GDPR and WordPress

TLC for CoachesWordpress, Security, WooCommerceLeave a Comment

GDPR and WordPress

You’ve probably heard a lot about GDPR lately. The General Data Protection Regulation was adopted in the Spring of 2016 and goes into effect in all 28 EU countries on May 25th, 2018. It was created with the goal of giving European citizens more control over their data privacy. The regulation lays out new rights for people whose personal data is being handled, as well as new responsibilities for organizations or people who are handling this data. The moment you handle personal data of an EU citizen, you become subject to the GDPR regardless of where you or your business is located. With the global nature of the Internet, most businesses worldwide are using this as a wakeup call to get their house in order and have better privacy policies all around for everyone, not just EU citizens.

Short of purging everyone from the EU off of your mailing lists and installing Geo-IP detection to block anyone from that region from ever visiting or doing business with your website after May 25th, it’s best to take the time and become compliant with the new regulations.

That being said, if your site is not compliant yet, don’t panic. Simply continue to work towards compliance and get it done as soon as possible. The chances of you catching a fine the day after this rule goes in effect are practically zero. The European Union’s website states that first, you’ll get a warning, then a reprimand. Fines are the last step if you fail to comply with those warnings and purposely ignore the new law.

While all this might sound scary, the EU is not out to get you. They’re actually doing this to protect data and hopefully lessen the number of breaches happening on a regular basis from systems that have been notoriously lax with the data of their users.

Because GDPR has no clear-cut rules, different tactics are being used to make sure that data is in compliance, while also not sacrificing user experience.

Here are some things you can do to get started being GDPR compliant if you’ve got a WordPress website and a mailing list.

Privacy Policy

The first thing you should do is review and update your current Privacy Policy. If you don’t have one, you need to get one. This is the first place people will look to check for GDPR compliance. You should communicate to visitors, in concise and clear easy to understand language, how you process their data, retention periods, and their rights under the GDPR. If you’re using WordPress, they just made that easier.

Update WordPress.

As of WordPress 4.9.6, which was released in early May 2018, the WordPress core software is GDPR compliant and has several enhancements to make sure that your WordPress-based website is GDPR compliant. We’re talking about a self-hosted WordPress website here, not a website.

The GDPR compliance process will vary based on the type of website you have, what data you store, and how you process data on your site.

GDPR Enhancements in WordPress

Privacy Policy Generator

WordPress now comes with a built-in privacy policy generator. For a while now, search engines like Google will check to make sure you have a privacy policy on your site and factor that into your ranking. With the new regulations, everyone is pretty much forced to have a privacy policy to state what they do with user data and be more transparent.

Comment Consent

WordPress now asks if it’s ok to place a cookie on the visitors browser to save their information for next time. Previously, the software would just do it. The new rules require the consent.

Export & Erase Personal Data

This new option in the Tools section of the WP Admin offers site owners the ability to comply with GDPR’s requirements for data handling. It allows you to better honor the request of your users to export their data, or erase it completely.

Compliance in Commonly Used WordPress Plugins


If you’re using WooCommerce to sell products or services on your site, you’re most likely collecting additional data like mailing addresses and phone numbers.

You’ll want to check out the comprehensive guide the WooCommerce team put out to help you be GDPR compliant.


If you’re using plugins to sell or give away memberships on your site, you’re most likely collecting additional data. There are some great GDPR plugins for WordPress that will insert an updated Terms of Use screen that your members must accept before continuing on. That is a great start to getting consent from your members.

You should also try to include WordPress’ new ability to export and erase personal data and/or options for them to completely remove themselves somewhere in your membership dashboard.

Contact Forms

If you are using a contact form in WordPress, then you might have to add extra transparency measures and include it in your privacy policy, if you’re storing the data the form is collecting, or using that data for marketing.

That being said, Plugins like Contact Form 7, Gravity Forms, or WP Forms that store entries in the database will most likely not need a separate agreement as they would be covered under WordPress. It’s still recommended that you add a consent required checkbox to the form with clear explanation of how the data is being used as well as a link to your privacy policy, to ensure your WordPress forms are GDPR compliant.

Email Marketing and Mailing Lists

If you are subscribed to a lot of mailing lists, you’ve probably been inundated with messages to “confirm your subscription” to continue to receive updates from people you have subscribed to in the past. This form of GDPR compliance is asking people on your list to review their information and positively affirm they still want to be contacted by you and accept your privacy and data policies.

This is the conservative approach and appears to be the most common method currently being deployed to become compliant.

Some people are scrapping their entire lists and starting over. That is the more extreme approach.

We recommend the conservative approach and reaching out to your list to confirm. You can also take some time to go through and check engagement data. If someone has not opened an email from you in years, chances are, they probably wont in the future. In that case, it would be safer for you (and help your with your compliance), to simply remove them from your list and never email them again.

In Closing

GDPR doesn’t have to be scary. The law is there to protect you. At the core level, simply put strict transparent policies in place, and treat your users data with respect. Use strong passwords and security measures to prevent data breaches, and audit those regularly. Make it easy for users to delete themselves and/or choose to no longer hear from you.

WordPress Plugins that Assist with GDPR Compliance

Cookie Notice
Cookie Notice allows you to elegantly inform users that your site uses cookies and to comply with the EU cookie law regulations.

Delete Me
Allow users with specific WordPress roles to delete themselves from the Your Profile page or anywhere Shortcodes can be used

Remove Comment IPs
Improve visitor privacy by removing their IP addresses from your database and free up some space in your database at the same time!

This plugin is meant to assist a Controller, Data Processor, and Data Protection Officer (DPO) with efforts to meet the obligations and rights enacted under the GDPR.

Note: This plugin has good options for WordPress sites with memberships.

GDPR Cookie Consent
This plugin adds a subtle banner to your website either in the header or footer so you can show your compliance status regarding the new EU Cookie Law.

WP GDPR Compliance
This plugin assists website and webshop owners to comply with European privacy regulations known as GDPR. WP GDPR Compliance currently supports Contact Form 7 (>= 4.6), Gravity Forms (>= 1.9), WooCommerce (>= 2.5.0) and WordPress Comments, with more coming soon.

Additional GDPR Resources

How to Adapt Your Email Marketing in Accordance to GDPR (Infographic)


This article is not meant to be taken as legal advice, but rather as a general overview of the GDPR and the most common methods and solutions being deployed around the Internet. If you have any concerns about legal compliance with the GDPR, please be advised to contact an attorney who specializes in data privacy matters.

Want more?

Get instant access to our free online library and toolbox full of helpful time-saving ebooks, printable checklists, royalty-free graphics, training videos, templates, shareable social media images, and much more! We’re pretty confident you’ll find something useful in there that will help you build your business online!

Free Digital Resource Library

Already a member? Awesome! Login >>

Penny for Your Thoughts?

Your email address will not be published. Required fields are marked *