As of May 25, 2015, the General Data Protection Regulation or GDPR has been made mandatory for all websites based in the European Union (EU) and also for those that are not based there but have site visitors from the EU. There have been a lot of concerns regarding the compliances that need to be met and website owners are trying to ensure that they don’t miss out since the penalty and fines for non-compliance are very steep. Although it is recommended that you consult a lawyer or a GDPR professional for the same, here is a guide to help you make your WordPress website GDPR compliant.
Update your WordPress to Version 4.9.6 (or higher)
In the version 4.9.6, WordPress has added multiple privacy setting to the WordPress core. By updating your WordPress, you can tick many boxes from the GDPR compliance list in one shot. Here are some features of this version:
- Comments Cookie Opt-in
- Addition of two new options under Tools:
- Export Personal Data
- Erase Personal Data
Regardless of the GDPR, keeping your WordPress updated is necessary. If you find yourself struggling with time to manage the technical aspects of your website, then you can opt for a Managed WordPress Hosting plan which ensures automatic WordPress updates along with a plethora of other benefits like automatic backups, dedicated support staff, pre-installed WordPress, etc.
User Consent on Contact Forms
If you have a contact form on your site, then ensure that you add a checkbox for user consent.
User Consent for Newsletters
Users should have the option of requesting or deleting their information
According to GDPR, every user should be able to add or delete personal information on your website. Depending on the size of your site and the user-base, create a contact form to allow users to submit such requests.
Policy Update and Data Breach Notifications
If you offer user accounts on your website, collect user information or maintain a newsletter, then you need to notify the users whenever there is a policy update or a data breach.
Before concluding the article, we would like to reiterate that this by no means is an exhaustive list. We have managed to include some tips based on our experience. It is recommended that you seek the services of a GDPR professional or a lawyer to ensure that you don’t miss any regulation under GDPR. Respect the privacy of your users, and you might earn their never-ending trust and loyalty!