensure that, if you\u2019re collecting data that is considered personal, said data needs to be:[\/vc_column_text][vc_empty_space height=&#8221;23px&#8221;]<ul class=\"qodef-unordered-list-item \">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Processed lawfully, fairly, and transparently. <\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item \">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Collected exclusively for legitimate purposes you specified. <\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item \">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Limited to the minimal extent needed for the purposes.<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item \">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Accurate and up to date.<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item \">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Stored in a way that makes the data subject identifiable only for as long as it\u2019s needed.<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item \">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Stored and processed in a way that ensures safety and confidentiality. <\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_column_text]As the controller, adherence to these principles is your responsibility. <strong>You\u2019ll also need to make sure that you have a legal basis for processing the data, as stated in the first principle<\/strong>. Processing data to comply with legal obligations, execute a contract, or pursue your legitimate interests while not infringing the rights of the data subject are some of the legal basis for processing you can use.[\/vc_column_text][vc_empty_space height=&#8221;72px&#8221;][vc_column_text]<\/p>\n<h3 class=\"qodef-h5\">Honoring the Rights of the Data Subject<\/h3>\n<p>[\/vc_column_text][vc_column_text]While you have to ensure that the data is collected and processed for a legally sound reason and that it is treated in a certain way, you also have to honor the rights of the data subject. This means, among other things, allowing them:[\/vc_column_text][vc_empty_space height=&#8221;23px&#8221;]<ul class=\"qodef-unordered-list-item \">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Access to information about the nature, purpose, extent, and even location of data gathering and processing.<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item \">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">To give consent for data processing and take it back. <\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item \">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">To pose restrictions on the processing you carry out on their data.<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item \">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">Access to all the data you gathered about them. <\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item \">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">The ability to ask you to erase all their data you have. <\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item \">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n            <span class=\"qodef-ul-title-content\">To ask you to rectify inaccurate data. <\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_column_text]While this might sound like a lot \u2014 and it sometimes is \u2014 you\u2019ll see that there are often easy solutions that can move you towards upholding the rights of the data subjects and adhering to all the principles. <strong>A checkbox here, a couple of words there can do wonders<\/strong>. [\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]But there\u2019s also some finesse in working towards GDPR compliance. So, using the latest version of WordPress and only using GDPR-ready plugins is a definite must. But is it all you should be doing? Probably not. You\u2019ll need to put in a bit more effort.[\/vc_column_text][vc_empty_space height=&#8221;72px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"wordpress-and-gdpr-compatibility\"><\/a>WordPress and GDPR Compatibility<\/h2>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;21px&#8221;]<div class=\"qodef-single-image-holder    \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"389\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/05\/WordPress-and-GDPR-Compatibility.png\" class=\"attachment-full size-full\" alt=\"WordPress and GDPR Compatibility\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/05\/WordPress-and-GDPR-Compatibility.png 700w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/05\/WordPress-and-GDPR-Compatibility-300x167.png 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/05\/WordPress-and-GDPR-Compatibility-620x345.png 620w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]WordPress has done its share of the work to help your website be GDPR compliant. Roughly a week before the enforcement of GDPR began, <a href=\"https:\/\/wordpress.org\/news\/2018\/05\/wordpress-4-9-6-privacy-and-maintenance-release\/\" target=\"_blank\" rel=\"noopener noreferrer\">WordPress 4.9.6 was released<\/a>, ensuring that WordPress&#8217; core product is GDPR-compliant. <strong>If you\u2019re using that version of WordPress or any that came after it, you\u2019re capable of giving consent options, building a Privacy Policy page, and exporting and erasing user data that was collected by WordPress and participating plugins<\/strong>.