On 25th May 2018, the GDPR (General Data Protection Regulation) enacted by the EU will come into effect.
The aim of the GDPR is to give citizens of the EU control over their personal data and change the approach of organizations across the world towards data privacy.
In the nice infographic by European Commission it’s clearly illustrated the data protection process including a summary of site owners’ obligations in regards to collecting data related to EU citizens:
– tell the user who you are, why you collect the data, for how long, and who receives it
– get a clear consent (when required) before collecting any data
– let users access their data, and take it with them
– let users delete their data
– let users know if data breaches occur
Some usual ways in which a standard WordPress site (and third party plugins) might collect user data:
– user registrations
– contact form entries
– analytics and traffic log solutions
– any other logging tools and plugins
– security tools and plugins
The GDPR for WordPress project has two aims: help plugin developers with a simple solution to GDPR validate their plugins and offer Website Administrators the overview and tools to handle the administrative tasks involved with being GDPR compliant.
While developers are working to include GDPR in the WordPress core, various GDPR plugins have been released.
Finally a list of useful resources about GDPR and WordPress:
The Complete WordPress GDPR Guide by codeinwp.blog
Checklist: Is Your WordPress Website GDPR Compliant? by WPUPGRADER
Is Your Website GDPR Compliant? How to Get Ready for the General Data Protection Regulations by wpmudev
GDPR compliance verification tool by Cookiebot
With the release of WordPress 4.9.6 you can find these new features about GDPR:
– readers that leave a comment can choose to allow name, e-mail and web site are saved on the browser. If the checkbox is checked the preferences will be stored in a cookie.
– there is a new Privacy entry on the settings that allows to choose an existing page or write a new page. There is a guideline about what content to include, you have to adapt it about your needs.
– manage users data feature. 2 tools have been added: export and import user data.