How to get your WordPress Site to Comply with GDPR Regulations

From May 25, 2018, the General Data Protection Regulation (GDPR) has taken effect. It’s a law passed by the European Union (EU) to protect the data of EU citizens that could identify an individual. This data is called PII or Personally Identifiable Information. It is applicable to all websites which have visitors from the EU. The data includes IP address, name, email address, income information, health details, etc. The law will hold businesses responsible for the way they collect, manage, and store the data.

gdpr wordpress

What are the GDPR regulations?

Ah well, that is a 200-page document! If we could summarize it, then it simply means that without the explicit consent of a person:

  • Businesses can’t send marketing emails or newsletters to him/her
  • Can’t sell their data

Further, if a user asks for deletion of his/her account and/or wishes to unsubscribe from a mailing list, then businesses have to comply. They need to report data breaches, if any and be careful about the way they manage and store data.

What areas of my website are affected by the GDPR?

While this depends on the type of plugins used on your website, we will list two most common areas that most websites need to work on to make their site GDPR compliant:

01. Contact Forms

The following aspects need to be considered if you are using a contact form on WordPress:

  • Consent from users to store their information and send them emails.
  • Immediately disable all cookies and IP tracking for forms.
  • Sign a data processing agreement with your SaaS provider, if the user data is being stored by the provider.
  • Adhere to all user requests for deletion instantly.

02. Google Analytics

Google Analytics uses a lot of personal data to offer website statistics. If you are using it, then ensure that –

  • Before you start storing and processing the data, you anonymize it.
  • Take user consent for tracking cookies.

There are many plugins available now that can help you automate at least some areas of GDPR compliance. Here are a few for your quick reference:

  1. WPForms – Offering all mandatory GDPR fields in their contact forms.
  2. Cookies Notice – A free plugin which adds the EU cookie notice and integrates with most analytics plugins.
  3. OptinMonster – A lead-generation software that helps increase conversions while being GDPR compliant.
  4. MonsterInsights – A plugin for Google analytics which offers an EU add-on for GDPR compliance.

Ending note

With the GDPR into effect, many websites have started focusing on security of the data as an important an integral part of running a website. While users are happy that the EU is looking after their privacy rights, as a website owner enhancing the security aspects of your website can go a long way in further winning the trust of your customers. Apart from ensuring that your website is GDPR compliant, the choice of hosting plays a huge role in offering a secure browsing option to users. At the end of the day if your site does not employ the latest security measures, then you are exposing data to potential hackers. Look for a WordPress Hosting provider who offers various security features like advanced antivirus, scanning and removal of malware, database backup using Codeguard, and DDoS protection, among others.