GDPR – General Data Protection Regulation Compliance
As well as making sure that your website complies with all laws and regulations governing how businesses operate online (see Is Your Website Legally Compliant?), new European Union laws on data protection require all website and webshop owners wherever they are located to comply with the European privacy regulations known as GDPR from May 25th, 2018 to avoid incurring hefty fines.
What Is The GDPR?
The General Data Protection Regulation (GDPR) is a regulation in European Union (EU) law on data protection and privacy for all EU individuals. It addresses the export of personal data outside the EU and aims to give control back to citizens and residents over their personal data …
Taking effect from May 25, 2018, the GDPR affects businesses of all sizes that collect, process, or store data of any citizen, resident, or individual within the European Union.
GDPR compliance requires all businesses and website owners who collect any information or personal data from EU individuals (including mobile apps) to have certain things in place, including documentation (e.g. privacy notice) on the website informing visitors that their information is being collected, the type of data being collected, why it’s being collected, and how long the information is being held for.
The GDPR also requires business to take additional steps to ensure any personal data it collects is protected. This includes:
- Setting up internal plans and policies for data collection, data storage, and data access and being prepared for potential breaches of data.
- Providing details to users before collecting data, including full disclosure of personal information purposes and time limits.
- Making sure that consent forms are unchecked by default and have an easy confirmation process.
- Listing contact information of your data privacy administrator clearly on your website.
- Providing users the ability to send inquiries regarding their information and view, edit, or delete their personal information.
- Having a process in place for easy data deletion and for handling data deletion requests in a timely manner.
- Having a process in place to allow people to transfer or download their information (e.g. a CSV file).
Lack of compliance with GDPR rules can lead to significant fines.
For additional information about adding legal pages to your website, see the post below:
WordPress GDPR Plugins
With new data protection laws and privacy regulations having come into effect recently, we thought it would be useful to let you know about some WordPress plugins that can assist you with GDPR compliance.
We are not lawyers and cannot give you legal advice about how GDPR will affect your website or your business. The plugins described below will not make your website GDPR compliant, they are only tools to assist in the process. Please seek advice from competent legal experts about GDPR compliance for your business.
WP GDPR is a free WordPress plugin that automates the administration process of handling user requests for information about their data.
The plugin creates a page where users can request access to their personal data stored on your website and provides you with an overview of these requests in the WordPress backend.
In the backend, you can also see which plugins collect personal data and require an ‘ask for approval’ checkbox.
When users ask to view their personal data, they receive an email with a unique URL that allows them to view, update and download all comments they have posted on your site, and request for removal of any or all comments.
Thre plugin developers also offer premium add-ons for integration with plugins that collect user data and allow users to view, update, and download their personal data or ask for its removal.
WP GDPR installs like any WordPress plugin (need help installing plugins? See this tutorial).
To install the plugin, go to the ‘Add Plugins’ screen (Plugins > Add Plugins), and type in ‘GDPR’ in the keyword search field. Locate the WP GDPR plugin and click on ‘Install Now’ …
(Install WP GDPR)
After the plugin has been installed, click on ‘Activate’ ….
(Activate WP GDPR)
After the plugin has been installed and activated, you will see a new WP GDPR menu item on your main menu …
(WP GDPR menu added)
We’ll go through this menu in a moment. The plugin also creates a page where users can request access to their personal data.
To view this page, go to your Pages screen, find the plugin page and click on ‘View’ …
(The plugin creates a new ‘GDPR request personal data’ page)
You can point users to this page and they will be able to enter their email, tick a consent checkbox and submit a request for information about any personal data stored on your website …
(‘GDPR request personal data’ page)
The plugin also places a GDPR consent notice and checkbox below every post comments field …
(GDPR consent notice and checkbox)
When users want to access information about their data, they visit the GDPR request page and submit a request …
(Users submit a request for personal data)
The plugin then sends the user an email with a link where they can view what personal data has been stored on your site …
(GDPR request email confirmation notice)
In your WordPress backend, you can see a list of data requests by clicking on the WP GDPR > List of data requests menu …
(WP GDPR menu – List of data requests)
This brings up a list of all users that requested information with a status of their request …
(List of user requests)
The user receives an email with a link they can click on to check their personal data …
(User request email)
Clicking on the button takes the user to a page on your site where they can view data stored on your site (e.g. comments) and either send your site administrator a delete request for any or all of the data, or download it to a CSV file …
(Users can view what data is stored on your website)
You can view delete requests by going to the WP GDPR menu and selecting ‘List of delete requests’ …
(WP GDPR menu – List of delete requests)
This brings up a list of all delete requests. The site administrator can then delete personal data or make personal data anonymous …
(List of delete requests)
To view a list of all plugins that collect personal user data, click on ‘List of plugins’ …
(WP GDPR menu – List of plugins)
This brings up a list of all plugins that store user data …
(List of plugins)
To configure the plugin’s settings, click on ‘Settings’ …
(WP GDPR menu – Settings)
This lets you edit the wording of comment forms and the personal data request page, hide comments, send notifications and requests to your DPO’s (Data Protection Officer) email address, etc. …
(WP GDPR plugin settings)
Also, remember to add your GDPR page to your Legal Pages section (you can create a custom menu to do this) …
(Add your GDPR page to your Legal Pages section)
If you need help using the plugin, see the ‘Help’ section of the WP GDPR menu …
(WP GDPR menu – Help)
As you can see, this a useful plugin for automating and assisting the process of receiving and sending notifications about user data requests.
For more details, visit the plugin website: WP GDPR
Here are other WordPress GDPR plugins you can look at using …
(WP GDPR Compliance)
WP GDPR Compliance is another free WordPress GDPR compliance plugin you can install that will assist website owners and online shops to comply with European provacy regulations.
Once installed, the plugin provides integrations with other plugins that collect personal data of your site users …
(WP GDPR Compliance – Integrations screen)
The plugin also provides a Checklist to help you assess what private data you collect on your website with useful tips on how to comply with GDPR requirements, and a Settings tab …
(WP GDPR Compliance – Checklist)
For more details, visit the plugin website here: WP GDPR Compliance
(WP GDPR Fix)
WP GDPR Fix is a premium WordPress GDPR plugin that helps you comply with 7 key GDPR requirements:
- Cookie Consent – Automatically inform your users about cookie use and get their consent.
- T & C Acceptance – Generate a T & C automatically and force acceptance by users.
- Right To Be Forgotten – Collect right to be forgotten requests and automatically notify website owners / admin.
- Data Access – Collect data access requests and automatically inform admin.
- Data Breach Notification – Send data breach notifications to all users as required by law.
- Data Rectification – Collect data rectification requests and update owners and administrator.
WP GDPR Fix is 100% compliant with all GDPR requirements and works with all WordPress sites including blogs, ecommerce stores, etc.
For more details, watch the video below of visit the plugin website here: WP GDPR Fix
For more information about adding legal pages to your website or plugins you can use to add legal forms to your site, see the tutorial below:
Don’t assume that GDPR laws and regulations don’t apply to you if you live outside the European Union. To learn more about the GDPR and how it can affect your business, see the resources below. Once again, we strongly recommend that you seek competent legal advice from experts on this matter.
We hope you have found the above information on GDPR compliance and WordPress GDPR plugins useful.
GDPR Information & Resources
- General Data Protection Regulation – Wikipedia
- Is Your Website GDPR Compliant?
- GDPR Compliance for Small Business: 27-Point Checklist
- GDPR For Small Business
"This is an awesome training series. I have a pretty good understanding of WordPress already, but this is helping me to move somewhere from intermediate to advanced user!" - Kim Lednum