Understanding How GDPR will Impact WordPress and Your Business

On May 25th, 2018, GDPR or General Data Protection Regulation goes live. Approximately 500 million users are covered under this legislation between Great Britain and European Union. GDPR is important for those businesses using WordPress, which owns over 50% of content management marketing as well as powering about 28% of global websites. GDPR is the most vital change in data privacy regulation seen in 20 years.

Basics of GDPR

The primary goal of this legislation is the improvement of privacy and allowing user control of an individual’s personal data. Accomplishing this goal means significant changes impacting all businesses, regardless of platform. These include the following:

• Certain types of data are protected by this legislation and are clearly defined, like name, IP location, Web location, ID numbers, RFID tags, address, and cookie data. Also covered are health, ethnic, genetic, sexual orientation, biometric, and political views.
• Regardless of geographical location, companies that process an individual’s personal data are subject to the new legislation.
• Fines of 4% of annual global turnover or up to €20 million, can be placed on companies not complying with GDPR.
• Notification of a data breach that may lead to a risk of an individual’s rights as well as freedoms, must be made with 72 hours to regulating parties and customers.
• Upon request, all of an individual’s personal data that they provided a company, must be provided from processes readily in place.

Impact on WordPress

Several key areas and how the GDPR will impact each one should be addressed by those companies using WordPress.

• Date Collection – User data is collected in WordPress websites in many ways including comments, user registrations, analytics, or contact forms. Under the GDPR, consent must not be assumed but must be informed. To ensure collection of all data abides by consent policies, WordPress websites must be reviewed and amended.
• Plugins – Data collection, as well as methods for storage of any third-party software or plugin, are the site owner’s responsibility. Prior to May 25th, it is vital that existing plugin libraries are audited and clarification made when needed. A plugin is available to help recognize some key issues: WordPress GDPR Compliance. Also, there is significant concern about third parties because the one “controlling” the data is the responsible party for handling and storing. Third-party plugins must be compliant with GDPR, as well.
• Automatic Consent – Businesses using WooCommerce, as well as any other WordPress eCommerce options, must ensure all newsletters, marketing materials, etc., are NOT “opt-out” but are “opt-in” instead. Under GDPR, consent boxes already checked are considered a breach. The approved options available for consent requests include the following:
  • Clicking on opt-in link or button
  • Replying to an email that requested consent
  • Selecting yes/no from an equally prominent option

Be sure that your WordPress site is reviewed and edited prior to May 25th, 2018. Once GDPR goes live, it is critical that businesses stay informed and be aware of any possible changes that may impact their WordPress site.