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]Plugins stepped up, too. WooCommerce, for example, made a page dedicated to informing store owners about <a href=\"https:\/\/woocommerce.com\/gdpr\/\" target=\"_blank\" rel=\"noopener noreferrer\">WooCommerce and GDPR compliance<\/a>. It started dealing with GDPR compliance with update 3.4, but it was also active in ensuring the core WordPress system has all the features it ended up having in version 4.9.6.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]Some plugin developers created plugins specifically to help with GDPR compliance. <strong>You can find a number of plugins that let you set up consent for the use of cookies, for example<\/strong>. There are a couple that can help test your website\u2019s compliance with the regulation, too.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]But it\u2019s important you understand that, even though the core WordPress product is GDPR-compliant, and you decided to use only the plugins that are GDPR-ready, it doesn\u2019t mean that your website is 100% compliant. <strong>APIs can affect your GDPR compliance, as can the extensions you use with your plugins<\/strong>. And remember, as the controller, it\u2019s your responsibility to ensure that everything that happens with data subjects\u2019 personal data is within the guidelines stipulated by GDPR.[\/vc_column_text][vc_empty_space height=&#8221;81px&#8221;][vc_widget_sidebar sidebar_id=&#8221;new-corporate-banner&#8221;][vc_empty_space height=&#8221;80px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"determine-compatibility\"><\/a>How to Know Is My Website GDPR Compliant?<\/h2>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;21px&#8221;]<div class=\"qodef-single-image-holder    \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"389\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/05\/How-to-Know-Is-My-Website-GDPR-Compliant.png\" class=\"attachment-full size-full\" alt=\"How to Know Is My Website GDPR Compliant\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/05\/How-to-Know-Is-My-Website-GDPR-Compliant.png 700w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/05\/How-to-Know-Is-My-Website-GDPR-Compliant-300x167.png 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/05\/How-to-Know-Is-My-Website-GDPR-Compliant-620x345.png 620w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]Because WordPress websites are so far away from being enclosed, static systems, you\u2019ll need a way to occasionally assess whether you\u2019re on the right side of the line with GDPR. So let\u2019s see what options do you have in this area.[\/vc_column_text][vc_empty_space height=&#8221;72px&#8221;][vc_column_text]<\/p>\n<h3 class=\"qodef-h5\">Perform a Self-Assessment<\/h3>\n<p>[\/vc_column_text][vc_column_text]A great way to ensure the level of compliance of your website with the GDPR is to perform a self-assessment. The <a href=\"https:\/\/www.dataprotection.ie\/en\/organisations\/resources-organisations\/self-assessment-checklist\" target=\"_blank\" rel=\"noopener noreferrer\">one provided by Ireland\u2019s Data Protection Commission<\/a> will, for example, guide you through areas ranging from personal data and data subject rights to data security and breaches.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]After answering all the questions, <strong>you\u2019ll have a much clearer picture of how your website handles visitors\u2019 data and what you can do to make it better<\/strong>. The only downside is that, usually, you will need a bit of knowledge about GDPR, its principles, and the terminology used before you\u2019re able to navigate these self-assessment tests.[\/vc_column_text][vc_empty_space height=&#8221;72px&#8221;][vc_column_text]<\/p>\n<h3 class=\"qodef-h5\">Get a Website Audit<\/h3>\n<p>[\/vc_column_text][vc_column_text]Some businesses will offer a website audit as a service. Ideally, you\u2019d want someone who understands both the European legal landscape and the intricacies of web design and online security to have a look. [\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]<strong>There are also automated tools you can use for the same purposes<\/strong>. You can find tools that can assess the areas where you must put in a little bit of extra work to bridge the gap and get your website compliant.[\/vc_column_text][vc_empty_space height=&#8221;72px&#8221;][vc_column_text]<\/p>\n<h3 class=\"qodef-h5\">Go Nuclear \u2014 Don\u2019t Become a Subject of GDPR<\/h3>\n<p>[\/vc_column_text][vc_column_text]This might be the most drastic measure to remove yourself from under the thumb of the EU regulators, but for some websites, it might be worth it. <strong>The two ways you can do it are simple enough \u2014 you either collect data but ban European citizens from accessing your website, or you don\u2019t gather any data<\/strong>.