GDPR: Get Your WordPress Website Ready

(Yes, You Have a Website So You Will Need To)

The GDPR General Data Privacy law is set to go into effect on May 25, 2018.

WordPress.org recently shared an update on the European General Data Protection Regulation (GDPR) and how we can use our websites and new tools to comply.

The GDPR requires companies and site owners to be transparent about how they collect, use, and share personal data. It also gives individuals more access and choice when it comes to how their own personal data is collected, used, and shared. It’s important to understand that while the GDPR is a European regulation, its requirements apply to all sites and online businesses that collect, store, and process personal data about EU residents no matter where the business is located.  You can learn more about the GDPR from the European Commission’s Data Protection page.

As business owners with a website on the world wide web, we are affected by these changes to data privacy (which is good thing, in my opinion) and need to pay attention and take action to comply with these new rules.

Watch this video for a quick overview of the GDPR.

Are you Exempt from GDPR? No

Your business is on the web, therefore you are NOT exempt from this law.

As part of GDPR, a Data Protection Officer is a formal role required by the GDPR. If you’re a one-person business, this will be your new role, so you’ll want to take the time to stay on top of compliance.

Do you collect private data?

How might you be capturing data that would cause you to be exempt from GDPR?

  • Your website statistics are tracked through an online tool like Google Analytics.
  • Your website has a contact form.
  • You use an email marketing opt-in on your website.
  • You have an online shopping cart and sell products or services, collecting the information of your buyer.
  • You use your WordPress website as a CMS and allow visitors, members, course students, etc. to create an account through your WordPress website.
  • Your website allows visitors to sign up for an event, class, webinar, etc.
  • You use 3rd party software for marketing and automation such as HubSpot, Constant Contact, ActiveCampaign, etc.

What should you do to comply?

Contact your lawyer! We certainly are not lawyers and do not know the ins and outs of your business. We’re here to help provide suggestions on the tools you can use on your website to comply. Your lawyer should advise you on the steps you should take to comply.

Your WordPress Website Has New Tools for GDPR

WordPress has just released a new version 4.9.6 that includes new tools to help your business better comply with the laws. With the latest version of WordPress there are now options for comments, a privacy policy page, data handling. You can read more on the WordPress Maintenance Release here.

Our Care Plan clients are always updated to the latest version of WordPress.

GDPR compliance means European residents will be able to:

This includes information like name, address, and phone number, along with less obvious things like shipment tracking numbers or IP addresses.

An option would be to create a simple web form that is linked from your Privacy Policy page that allows visitors to request a copy of all data you have about them, request an errors be updated, or to request the removal of all personal data.

There are some helpful new personal data export tools coming to WordPress and WooCommerce online shopping cart software as well.

Depending on your business, you may need a different solution. Again, consult with your lawyer! If you need help with creating a form on your website, let us know.

Include a Privacy Policy on Your Website

WordPress Privacy Policy Option and Template

If you do not already have a privacy policy page on your website, you can now designate a privacy policy page as part of the latest version of WordPress release.

The Privacy Policy page will be shown on your login and registration pages. You should manually add a link to your policy to every page on your website. If you have a footer menu, that’s a great place to include your privacy policy.  In addition, we’ve created a guide that includes insights from WordPress and participating plugins on how they handle personal data. These insights can be copied and pasted into your site’s privacy policy to help you get started.

Create or select your site’s privacy policy page under your WordPress dashboard in the menu for Settings > Privacy to keep your users informed and aware.

To find your guide, when you are logged into your WordPress dashboard, visit: www.YOURDOMAIN.com/wp-admin/tools.php?wp-privacy-policy-guide=1

If you maintain a plugin that collects data, WordPress recommends including that information in WordPress’ privacy policy guide.

Create a Privacy Policy That Includes the Specific Software, Plugins and Services You Use

To easily include the software, plugins, third-party tools and information in your privacy policy a step further and create a policy that incorporates the software, plugins, tools and services you use on your WordPress website.

Iubenda provides a privacy and cookie policy that also includes any third party service providers you're using, like Google Analytics or Mailchimp. When creating your policy with Iubenda, you choose the options of what plugins, third-party tools and services you use on your website and a privacy policy is provided for you to add to your website privacy page.
This service is a paid service at $27 per year. Get a 10% discount with our link: https://iubenda.refr.cc/PVPZR6N

If you need assistance in choosing what plugins, tools and software is used on your website, we’re here to help!

GDPR Compliance for Your WordPress Website

The beauty of having a WordPress built website is the amazing amount of resources available from the WordPress community, including software updates and the number of plugins for GDPR compliance.

Here are a few plugins options for GDPR and specific areas of your website:

WP GDPR Compliance (for forms)

In addition to your privacy policy, this plugin offers a compliance “check-box” option on website forms including Gravity Forms, which you likely use on a website we built for you.

Cookie Notice

We’re using plugins to add a Cookie Notice to WordPress websites to notify visitors that cookies are being used. Not sure if your website uses cookies? Most do! If you’re using Google Analytics for tracker user-interactions and statistics, you’re website is using cookies.

Depending on your business and the suggestions or your lawyer, you may need a Cookie Solution that allows visitors refuse third party non-functional cookies.

As a note, many of the plugins we currently use are making updates to the plugin itself to ensure GDPR compliance right within the plugin.

An Important Step You Can’t Miss!

Keeping Your Website Secure and Up To Date

Along with GDPR responsibilities comes the security and safety of your website for your visitors. If you’re a Care Plan client at RV Tech Solutions, we work with you to keep your website up-to-date and secure. Of course you have a responsibility to care for your website and data, passwords and general web security as well. This list of important steps to keep your WordPress website secure and compliant from WooCommerce offers a great checklist.

One of the continuing responsibilities of your “designated Data Protection Officer” is to ensure that your site is as secure as possible, which includes:

  • Ensuring that your site is always using the latest version of WordPress.
  • Ensuring that your site is always using the latest versions of WooCommerce and any other plugins.
  • Deactivating and removing unneeded plugins or themes.
  • Making regular, secure backups of your website data, especially WooCommerce data.
  • Exporting and archiving completed orders to secure storage. The less data stored on your website, the less exposure you have — and the fewer customers you need to notify in the event of a breach.
  • Requiring strong, unique passwords on all WordPress accounts.
  • Limiting the number of people with access to wp-admin.
  • Making sure each employee has a separate login. No shared accounts!
  • Removing accounts immediately when employees or contractors leave your company.

Should your website encounter a security breach, learn more about the steps that need to be taken to comply.

Remember that privacy isn’t a one time effort. It’s part of the ongoing maintenance for your business.

If you’re a Care Plan member and would like assistance is adding these tools to your website? Send us a request through your support portal!

If you’re not part of our Website Care Plan, now is a great time to join! We’ll work with you (and your lawyer’s recommendations) to get your website up to speed with GDPR compliance and security.

Takeaway: Our Suggested Action Items

  1. Create a Privacy Policy that includes details on the plugins, software and third-party tools you use in conjuction with your website.
  2. Create a form for visitors to request their data, update their data or remove their data and information.
  3. Add plugins for compliance with web forms and shopping carts as well as a cookie notification options.
  4. Ensure your website is secure and updated on a regular basis.

If you need assistance with your website and GDPR, complete the form below and we’ll make a plan to get your website GDPR ready!

Shopping Cart
Scroll to Top