GDPR Compliance For WordPress Websites


You may be wondering, “what is General Data Protection Regulation [GDPR] and do I need it?”  and also how it will affect your WordPress website.   This article will introduce you to GDPR and how to use it but it is our recommendation that you seek professional legal advice in regards to GDPR compliance for your particular website(s).


What Is GDPR And Do I Need It?


GDPR is a European Union law which has become a standard for website compliance worldwide because if your website has visitors from European Union countries, then this law applies to you.  By now you’ve more than likely received several emails from major online companies regarding their new Privacy Policy and possibly other GDPR legal verbiage.  These companies are doing this in an effort to avoid hefty penalties for not being compliant.  So if these large companies are worried about being compliant, then so should you!


As of May 25, 2018 any website that is not compliant with GDPR’s requirement could face fines up to 4% of your company’s annual revenue or €20 million (whichever is greater).  That being said, it is important that you know that before you are fined, you will first receive a warning, then next will be reprimand, following that will be a suspension of data processing and then finally fines if you continue to violate the GDPR requirements law.


Why GDPR All Of A Sudden?


Many of you are probably wondering why all of these legal regulations after all of these years of online websites?  The reason is actually for your benefit and others…  For years, many companies have been recklessly handling your private data and your personal information has been taken from those who have been breaching websites that store your personal data and it’s continuing to happen more and more and is way out of control.

These laws were set up mostly for large companies such as Amazon, Facebook, Google and others to force them to take your personal privacy more seriously.


What Are The GDPR Requirement?


The full GDPR regulation is 200 pages long so rather than re-posting the full law text we have given you a link here:


Here are the main items that you will need to consider:


Explicit Consent – if you’re collecting personal data from an EU resident, then you must obtain explicit consent that’s specific and unambiguous. In other words, you can’t just send unsolicited emails to people who gave you their business card or filled out your website contact form because they DID NOT opt-in for your marketing newsletter – this is called SPAM and is considered illegal.  For it to be considered explicit consent, you must require a positive opt-in (i.e no pre-ticked checkbox), contain clear wording (no legalese), and be separate from other terms & conditions.


Rights to Data – you must inform individuals where, why, and how their data is processed / stored. An individual has the right to download their personal data and an individual also has the right to be forgotten meaning they can ask for their data to be deleted.


This will make sure that when you hit Unsubscribe or ask companies to delete your profile, then they actually do that.


Breach Notification – organizations must report certain types of data breaches to relevant authorities within 72 hours, unless the breach is considered harmless and poses no risk to individual data. However if a breach is high-risk, then the company MUST also inform individuals who’re impacted right away.


Data Protection Officers – if you are a public company or process large amounts of personal information, then you must appoint a data protection officer. Again this is not required for small businesses so be sure to consult an attorney if you are unsure.


How Do I Make My WordPress Site GDPR Compliant?


There are several steps involved to making your WordPress site GDPR compliant, but the first thing to do is make sure you have updated your WordPress system to 4.9.6, then after you have done that, update all of your plugins.


Now that everything is up to date, you need to purge any private data that you may have gathered prior to this article.  WordPress 4.9.6 has added some new tools to help you with your compliance and under the “Tools” menu item you will find an “Export Personal Data” link that will allow you to save all data that you currently have to your computer and you will also see a new “Erase Personal Data” link which will enable you to easily remove any stored data.


WordPress 4.9.6 has also added a new Privacy Policy Generator which will easily allow you to link it to an existing page or create a new page.


Most of your plugin providers will have updates that include their own GDPR compliant fixes but you can go the extra mile and download a GDPR Cookie Consent” plugin that will ensure that your visitors know that your WordPress website stores cookies [which is does if you are using Google Analytics on your site].


WooCommerce / Ecommerce

If you’re using WooCommerce, the most popular eCommerce plugin for WordPress, then you need to make sure your website is in compliance with GDPR.


The WooCommerce team has prepared a comprehensive guide for store owners to help them be GDPR compliant.


WordPress Plugins for GDPR Compliance

There are many WordPress plugins that can help automate some aspects of GDPR compliance for your WordPress website, but keep in mind that no plugin can offer 100% compliance due to the ever-changing nature of these types of websites.  And beware of any WordPress plugin that claims to offer 100% GDPR compliance because that is not possible.


Here is a list of a few more WordPress plugins for automating GDPR compliance:


  • MonsterInsights– if you’re using Google Analytics, then you should use their EU compliance add-on.
  • WPForms– by far the most user-friendly WordPress contact form plugin. They offer GDPR fields and other features.
  • Cookies Notice– popular free plugin to add an EU cookie notice. Integrates well with top plugins like MonsterInsights and others.
  • Delete Me– free plugin that allow users to automatically delete their profile on your site.
  • OptinMonster– advanced lead generation software that offers clever targeting features to boost conversions while being GDPR compliant.
  • Shared Counts– instead of loading the default share buttons which add tracking cookies, this plugin load static share buttons while displaying share counts.

Ensure Safety On Your Site With SSL Certificate

Be sure your site works with https:// in the URL to ensure all data is being transferred with military grade encryption.  Most common browsers such as Chrome, Firefox and Internet Explorer mark your site with a security status near the URL bar for the web address.  Google is starting to note if a site is secure using the https:// url in it’s search results and is even ranking sites that aren’t secure lower than those that are.  But most importantly, if you want to be fully GDPR compliant, then do all that you can to ensure secure data transfers and data collection.


Need Help Becoming GDPR Compliant?

If you feel like all of this is just way too much, please feel free to contact us and we’ll guide you in the steps of becoming GDPR compliant or you can hire us to do this for you.