GDPR Compliance checks and WordPress

Is WordPress GDPR Compliant?

Yes, as of WordPress 4.9.6, the WordPress core software is GDPR compliant. The WordPress core team has added several GDPR enhancements to make sure that WordPress is GDPR compliant. It’s important to note that when we talk about WordPress, we’re talking about self-hosted WordPress.org (see the difference: WordPress.com vs WordPress.org).

Having said that, due to the dynamic nature of websites, no single platform, plugin or solution can offer 100% GDPR compliance. The GDPR compliance process will vary based on the type of website you have, what data you store, and how you process data on your site.

Ok so you might be thinking what does this mean in plain english?

Well, by default WordPress 4.9.6 now comes with the following GDPR enhancement tools:

Comments Consent

WordPress Comments Opt-in for GDPR

By default, WordPress used to store the commenters name, email and website as a cookie on the user’s browser. This made it easier for users to leave comments on their favorite blogs because those fields were pre-populated.

Due to GDPR’s consent requirement, WordPress has added the comment consent checkbox. The user can leave a comment without checking this box. All it would mean is that they would have to manually enter their name, email, and website every time they leave a comment.

Update: If your theme is not showing the comment privacy checkbox, then please make sure that you have updated to WordPress 4.9.6 and are using the latest version of your theme. Also please make sure that you are logged-out when testing to see if the checkbox is there.

If the checkbox is still not showing, then your theme is likely overriding the default WordPress comment form. Here’s a step by step guide on how to add a GDPR comment privacy checkbox in your WordPress theme.

Data Export and Erase Feature

WordPress Data Handling - GDPR

WordPress offers site owners the ability to comply with GDPR’s data handling requirements and honor user’s request for exporting personal data as well as removal of user’s personal data.

The data handling features can be found under the Tools menu inside WordPress admin.

Privacy Policy Generator

WordPress Privacy Policy Generator for GDPR

WordPress now comes with a built-in privacy policy generator. It offers a pre-made privacy policy template and offer you guidance in terms of what else to add, so you can be more transparent with users in terms of what data you store and how you handle their data.

These three things are enough to make a default WordPress blog GDPR compliant. However it is very likely that your website has additional features that will also need to be in compliance.

Areas on Your Website that are Impacted by GDPR

As a website owner, you might be using various WordPress plugins that store or process data like contact formsanalyticsemail marketingonline storemembership sites, etc.

Depending on which which WordPress plugins you are using on your website, you would need to act accordingly to make sure that your website is GDPR compliant.

A lot of the best WordPress plugins have already gone ahead and added GDPR enhancement features. Let’s take a look at some of the common areas that you would need to address:

Posted on: May 27, 2018, by :