WordPress

How to Make your Site GDPR Compliant?

Published on 29. April, 2018

Many articles talk about this topic, I talk about this too because it is very important to make your website GDPR compliant. In this post, I will show that it is not very complicated.

First, What is GDPR?

The General Data Protection Regulation (GDPR) is the new reference text at European level for the protection of personal data. It strengthens and unifies data protection for individuals in the European Union.

This regulation will enter into account from May 25, 2018. If your site is not GDPR compliant, you risk heavy penalties. I think sites will be punished after a few months but it is still better to do it now ????

Who is concerned?

Unless your site is outside the European Union and no country in the European Union can access it, everyone is concerned.

What should I do?

First, understand that I am not a lawyer, just a developer who has read many things about it, so contact a lawyer to be sure your site is GDPR compliant would be a good thing.

Make a site GDPR compliant is different for each site but here are some points to check:

1. Google Analytics

It depends on how you use Google Analytics on your site but this point is very important. For my part, I use Google Analytics to track visitors and cookies to collect data. The collected data are processed anonymously.
In order to be compliant with the new regulation, Google included a data processing amendment.

2. Your Forms

Every form on your website that collects data like names or email addresses needs to have a checkbox for the user to consent the storage of their data.
Great people created an amazing free plugin called WP GDPR Compliance, it is fully compatible with Contact Form 7, Gravity Forms, WooCommerce and probably more plugins in the future.
I don’t really understand why it has bad reviews, I think many users didn’t really understand its purpose or maybe it was not as good as it is now, but this plugin doesn’t make your site automatically GDPR compliant but help you a lot to make the task easier.
In the next release of this plugin, your users will be able to send a request to see all their data present in your database and also to request their data to be anonymized.

WP GDPR Compliance is very simple to use, you just need to activate it and go to Tools > WP GDPR Compliance. I use Gravity Forms on my site, so I added the checkboxes on all my forms and for the WordPress Comments too.

3. eCommerce

WooCommerce work on a new update to make their plugin GDPR compliant so you will probably have to do nothing on that side. I don’t know about Easy Digital Downloads but they will probably do a similar thing too.
There is also WP GDPR Compliance who have a setting for WooCommerce.

4. Privacy Policy Page

If it is not already done, you need to create a Privacy Policy page to tell your users how you use their data. For example, if you request a user’s name and email for a form that serves as your support, you must say that you are using their data to contact them and help them with their problem.
You can take example of my page if you want: https://oceanwp.org/privacy-policy/

Conclusion

You can see in this post that it is not difficult to make a WordPress site GDPR compliant. You just have to keep in mind that every time you collect personal data from a European user, you have to let them know that their data is being collected.

To go deeper, you can read this great post on the Kinsta blog which explains many things about GDPR: https://kinsta.com/blog/gdpr-compliance/
Do not hesitate to ask questions in comment if you misunderstood a point or if you think I forgot to talk about something.

OceanWP - a free Multi-Purpose WordPress theme