GDPR Compliance Tools For WordPress with WP GDPR Plugin How to make a WordPress based website compliant with the new General Data Protection Regulation (GDPR) 2016/679

GDPR Compliance Tools For WordPress with WP GDPR Plugin

If your email inbox looks anything like mine, you can’t have failed to notice that the EU’s General Data Protection Regulation (GDPR) came into force on May 25. We discussed the GDPR in depth in this blog post, so in this article I’d like to talk about some of the tools that are available to help WordPress site owners and WooCommerce retailers bring their site into compliance.

Both WordPress and WooCommerce have been updated to take account of the new regulations. The first step in preparing for the GDPR is to update to the most recent version of both. WordPress 4.9.6 adds GDPR-compliant consent opt-ins for comments, a privacy policy interface, data export and erasure tools, and a host of other updates that make it easier to comply with the GDPR.

No Plugin Guarantees Compliance

Software can make it easier for a WordPress site to comply with the GDPR, but it can’t guarantee compliance. It is important for affected WordPress site owners to understand the implications of the GDPR, and it may be necessary to seek legal advice.

GDPR And WordPress

There are several areas in which plugins can help with GDPR compliance, including:

  • Privacy policies and consent: the GDPR’s definition of consent is narrower than in previous privacy frameworks.
  • Right of access: data subjects have the right to access personal data that relates to them.
  • Right to be forgotten: data subjects can request that personal data is erased from your site, and you have a limited period in which to comply.
  • Right to portability: data subjects should be able to export their personal data in a machine-readable format and give it to whomever they please, including an alternative vendor.

To conform to these requirements the site owners must add various forms, user interface elements, and code that interacts with the WordPress database to, for example, delete or anonymize data upon request.

WordPress GDPR Plugins

There are several plugins that aim to improve GDPR compliance on WordPress sites, but the most comprehensive is the GDPR plugin.

Among other features, it provides:

  • Consent management.
  • Interfaces and back-end code for right to be forgotten and right of access requests with double opt-in email confirmation.
  • Front-end forms for data export requests and the ability to export personal data in both XML and JSON.

WooCommerce retailers might want to take a look at the premium WooCommerce GDPR Compliance plugin, which includes functionality for right of access and right to be forgotten requests. This plugin doesn’t simply delete personal data; it anonymizes it by overwriting personal information while leaving the record in the database.

A plugin that will prove useful to WordPress professionals and developers. Developers often work with local copies of WordPress databases, including personal data exported from a live site for testing and development. WP Migrate DB Pro has introduced the Anonymization add-on that will automatically anonymize data with the Faker library whenever it is exported from a WordPress site or pushed to a different site.

These plugins simplify GDPR compliance for WordPress site owners, but it’s worth repeating that no plugin or combination of plugins can guarantee compliance. If you process the data of individuals in the EU, make sure you understand the full implications of the GDPR for your business.

This post is part of a series of articles and essays regarding the new European General Data Protection Regulation in EU countries, with specific focus on achieving compliance with UE and local regulations, civil rights and criminal matters. To read the other articles, click here!

 

About Graeme Caldwell

Graeme works as an inbound marketer for Nexcess, a leading provider of Magento and WordPress hosting. Follow Nexcess on Twitter at @nexcess, Like them on Facebook and check out their tech/hosting blog.

View all posts by Graeme Caldwell

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.