GDPR is the General Data Protection Regulation. It is an EU (European Union) regulation (law) that is being put into place to protect privacy rights and increase transparency.

Though you may not be in the EU, you still need to conform to the regulation if any of your website viewers or clients are in the EU. The penalty for not complying could be up to 4% of your annual global turnover or €20 Million (Currently $23,617,500).

Though it can seem overwhelming, WordPress is helping its users comply with several of the requirements

What Do I Have To Do To Comply?

The general idea is that people have to be completely informed and give consent to opt-in and share their data. They must be able to access and remove their data, and you must keep their data secure. This means you must:

  • Have a privacy policy that is easily accessible (i.e. in your footer menu) and contains all aspects of what you do with personal data, including the length of time stored, how it’s stored, and what you plan to do with it.
  • Allow for people to opt-in to sending you their information (no pre-checked boxes on email subscribes / customer orders / comments).
  • Obtain opt-in permission of your current mailing lists, even if you’ve previously gotten permission.
  • Get permission before doing… some are saying this means ad loading and even the loading of Google fonts on your page need to be paused until permission is given to load them.
  • Encrypt user data

WordPress

WordPress is getting ready for the GDPR conformation. On May 17, 2018, WordPress rolled out version 4.9.6. This version includes new features such as:

  • A Privacy Policy document generator
  • Giving wording options to include in your privacy policy
  • User data request verifications
  • Exporting user personal data
  • Erasing user personal data
  • Comment form anonymizer
  • Comment form opt-in

You can learn more from WordPress.org

Plugins

Plugins will now be adding privacy information that you can also add to your privacy policy.

Additionally, many plugin creators are helping users with complying.

Our most used plugins:

WooCommerce

They are adding additional security settings due out on May 23, 2018:

  • Privacy Policy notice on checkout
  • No longer saves guest data upon cart cancellation
  • Erasure of customer personal data, while still keeping order information.

Mail Poet

MailPoet has stated that they are working to be GDPR compliant by May 25, 2018 – look for an update soon!

Elegant Themes (Including Divi, Bloom and Monarch)

Elegant Themes has stated in their comment responses that they are working on making it easier for their users to make their contact forms and plugins GDPR compliant. An official statement as to exactly what will be included in these updates has not been made.

GDPR Confused?

Many people are confused about this regulation. We recommend using this GDPR Compliance checklist to verify your compliance.

This will be a last minute – mad dash for most involved. It’s best to educate yourself and do the parts of the checklist that are definitely your responsibility. Then, wait to see what you will need after the major players (WordPress and WooCommerce) have introduced their new settings. The final date for full compliance – May 25, 2018.