Is your WordPress CMS site GDPR compliant?

Is your WordPress CMS site GDPR compliant?

As we’ve already covered in a previous article, GDPR, or General Data Protection Regulation, will come into effect on 25th of May 2018. We’ve talked here about what personal data means, what a collector and a processor mean and why GDPR has come into existence.

Now we’re going to shift our focus towards what a business or organization can do in order to be GDPR compliant.

What do you have to keep in mind?

  • The user has to give his consent when it comes to data collection
  • The user has to be aware of who you are, why and when you collect personal data from him
  • What the purpose of data collection is and when the data is bound to be used
  • The user can withdraw his personal data at any time and disagree with its processing
  • The user has constant access to his data

What does personal data refer to?

According to the European Commission, personal data refers to “any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a photo, an email address, bank details, your posts on social networking websites, your medical information, or your computer’s IP address.” (

This might mean, more practically, a user’s name, address, phone number, email address and, as mentioned above, even his IP address.

How do you, as a WordPress site owner, collect data?

Just as the users might not even be aware, in most of the cases that they offer data, maybe we, as site owners, are not truly aware of all the moments when data is collected. And these are plenty, for instance, we collect data through comments, the registration of users, analytics and traffic logs, security tools, plugins, contact forms and so on.

What can you do to be compliant?

  1. Be explicit when requesting consent

This has to take place before actually requesting or collecting any sort of data. It’s your responsibility to let the user know what sort of data will be collected, what the purpose of usage for this data is and how it will be stored. This is basically The Right to Access. You can create a checkbox within the form you have. This way, the user can proceed only if he ticks the checkbox.

  1. Be transparent

It’s best to let the users know from the very start who you are, what the purpose of the data that is collected is, where it is collected and how it will/would be used. Here you can use a privacy policy where you inform the user exactly of the above information. Also, you can link this privacy policy to the above mentioned form.

  1. Make sure the user data is organized and accessible

Here we talk about The Right to Be Forgotten, which gives users the possibility to erase their data at any time and prevent any further data from being collected. There is another clause in the GDPR, called the Data Portability, which refers to the possibility that the user has to download his data and hand it over to a different controller. Hence, you must be prepared to offer the user all his data, free of cost within 40 days and also delete the data, if required.

  1. Always keep a path open for User Requests

Probably the best way you could tackle this is by using a form. Also, you could use email notification so that you are up to date each time a form is submitted.

  1. Notify you users in case of a breach

Given that there’s a data breach on one of your websites, you are required to inform all of your users within 72 hours. You can do this by using various plugins to keep track of your website.

What about the plugins?

Indeed, all of the plugins that you might use have to also be GDPR compliant. You can use WP GDRP Compliance plugin in order to figure out whether there are certain key issues that need to be addressed before May the 25th. Each one of the plugins has to have the same flow, of informing the user about the collected data, its processing and it has to give the possibility of deletion.

These being said, it is not too late yet to become compliant, or to put everything in order before the due date. Stay informed regarding the new regulations and possible clauses from GDPR so that you always stay compliant. There would be much more to cover when it comes to this topic, but hopefully we shed some light on the controversial subject. If you have any ideas or you’d wish to know more, we are awaiting for your feedback at the comments’ section.

This article has an average rating of ★★★★★ based on 0 ratings

Join the Conversation:

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.