Recently, the European Union enacted new rules related to online user privacy. General Data Protection Regulation (GDPR) controls how companies collect, store, and use European customer data.
In response, WordPress released several updates to align with the new regulations. The GDPR concept is based around one common theme: All customer data must be obtained and used with the customer’s consent, and securely stored. While the new regulations are from the EU, it affects any company or website who has European visitors or customers. If you’re selling products or services to a citizen of an EU country, you need to be in compliance with the regulations or risk the fines. These rules also apply to any plugins or vendors you’re using on your website. Wondering more about how exactly all of this works? See our GDPR Guide for the basics.
The new WordPress release makes it easier for you to be aware of what data you’re collecting from users and where it’s being stored. It also gives EU users the right to have their data permanently erased or transferred to another data controller. Here’s our breakdown of the main changes related to GDPR from the WordPress 4.9.6 update.
1. Privacy Policy Page Options
WordPress added the option for owners to create a privacy policy page, where they can explain to visitors and customers how their data is being used and stored. It’s also recommended to include information here from all the plugins on your site that collect data. Many plugins have pages where you can copy and paste their privacy policy info into your own policy page—see TermsFeed for more info on how to generate your own privacy policy.
The new WordPress update means the privacy policy page will be shown on your login and registration pages, however WordPress recommends adding a link manually to each page of your website, preferably in your footer. Looking for more in-depth info on WordPress’ privacy policy? See their guide here.
2. Commenter Information
Another change for WordPress involves the options for commenters when they’re not logged into a WordPress account. If they’re logged out, commenters have the option of whether or not their name, email address, and website are saved in cookies on their browser. This is something to keep in mind for any plugins you use for comment sections on your website.
3. Data Storage Methods
Related to all of these changes, data storage is another big factor when it comes to GDPR compliance. Right now site owners have the ability to export a ZIP file that has personal data from users gathered by both WordPress and plugins.
With this update, site owners have the option to erase a user’s personal data, including plugin data, upon user request. The update also includes a new email-based method, where site owners can confirm personal data requests and erasures for both registered users and commenters, giving everyone involved more peace of mind when it comes to data storage and protection.
If you’re unsure about what to do next, start by looking into the privacy policy for each vendor you use on your website. Then, compile all the relevant info for your own policy page, and ensure it’s easily accessible throughout your website. When it comes to dealing with user data, security is crucial for protecting both your customer and company information; check out our security platform Securi, which is designed to prevent malware attacks and fend off hackers 24/7.
Questions? Get in touch!