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]The problem with these methods is that either way, you must give up something valuable. <strong>The European market is huge and affluent, so cutting it off would mean forgoing potential profits<\/strong>. On the other hand, <strong>if you don\u2019t gather any data, you\u2019ll have a tough time monetizing your website or making it work at all in some cases<\/strong>.[\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\"><a id=\"make-a-website-more-in-line-with-gdpr\"><\/a>How to Move Towards GDPR Compliance<\/h2>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;21px&#8221;]<div class=\"qodef-single-image-holder    \">\n    <div class=\"qodef-si-inner\" >\n                                    <img loading=\"lazy\" decoding=\"async\" width=\"700\" height=\"389\" src=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/05\/How-to-Move-Towards-GDPR-Compliance.png\" class=\"attachment-full size-full\" alt=\"How to Move Towards GDPR Compliance\" srcset=\"https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/05\/How-to-Move-Towards-GDPR-Compliance.png 700w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/05\/How-to-Move-Towards-GDPR-Compliance-300x167.png 300w, https:\/\/qodeinteractive.com\/magazine\/wp-content\/uploads\/2020\/05\/How-to-Move-Towards-GDPR-Compliance-620x345.png 620w\" sizes=\"auto, (max-width: 700px) 100vw, 700px\" \/>                        <\/div>\n<\/div>[vc_empty_space height=&#8221;38px&#8221;][vc_column_text]Even when you know where your website stands concerning GDPR compliance, you can have no idea how to take it that extra step or two in the right direction. There\u2019s no single method that can ensure that your website is absolutely compliant, but if you combine a couple of them, your chances of creating a website that will conform to all the rules set forth by the lawmakers from Brussels go up.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]Here are some of the things you should do to make your website more GDPR compliant. [\/vc_column_text][vc_empty_space height=&#8221;72px&#8221;][vc_column_text]<\/p>\n<h3 class=\"qodef-h5\">1. Consult a Professional<\/h3>\n<p>[\/vc_column_text][vc_column_text]Once again, we have to restate that reading a blog post about GDPR is not the same as getting valid legal advice from an expert. Whether you hire a legal theme to perform an audit or put your legal counsel in the team that\u2019s putting the compliance measures in place, <strong>make sure that there\u2019s someone who understands both the law and the tech involved<\/strong>. At the very least, have them perform an audit after you\u2019ve done every other thing on this list.[\/vc_column_text][vc_empty_space height=&#8221;72px&#8221;][vc_column_text]<\/p>\n<h3 class=\"qodef-h5\">2. Make Sure You Understand What Personal Data You Gather and Why<\/h3>\n<p>[\/vc_column_text][vc_column_text]One of the more important things GDPR did was update the <a href=\"https:\/\/gdpr.eu\/eu-gdpr-personal-data\/\" target=\"_blank\" rel=\"noopener noreferrer\">definition of personal data<\/a> to include any type of data you can relate to an identifiable person, including IP addresses, RFID tags, and cookie identifiers.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]<strong>You should take the plugins you\u2019re using, APIs, extensions, and pour over their documentation in search of the explanation of the data they gather<\/strong>. Everything from Google Analytics to your store\u2019s payment processing service needs to be examined, and you need to be aware of which piece of data goes where. You are accountable for it all as a controller.[\/vc_column_text][vc_empty_space height=&#8221;72px&#8221;][vc_column_text]<\/p>\n<h3 class=\"qodef-h5\">3. Let the Visitors Know What You\u2019re Gathering and Why and Give Them the Ability to Consent<\/h3>\n<p>[\/vc_column_text][vc_column_text]Your Privacy Policy, Terms of Use, and other documents should contain a reference to the use of personal data where appropriate. You have to disclose the data you\u2019re gathering and the reason why you\u2019re doing it. [\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]You can rely on the Privacy Policy WordPress now generates by default if you\u2019re new to creating these kinds of documents, at least for inspiration. <strong>The Policy should reflect the data you collect and the reasons you have for collecting it<\/strong>.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]Also, keep in mind that consent needs to be explicit under GDPR, and <strong>it needs to be provided in an active manner<\/strong>. So you have to give users something to do that signifies their explicit consent to have their data processed. Usually, a checkbox will do.[\/vc_column_text][vc_empty_space height=&#8221;72px&#8221;][vc_column_text]<\/p>\n<h3 class=\"qodef-h5\">4. Review All the Points Where You Gather Data<\/h3>\n<p>[\/vc_column_text][vc_column_text]Some plugins have to collect personal data to work properly. Other plugins have data collection as their sole purpose. You\u2019ll need to revisit specimens of both kinds that have their place in your website and check if they\u2019re compliant. <strong>Remember, consent is usually the easiest ground to legalize data processing, but it\u2019s not the only one<\/strong>.