In 2016 the European Union introduced a law named General Data Protection Regulation law(GDPR) which is a regulation of internet privacy and data protection for individuals living in the European Union countries. This law has been enforced since 2018 and is required to be met by all websites operating in the EU. GDPR exists to allow users on the internet to control access over their data and stop websites from selling or using your personal data without your permission.
The GDPR law is applied to any website that wants to provide content to any user in the European Union. The fines for being incompliant with GDPR is quite hefty, from simple reprimanding to a fine of €20 Million or 4% of annual global revenue. Thus if you want users from the European Union to view your website content, it’s best to make sure that your entire website is compliant.
However, users might find doing so quite confusing which is why we’ve created this article for you. Today’s blog on Beautiful Theme aims to clarify the concept of GDPR WordPress and help users to understand it better.
What is GDPR and how is it helpful?
GDPR is a law that exists to protect internet consumers and their privacy. After recent incidents with Facebook and internet users prioritizing their internet safety, the EU decided to implement this law to ensure that website owners can’t use or sell off the data of the users without their permission. The law also clarifies that users have the right to view what data the website has stored and to remove it whenever necessary. This discourages companies like Google and Facebook from haphazardly using collected data from users.
Thus you are required to provide users with the ability to view/delete their accounts and all data related to it when they want. Furthermore, businesses aren’t allowed to sell or collect data from users without their explicit consent, and email subscriptions lists can be unvouched by the users whenever they want. GDPR also ensures that any data breaches and loss of data have to be reported to all users by the businesses.
Is WordPress itself GDPR compliant?
The simple answer is, Yes, WordPress and its tools are inherently GDPR compliant. WordPress not only has its own GDPR Compliance team but also seeks to help WordPress users to solve any GDPR related issue. This includes assisting users to create comprehensive privacy policies, helping to develop GDPR ready plugins, and adding tools to encourage user privacy and privacy law compliances.
However, this doesn’t necessarily mean that your website itself is GDPR compliant. Each website owner has to take the right steps to ensure that their website covers all the regulations involved. And thus this will be today’s topic on Beautiful Themes: What you can do to make your website compliant.
Making your website GDPR compliant:
There are a few main points you must consider when you are trying to cover GDPR compliance on your website. These main points include:
1) Rights to data
Your website is required to provide the user’s information about any data collected from them. This also includes informing them on how, where and why their data is stored or processed. Furthermore, individuals are also provided access to this data and are allowed to delete it. This also includes unsubscribing them from email lists when they ask to do so or delete their accounts.
2) Explicit Consent
Collection of data from any user living in the European Union will require explicit consent from them. To send emails and various offers to them, you will be required to ask them for their consent to do so. A clean opt-in option has to be used for receiving explicit consent. This prevents websites from taking user’s data first and then adding a simple option in their account settings to opt out. Furthermore, you have to separate this consent request from Terms of Services agreements as well as other terms and conditions.
3) Breach notification
Whenever a significant data breach occurs on your website, website owners are required to inform all the individuals affected. This notification should be provided to users within 72 hours of the breach. This notification should be provided with full information about the breach as well.
4) Data protection officers
This is a section more oriented towards public companies or companies that handle or process personal data for its users. For these companies to operate in the EU, they would require a Data protection officer. These data protection officers deal with anything related to GDPR and Internet privacy as a whole. This, however, isn’t applied to small businesses or bloggers at all.
Making your Website GDPR Compliant
There are multiple steps you can take to ensure that your website is as GDPR compliant as possible. Let’s take a look at some of these below:
WordPress Personal Data handling Tools
WordPress inherently has tools made to comply with GDPR’s regulations that allows you to request users to export data as well as delete it on demand. To check out this feature, open your WordPress admin dashboard and hover over Tools on the sidebar.
Clicking on Export personal data will take you to the page where you can send emails request emails for saving and exporting personal data. Enter the required email address or username on the top field and then click on Send request.
Similarly, clicking on Erase personal data lets, you simply delete personal data of any user that has accepted your data requests as well.
Privacy policy Generator
WordPress also allows you to easily set up a Privacy policy page on your website. Privacy Policy page helps you clarify various interactions regarding users regarding their data and thus help your website be more GDPR compliant. To do this, simply hover over your Settings listing on the dashboard and click on Privacy.
Here you can assign a page or create a new page to act as your privacy policy page. You can use privacy policy templates and add in more details to comply with various GDPR terms this way and even be more clear about how your website will handle the user’s data.
Adding the GDPR addon on Google analytics
Like most smart website owners you might be using a Google analytics tool to collect website data as well. However, there are chances that you might be collecting user data such as user IDs, IP addresses and more. So, to be more transparent with this you can use add-ons or additional settings for your analysis plugin. This includes adding a data anonymity feature to make the data anonymous before processing. You can also add a nifty popup or an overlay that informs about the website collecting data and saving cookies. For accepting the consent, a simple I accept button can serve you well too.
For example, let’s take Google analytics by MonsterInsights for this demo. To disable User tracking on this plugin, just click on the Insights listing on your dashboard and then click on Settings underneath it.
Then click on Tracking and then on the Demographics option. Here you can remove the tick from Enable demographics checkbox. Then, check in Anonymize IP addresses to help your website be more GDPR compliant regarding Google analytics.
Making your Contact forms GDPR compliant
If you’re using Contact forms such as Everest forms, you might want to consider making them GDPR compliant as well. Furthermore, form entries can be saved for future uses, so, you should consider being more transparent about how this procession and collection of these forms.
Some of the tips you can use are:
- Adding a checkbox to receive consent from your users regarding the Form entries and its data.
- Adding an extra checkbox to receive consent regarding Email subscription lists and other data marketing usage.
- Being transparent about form deletion requests.
- Disable cookies, IP tracking and User-agent for form entries.
To disable saving IP addresses and User agents on Everest forms, simply hover over Everest forms listings on the Dashboard and click on Settings. Under General options, a simple option to Disable tracking will be provided. This option will be enabled by default on Everest forms.
Enabling a Notice pop up to receive user’s consent
If your website collects data, saves cookies, used retargeting ads and related such marketing tools, then it’s important to have some kind of notification plugin to inform users about this. You also require the user’s consent beforehand with a check-in option. So, before collecting any of this data, so a simple “I agree” button is necessary to this popup. For this, you can use a GDPR WordPress Notice plugin such as Cookie Notice.
After you install the plugin, hover over Settings on your dashboard and click on Cookie notice. Here, you can simply change your message to be more transparent about your user’s data. Change Button text to your desire, link your Privacy policy page and scroll down and click on Save changes.
You can also add more details and options to your GDPR WordPress compliant notice. This includes adding a Refuse cookies option, adding Google analytics snippets, enabling auto reload after accepting, cookie expiry and more. You can freely play around with these options. You can also customize the notice and the buttons itself to fit your website better.
Concluding:
Using these tips and ideas, you can ensure that your WordPress website and blogs are as GDPR compliant as possible. Furthermore, if you own an E-commerce website and are using WooCommerce, then you might have to take a few extra steps. You can learn about all the GDPR requirements regarding E-Commerce markets here.
Furthermore, if you want to learn more about managing your site and appealing to a larger audience, consider checking out some of our other articles: