If your email inbox looks anything like mine, you can’t have failed to notice that the EU’s General Data Protection Regulation (GDPR) came into force on May 25. We discussed the GDPR in depth in this blog post, so in this article I’d like to talk about some of the tools that are available to help WordPress site owners and WooCommerce retailers bring their site into compliance.
No Plugin Guarantees Compliance
Software can make it easier for a WordPress site to comply with the GDPR, but it can’t guarantee compliance. It is important for affected WordPress site owners to understand the implications of the GDPR, and it may be necessary to seek legal advice.
GDPR And WordPress
There are several areas in which plugins can help with GDPR compliance, including:
- Privacy policies and consent: the GDPR’s definition of consent is narrower than in previous privacy frameworks.
- Right of access: data subjects have the right to access personal data that relates to them.
- Right to be forgotten: data subjects can request that personal data is erased from your site, and you have a limited period in which to comply.
- Right to portability: data subjects should be able to export their personal data in a machine-readable format and give it to whomever they please, including an alternative vendor.
To conform to these requirements the site owners must add various forms, user interface elements, and code that interacts with the WordPress database to, for example, delete or anonymize data upon request.
WordPress GDPR Plugins
There are several plugins that aim to improve GDPR compliance on WordPress sites, but the most comprehensive is the GDPR plugin.
Among other features, it provides:
- Consent management.
- Interfaces and back-end code for right to be forgotten and right of access requests with double opt-in email confirmation.
- Front-end forms for data export requests and the ability to export personal data in both XML and JSON.
WooCommerce retailers might want to take a look at the premium WooCommerce GDPR Compliance plugin, which includes functionality for right of access and right to be forgotten requests. This plugin doesn’t simply delete personal data; it anonymizes it by overwriting personal information while leaving the record in the database.
A plugin that will prove useful to WordPress professionals and developers. Developers often work with local copies of WordPress databases, including personal data exported from a live site for testing and development. WP Migrate DB Pro has introduced the Anonymization add-on that will automatically anonymize data with the Faker library whenever it is exported from a WordPress site or pushed to a different site.
These plugins simplify GDPR compliance for WordPress site owners, but it’s worth repeating that no plugin or combination of plugins can guarantee compliance. If you process the data of individuals in the EU, make sure you understand the full implications of the GDPR for your business.