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]Here are some of the more popular services and plugins and how you can go about making them GDPR compliant:[\/vc_column_text][vc_empty_space height=&#8221;23px&#8221;]<ul class=\"qodef-unordered-list-item \">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n                        <span class=\"qodef-ul-title\">\n                <span class=\"qodef-ul-title-text\">Contact forms<\/span>\n            <\/span><span class=\"qodef-ul-mark\">: <\/span><span class=\"qodef-ul-title-content\">If your contact form doesn\u2019t have a checkbox for consent, you can use a plugin to add one. For Contact Form 7, for example, you can use the <a href=\"https:\/\/wordpress.org\/plugins\/wp-gdpr-compliance\/\" target=\"_blank\" rel=\"noopener\">WP GDPR Compliance plugin<\/a>.<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item \">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n                        <span class=\"qodef-ul-title\">\n                <span class=\"qodef-ul-title-text\">Comments<\/span>\n            <\/span><span class=\"qodef-ul-mark\">: <\/span><span class=\"qodef-ul-title-content\">Websites usually use cookies to save users\u2019 email addresses, user names and other information when leaving a comment, so they don\u2019t have to fill them out again the next time they\u2019re visiting and commenting. Here you\u2019ll want to <a href=\"https:\/\/qodeinteractive.com\/magazine\/gdpr-checkbox-in-wordpress\">set up a comments cookies opt-in checkbox<\/a> that will give them a choice.<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item \">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n                        <span class=\"qodef-ul-title\">\n                <span class=\"qodef-ul-title-text\">Google Analytics<\/span>\n            <\/span><span class=\"qodef-ul-mark\">: <\/span><span class=\"qodef-ul-title-content\">Google\u2019s made it easy for you by allowing you to anonymize IP addresses automatically, and to set data expiry rules.<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item \">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n                        <span class=\"qodef-ul-title\">\n                <span class=\"qodef-ul-title-text\">WooCommerce<\/span>\n            <\/span><span class=\"qodef-ul-mark\">: <\/span><span class=\"qodef-ul-title-content\">Your best bet would be to follow WooCommerce\u2019s <a href=\"https:\/\/woocommerce.com\/posts\/gdpr-compliance-woocommerce\/\" target=\"_blank\" rel=\"noopener\">introduction to GDPR compliance for stores<\/a>. And then go over all the plugins and extensions and make sure they comply, too.<\/span>        <\/div>\n            <\/li>\n<\/ul><ul class=\"qodef-unordered-list-item \">\n    <li>\n\t        <div class=\"qodef-ul-title-holder\">\n                        <span class=\"qodef-ul-title\">\n                <span class=\"qodef-ul-title-text\">Third-Party APIs<\/span>\n            <\/span><span class=\"qodef-ul-mark\">: <\/span><span class=\"qodef-ul-title-content\">See which of the APIs gather data and why, and then either remove them or find a legal base for data collection under GDPR.<\/span>        <\/div>\n            <\/li>\n<\/ul>[vc_empty_space height=&#8221;4px&#8221;][vc_column_text]<\/p>\n<h3 class=\"qodef-h5\">5. Add a Cookie Consent<\/h3>\n<p>[\/vc_column_text][vc_column_text]If you haven\u2019t already, install one of the many plugins that inform the users about cookies and asks for their consent. <a href=\"https:\/\/wordpress.org\/plugins\/cookie-law-info\/\" target=\"_blank\" rel=\"noopener noreferrer\">GDPR Cookie Consent<\/a> is a popular option.[\/vc_column_text][vc_empty_space height=&#8221;72px&#8221;][vc_column_text]<\/p>\n<h3 class=\"qodef-h5\">6. Provide Data Portability Options<\/h3>\n<p>[\/vc_column_text][vc_column_text]Your website visitors should be able to retrieve from you every single piece of their data that you\u2019ve gathered. They should also be able to ask you to delete their data. Since WordPress 4.9.6, you\u2019re able to comply with these requests. You just need to be able to receive them.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]<strong>The solution to this issue can be as simple as putting your email address in the Privacy Policy and letting website visitors know they can use it to request a copy of their data<\/strong>. You can also use contact form plugins with custom request form templates to make it all look a bit fancier.[\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]When you receive a request, head over to your dashboard and, Under <em><strong>Tools<\/strong><\/em>, navigate to either <em><strong>Erase Personal Data<\/strong><\/em> or <em><strong>Export Personal Data<\/strong><\/em>. Here you\u2019ll find a list of website users who have requested to review their data or to have it removed. You will have to send them a request email and once it\u2019s confirmed, WordPress will automatically create a downloadable ZIP file, for users requesting data export. For erasure, the final step is deleting their data from your database.