The General Data Protection Regulation, known as the GDPR takes effect on 25 May 2018.

If you own a WordPress website, you need to comply with this regulation.

In short, what Is The GDPR?

The GDPR regulation empowers EU citizens as they are given more control over their digital data. Data may include any/all sensitive personal information that can be used to identify, find or contact a person such as an address, phone number or email. The GDPR regulations replace the Data Protection Directive which was enacted in 1995. EU citizens now have the right to know if their personal data is being collected and what information about them is being stored. They also have the right to request access to this data, as well as ask organisations to update or delete their information.

Are all websites Affected By The GDPR?

Yes, in terms of assessment of its privacy policy, T&C’s and transparent declaration of your websites analytics and persistent cookies. Even if you do not collect any information through your website, you still need to declare that you do not collect information but may use systems such as Google Analytics and anonymous tracking programs.

If you collect personal information of EU citizens via online forms on your WordPress website, or via a woocommerce shop on your website, including the name, address and other identifying information of your website users or visitors in these forms, then you need to comply with the GDPR on these forms.

How To Make Your WordPress Website GDPR-Compliant

Under the GDPR, insecure gathering of Personal Identifying Information is a violation. If you do not already have an SSL certificate on your website to encrypt form data, get onto your hosting account provider and order what they recommend today. Most hosting companies will install this for you and assist you or advise you in forcing your site through the security certificate.

Next, you need to prepare an understanding of your online-data gathering activities.

1. What sensitive information about your users do you collect?
2. Where do you store this information?
3. Why are you collecting this data?

You must request consent from your users before collecting their data. They should be informed that your online form asks for their data and that these data will be stored.

You also need to come up 2 documents, 1 for your companies terms and conditions and another for your privacy policy. This policy needs to be communicated to your WordPress website visitors or users and can be tied into your Cookie Policy’s notification on your homepage. When you are happy with your prepared data, these documents should be turned into website pages and correctly linked to your menu and be visible to your site’s visitors.

The privacy policy should inform them of your site’s data collection and storage practices – what the data is for, where it is stored, where it would be used, etc.

We offer services for adding the correct form systems, either ‘Gravity Forms‘ or ‘Contact Forms 7′, which have announced themselves as GDPR ready with wordpress, adding pages to your existing site for your terms and conditions and separate privacy policy, installing cookie policy plugins and configuration, comment assessment and GDPR plugin addition to act as a checklist and proof of action for you.

We can also update your wordpress websites security and check that your ssl cert is correctly installed and configured, update your core files and provide website theme updates if required to bring your site to current security standards for encryption and protection.