You’ve probably heard a lot about GDPR lately. The General Data Protection Regulation was adopted in the Spring of 2016 and goes into effect in all 28 EU countries on May 25th, 2018. It was created with the goal of giving European citizens more control over their data privacy. The regulation lays out new rights for people whose personal data is being handled, as well as new responsibilities for organizations or people who are handling this data. The moment you handle personal data of an EU citizen, you become subject to the GDPR regardless of where you or your business is located. With the global nature of the Internet, most businesses worldwide are using this as a wakeup call to get their house in order and have better privacy policies all around for everyone, not just EU citizens.
Short of purging everyone from the EU off of your mailing lists and installing Geo-IP detection to block anyone from that region from ever visiting or doing business with your website after May 25th, it’s best to take the time and become compliant with the new regulations.
That being said, if your site is not compliant yet, don’t panic. Simply continue to work towards compliance and get it done as soon as possible. The chances of you catching a fine the day after this rule goes in effect are practically zero. The European Union’s website states that first, you’ll get a warning, then a reprimand. Fines are the last step if you fail to comply with those warnings and purposely ignore the new law.
While all this might sound scary, the EU is not out to get you. They’re actually doing this to protect data and hopefully lessen the number of breaches happening on a regular basis from systems that have been notoriously lax with the data of their users.
Because GDPR has no clear-cut rules, different tactics are being used to make sure that data is in compliance, while also not sacrificing user experience.
Here are some things you can do to get started being GDPR compliant if you’ve got a WordPress website and a mailing list.
As of WordPress 4.9.6, which was released in early May 2018, the WordPress core software is GDPR compliant and has several enhancements to make sure that your WordPress-based website is GDPR compliant. We’re talking about a self-hosted WordPress website here, not a WordPress.com website.
The GDPR compliance process will vary based on the type of website you have, what data you store, and how you process data on your site.
GDPR Enhancements in WordPress
WordPress now asks if it’s ok to place a cookie on the visitors browser to save their information for next time. Previously, the software would just do it. The new rules require the consent.
Export & Erase Personal Data
This new option in the Tools section of the WP Admin offers site owners the ability to comply with GDPR’s requirements for data handling. It allows you to better honor the request of your users to export their data, or erase it completely.
Compliance in Commonly Used WordPress Plugins
If you’re using WooCommerce to sell products or services on your site, you’re most likely collecting additional data like mailing addresses and phone numbers.
You’ll want to check out the comprehensive guide the WooCommerce team put out to help you be GDPR compliant.
You should also try to include WordPress’ new ability to export and erase personal data and/or options for them to completely remove themselves somewhere in your membership dashboard.
Email Marketing and Mailing Lists
If you are subscribed to a lot of mailing lists, you’ve probably been inundated with messages to “confirm your subscription” to continue to receive updates from people you have subscribed to in the past. This form of GDPR compliance is asking people on your list to review their information and positively affirm they still want to be contacted by you and accept your privacy and data policies.
This is the conservative approach and appears to be the most common method currently being deployed to become compliant.
Some people are scrapping their entire lists and starting over. That is the more extreme approach.
We recommend the conservative approach and reaching out to your list to confirm. You can also take some time to go through and check engagement data. If someone has not opened an email from you in years, chances are, they probably wont in the future. In that case, it would be safer for you (and help your with your compliance), to simply remove them from your list and never email them again.
GDPR doesn’t have to be scary. The law is there to protect you. At the core level, simply put strict transparent policies in place, and treat your users data with respect. Use strong passwords and security measures to prevent data breaches, and audit those regularly. Make it easy for users to delete themselves and/or choose to no longer hear from you.
WordPress Plugins that Assist with GDPR Compliance
Allow users with specific WordPress roles to delete themselves from the Your Profile page or anywhere Shortcodes can be used
Remove Comment IPs
Improve visitor privacy by removing their IP addresses from your database and free up some space in your database at the same time!
This plugin is meant to assist a Controller, Data Processor, and Data Protection Officer (DPO) with efforts to meet the obligations and rights enacted under the GDPR.
Note: This plugin has good options for WordPress sites with memberships.
GDPR Cookie Consent
This plugin adds a subtle banner to your website either in the header or footer so you can show your compliance status regarding the new EU Cookie Law.
WP GDPR Compliance
This plugin assists website and webshop owners to comply with European privacy regulations known as GDPR. WP GDPR Compliance currently supports Contact Form 7 (>= 4.6), Gravity Forms (>= 1.9), WooCommerce (>= 2.5.0) and WordPress Comments, with more coming soon.
Additional GDPR Resources
How to Adapt Your Email Marketing in Accordance to GDPR (Infographic)
This article is not meant to be taken as legal advice, but rather as a general overview of the GDPR and the most common methods and solutions being deployed around the Internet. If you have any concerns about legal compliance with the GDPR, please be advised to contact an attorney who specializes in data privacy matters.
Get instant access to our free online library and toolbox full of helpful time-saving ebooks, printable checklists, royalty-free graphics, training videos, templates, shareable social media images, and much more! We’re pretty confident you’ll find something useful in there that will help you build your business online!