GDPR applies to all businesses, large and small, all over the world. If your site has visitors from European Union countries, this law applies to you. Although GDPR has the potential to escalate to the high level of fines, it will begin with a warning, a rebuke, a suspension of data processing, and if you continue to violate the law, high fines will be incurred.
The goal of GDPR is to protect the user’s personally identifiable information (PII) and keep businesses at a higher standard when it comes to how to collect, store and use such data.
Personal data includes name, e-mail, physical address, IP address, health information, income, etc. Now you’re probably wondering what you need to do to make sure your WordPress site is GDPR compliant. Well, by default, WordPress 4.9.6 now comes with the following GDPR enhancement tools …
Export data and delete resource
WordPress gives site owners the ability to meet GDPR’s data processing requirements and honor the user’s request to export personal data as well as the removal of personal data from the user.
GDPR compliant plugins
As a site owner, you may be using various WordPress plug-ins that store or process data such as contact forms, reviews, email marketing, online store, membership sites, etc. Depending on which WordPress plugins you are using on your site, you will need to take action to ensure that your site is GDPR compliant. In addition, plugins developers are creating GDPR plugin for WordPress.
Like most website owners, you’re probably using Google Analytics to get website statistics. This means that you may be collecting or tracking personal data such as IP addresses, user IDs, cookies, and other data for the behavior profile.
If you are using a contact form in WordPress, you may need to add extra transparency measures, especially if you are storing the form entries or using the data for marketing purposes.
Email marketing opt-in forms
Similar to contact forms, if you have email marketing application forms such as pop-ups, floating bars, in-line forms, and others, be sure to collect the explicit consent of users before adding them to the your list.
By default, WordPress used to store the commenters’ name, email, and website as a cookie on the user’s browser. This made it easy for users to leave comments on their favorite blogs because those fields were pre-filled. Due to the GDPR consent requirement, WordPress has added the comment consent checkbox. The user can leave a comment without checking this box. All this would mean that they would have to manually enter their name, email and website every time they left a comment.
WooCommerce / eCommerce
If you are using WooCommerce, the most popular e-commerce plugin for WordPress, then you need to make sure that your site complies with GDPR. The WooCommerce team has prepared a comprehensive guide for store owners to help them be compatible with GDPR.
If your website is running redirect pixels or retargeting ads, you’ll need to get the user’s consent. You can do this by using a plug-in such as Cookie Warning.