WordPress GDPR: What it means for your blog

by Blair Jersyer | WordPress Tutorials

If you pay attention to the news, you've probably seen this strange four-letter acronym appear more and more in webmasters ( maybe with a sense of panic ):

GDPR

What does it mean ? And do you need to worry about that as a regular webmaster?

In this tutorial, I'll give you a general overview of what GDPR is and how it might affect your WordPress site.

This is not legal advice ( even though I studied law for 4 years ), So I'm not a lawyer. But if you just want a good general understanding of what GDPR is, as well as how you should approach it on your WordPress site, you can read on.

What is GDPR?

wordpress-gdpr.png

GDPR, short for General Data Protection Regulation, is a European law that emphasizes data protection and user privacy. It is an update of the 1995 Data Protection Directive. Although the law was originally passed in 2016, it provided for a two-year grace period to allow compliance. This grace period is almost over and the GDPR will go into effect May the 25 2018.

So what is it ?

Well it's a little like those cookie notifications that you have seen appearing everywhere ... generally on French-speaking websites and even here on BlogPasCher.

While the cookie law has been limited to something - notifying users that you are using cookies on your site - GDPR goes much further and affects:

  • Storage of personal data
  • The processing of personal data

Personal data are defined quite broadly. It is “any information relating to an identified or identifiable natural person”. It's… like everything. Name, email address, IP address… and many more could be defined as personal data.

On the other hand, the processing of personal data is "any operation or set of operations carried out on personal data or on sets of personal data, whether by automated means or not". So even if you manually process this personal data, it still falls under the GDPR.

You can see the full text of these parts here .

So… that wording is pretty broad, isn't it?

In general, the GDPR requires you to:

  • Obtain consent for many actions, like storing someone's email when they leave a comment on your site
  • Give users access to the data you have about them, as well as an option to delete this data (the "right to be forgotten")
  • Inform users of any data breach (this is particularly difficult because many small webmasters may not be aware when a violation has occurred on their site)

What does GDPR mean to you WordPress users

Yes. At least according to the law. GDPR applies to all websites that process data from EU citizens ( which is pretty much every website in the modern world ).

Of course, it's not really possible to monitor every website on the Internet, and I'm sure millions of ignorant webmasters will go on without making any changes.

But by the letter of the law, GDPR almost certainly applies to you.

What happens if you ignore the GDPR?

Even though I am not a lawyer, I think it is unlikely that the EU will knock down your door because you do not implement its recommendations.

But the GDPR definitely has teeth ...

The potential fines are 20 million euros . Or, alternatively, 4% of your overall income ( although i think the first number is scarier for most of us ).

How does the GDPR protect WordPress sites?

The GDPR has implications for the wordpress software major. And most WordPress sites are likely to use plugins or features that fall under GDPR.

If you don't allow public records, you might not think you're collecting data from your visitors, but I bet you are doing it without necessarily knowing it:

Examples include:

  • Comments on your site ( WordPress logs email address, IP address, and name - do you remember that? )
  • User registrations ( obviously )
  • Entries from Contact form (especially if you store this information in your database)
  • All the analysis tools you use

Basically it affects you if you collect any kind of data, even unintentionally ( as with comments - when was the last time you looked at the data? ).

Does WordPress do anything about GDPR?

As you can see in the list above, some of the things that could put you in violation with the GDPR are actually WordPress functions.

That is, it's hard not to go against GDPR by just running WordPress.

To resolve this issue, the WordPress core team has a tag of compliance # gdpr course and work on how to build GDPR compliance in the wordpress software basic.

Discussions involve adding tools to the core to help webmasters become GDPR compliant, as well as documentation on what WordPress webmasters need to do to become GDPR compliant.

You can see a rough roadmap of these ideas on this GitHub page.

Moreover, it is not just the core team that needs to pay attention to GDPR. Plugin developers also have to take some responsibility to make their plugins compliant.

Responsive plugin developers are already doing this. For example, many plugins from Contact form have pages on GDPR compliance. You can see two examples below for:

WordPress plugins to help GDPR compliance

Beyond changes to the core WordPress software and plugins, some developers have also created plugins to help webmasters comply with the GDPR.

So far, the most popular option seems to be the WP GDPR Compliance plugin from Van Ons.

In addition to providing you with a handy checklist for the changes you need to make manually, it also offers integrations for:

With these integrations, you can enable compliance in one click:

activate features in one click.png

A second option is the AppSaloon WP GDPR plugin .

It gives users a page where they can request their user data. Users can then see all their data and request to delete it if necessary. This also includes add-ons for:

  • Gravity Forms
  • MailChimp
  • WooCommerce
  • The calendar of events
  • Event Manager

wordpress-gdpr-2 plugin.jpg

What should the average WordPress user do about GDPR?

Again, I am not a lawyer. This is not legal advice.

As an average WordPress user, the situation is not as bad as a global digital business that will bring attention to compliance issues.

If you are in the EU or receive a lot of traffic from the EU, you should:

  • Keep an eye on what the core team is doing to know when to activate certain features on your site.
  • See if any of your plugins that collect user information have provided documentation on how to comply with GDPR. As I showed you above, many popular plugins have done this before.
  • Consider using a plugin like WP GDPR Compliance if you are worried.

That's all there is to know about GDPR. Have you already started to implement this on your site? Do not hesitate to share your experience.

Submit comment

Your email address will not be published. Required fields are marked with *

This site uses Akismet to reduce unwanted. Learn more about how your comments data is used.