As of May 25, 2015, the General Data Protection Regulation or GDPR has been made mandatory for all websites based in the European Union (EU) and also for those that are not based there but have site visitors from the EU. There have been a lot of concerns regarding the compliances that need to be met and website owners are trying to ensure that they don’t miss out since the penalty and fines for non-compliance are very steep. Although it is recommended that you consult a lawyer or a GDPR professional for the same, here is a guide to help you make your WordPress website GDPR compliant.
Update your WordPress to Version 4.9.6 (or higher)
In the version 4.9.6, WordPress has added multiple privacy settings to the WordPress core. By updating your WordPress, you can tick many boxes from the GDPR compliance list in one shot. Here are some features of this version:
- Comments Cookie Opt-in
- Addition of two new options under Tools:
- Export Personal Data
- Erase Personal Data
- Privacy Policy Generator
Regardless of the GDPR, keeping your WordPress updated is necessary. If you find yourself struggling with time to manage the technical aspects of your website, then you can opt for a Managed WordPress Hosting plan which ensures automatic WordPress updates along with a plethora of other benefits like automatic backups, dedicated support staff, pre-installed WordPress, etc.
Update your Privacy Policy
Update your privacy policy to include disclosures with respect to all cookies and data collected on your website.
User Consent on Contact Forms
If you have a contact form on your site, then ensure that you add a checkbox for user consent.
User Consent for Newsletters
You also need to take consent from every user before sending them newsletters. You can either create a checkbox on the opt-in form or make adequate changes to your privacy policy.
Cookie Notice
According to the EU Cookie Law, you must disclose the use of cookies in your privacy policy and add a cookie disclosure and acceptance notice on the first page visited by a user.
Users should have the option of requesting or deleting their information
According to GDPR, every user should be able to add or delete personal information on your website. Depending on the size of your site and the user-base, create a contact form to allow users to submit such requests.
Policy Update and Data Breach Notifications
If you offer user accounts on your website, collect user information or maintain a newsletter, then you need to notify the users whenever there is a policy update or a data breach.
Summing Up
Before concluding the article, we would like to reiterate that this by no means is an exhaustive list. We have managed to include some tips based on our experience. It is recommended that you seek the services of a GDPR professional or a lawyer to ensure that you don’t miss any regulation under GDPR. Respect the privacy of your users, and you might earn their never-ending trust and loyalty!