Skip to main content

A new directive from the European Union entitled “General Data Protection Regulation” – abbreviated GDPR – came into force in May. For many people, this measure is a great unknown in which they can not navigate. What does GDPR mean for WordPress Web?

What is the GDPR and what are the sanctions?

The purpose of the GDPR is simple. It is about making companies more responsible for the personal data of citizens of the European Union and more respective towards their private and family life.

It was an obligation for companies which have their own website to revise their current privacy policy by 25 May 2018. Failing to do so, companies are subject to high fines, which may present up to 4% of the company’s total worldwide annual turnover for the previous financial year, or € 20,000,000. It depends on which amount is higher in a particular case.

WordPress and GDPR

Since I think it can hep a lot of people, in this article I will introduce you to how we have dealt with the GDPR policy on our WordPress sites. However, it is important to note that this information is only one part of what the company needs to change under the GDPR modifications.

WordPress update

The great plus of the WordPress editing system is that it is actively developed by a wider community. In the latest update, a solution to the GDPR issue has also emerged. In version 4.9.6, developers have updated the following parts:

  • a checkbox has been added to improve the handling of personal data
  • the Privacy Settings page has been added in the settings – if you do not have this page, WordPress will automatically create it for you also with content
  • in the tools section, options have been added to improve the handling of the personal data of the website users

You can solve many GDPR issues just by a simple WordPress system core update. If your site does not collect users’ personal data, thanks to ordinary WordPress you are good to go.

What if I collect personal data?

If you are already collecting personal data from your visitors, you need to be more careful. Under the new regulations, visitors must explicitly give their consent to collecting information about them. The problem may arise in contact forms with use of Google Analytics tracking, Hotjar, but also by using e-shops and many other features.

How did we solve it?

Because we are using a contact form and tracking through Google Analytics on our site, we needed to modify the page. I assume that vast majority of WordPress web owners will face this particular problem, so you can take inspiration from this procedure.

In the case when users have created their user accounts on the web site, they need to be informed about the new privacy policy. It is best to send an e-mail to all users with the option to confirm the new policy. This, of course, concerns any changes to the policy on the protection of personal data.

Modification of contact forms

For each form, it was necessary to add a check box. But be aware that this field must not be pre-ticked now. The visitor must therefore expressly agree with the processing of personal data before submitting the form. This field must also include a link to the Privacy Policy page.

If the user does not agree with the new policy, it is necessary to delete his or her personal data from our database. As WordPress has added new tools to handle the personal data of users, simply find and use the “Delete personal information” section in the Settings.

Consent with cookies and GDPR Cookie Compliance

Next, we resolved the issue with Google Analytics tracking. This service saves cookies on a computer, whereby the web admin knows what visitors are doing on the site, what kind of sub-sites they visit, and so on. According to the GDPR, a visitor must explicitly agree to collect this information about him/her.

WordPress has added a handy extension called  GDPR Cookie Compliance. This plugin resolves a problem with the consent and storage of cookies on the visitor’s side. This all works by keeping the tracking codes of the given services off direct page code and instead we place it in this this extension. For this tip, many thanks go to Mirka of DOCKitIN (attach prelinking to dcktn)

The extension adds a cookie notification and offers the Agree or Settings button. When clicking the button Agree, the extension automatically adds the tracking codes we previously added into the plugin settings to the page code.

If a visitor clicks Settings, a pop-up window with the cookie settings and information opens, where he or she can turn it off, so the tracking code is not added to the page code.

After resolving these two issues, the site is officially in compliance with GDPR policies.

Stay calm and get your GDPR done

These tips address only the basic issues of the GDPR and WordPress sites – contact forms and cookies. If you already have more tracking services, more extensions or e-shops, you will have more work with the GDPR. However, you do not have to worry, as you will find hundreds of easy-to-understand instructions which will help you handle it easily.

Andrej Srna