[\/vc_column_text][vc_empty_space height=&#8221;72px&#8221;][vc_column_text]<\/p>\n<h3 class=\"qodef-h5\">7. Revisit Your Security Provisions<\/h3>\n<p>[\/vc_column_text][vc_column_text]Hacking and other cybercrime acts often target user data and data security is one of the key GDPR principles. Frequent revisions of your website security measures is a good practice at any rate, and especially so when making sure your website is GDPR-compliant. [\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]In addition to using one of the many excellent <a href=\"https:\/\/qodeinteractive.com\/magazine\/wordpress-security-plugins\/\">WordPress security plugins<\/a>, you may also want to consider using HTTPS protocol. Together with SSL, this protocol protects the data transfer between you and your users. These days, both these solutions are basically a given &#8211; a lot of browsers have settings that notify users when they\u2019re accessing a non-HTTPS website, and SSL certificates are included in all the best hosting packages. Still, if you\u2019re not using them yet, <a href=\"https:\/\/qodeinteractive.com\/magazine\/add-ssl-wordpress\/\">now\u2019s the time to start<\/a>. And make sure to check out our <a href=\"https:\/\/qodeinteractive.com\/magazine\/ultimate-wordpress-security-checklist\/\">ultimate WordPress security checklist<\/a> to make sure you\u2019re covering all the angles.[\/vc_column_text][vc_empty_space height=&#8221;72px&#8221;][vc_column_text]<\/p>\n<h3 class=\"qodef-h5\">8. Report a Breach if It Happens<\/h3>\n<p>[\/vc_column_text][vc_column_text]Under the GDPR, you have an obligation to inform authorities about data breaches within 72 hours of their occurrence. If the breach presents a high risk to an individual, you should let them know, too.[\/vc_column_text][vc_empty_space height=&#8221;72px&#8221;][vc_column_text]<\/p>\n<h3 class=\"qodef-h5\">9. Consider Server-Side Tracking<\/h3>\n<p>[\/vc_column_text][vc_column_text]Server-side tagging and tracking is one of the solutions that\u2019s recently been touted as a great workaround for cookie deprecation and reduced client-side tracking abilities. In this form of tracking, data is collected and processed on the server, which means more secure and reliable data management. Server-side tagging or tracking will not make you automatically GDPR-compliant, as you\u2019ll still have to implement things like consent management, data privacy provisions, data erasure when requested, and so on. In addition, you will still require user consent. But, you will get to control which data third parties get, remove sensitive data and personally identifiable information, as well as modify it before sending it to any vendor. [\/vc_column_text][vc_empty_space height=&#8221;68px&#8221;][\/vc_column][\/vc_row][vc_row][vc_column][vc_column_text]<\/p>\n<h2 class=\"qodef-h4\">Let\u2019s Wrap It Up!<\/h2>\n<p>[\/vc_column_text][vc_column_text]The EU\u2019s General Data Protection Regulation sure can be tough. But if you want people from the EU to visit your website, it\u2019s a reality you simply have to deal with. But you shouldn\u2019t let that scare you \u2014 many websites are managing to color within the lines as set by the Regulation. [\/vc_column_text][vc_empty_space height=&#8221;28px&#8221;][vc_column_text]There\u2019s no reason why you wouldn\u2019t be one of them. There is work that needs to be done, if you want to be sure that you\u2019re reasonably compliant with the GDPR, that\u2019s for sure. But if you\u2019re thorough and use the very principles GDPR has in its core as your guidelines, you have every chance of creating a safe environment for your website visitors\u2019 information. And that is, after all, the reason why you should be chasing after WordPress GDPR compliance. [\/vc_column_text][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Need help with WordPress GDPR Compliance? We might not offer legal advice, but this article might give you a good overview of the subject matter.<\/p>\n","protected":false},"author":9295,"featured_media":7789,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[29,4,13],"class_list":["post-7079","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-resources","tag-business","tag-tips","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/posts\/7079","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/users\/9295"}],"replies":[{"embeddable":true,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/comments?post=7079"}],"version-history":[{"count":0,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/posts\/7079\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/media\/7789"}],"wp:attachment":[{"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/media?parent=7079"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/categories?post=7079"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qodeinteractive.com\/magazine\/wp-json\/wp\/v2\/tags?post=7079"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}