Disclaimer: We are not lawyers (sorry Mom!), and this post was written based on our own interpretation of the General Data Protection Regulation (GDPR) regulation. We advise you to seek legal counsel for a more detailed interpretation of how your business should comply.

Yesterday, WordPress 4.9.6 was released, and with it came the first changes related to GDPR and WordPress compliance. Even if you are not doing business with companies or customers in the European Union, your site may still be affected. Here are a few answers to the questions swirling around in your head:

1. How does this affect my business? I don’t sell to or service the European Union. 

Even if you don’t sell or work with companies overseas, if someone from the EU can visit your website and post a comment or fill out a form, you must be compliant. This basically means everyone who is on WordPress. Yes, you too. (Source)

2. Why am I just hearing about this now?

Information about the deadline for GDPR compliance has been out for quite some time now. However, with the deadline looming, most of the internet is scrambling to catch up. If you don’t run in circles that are keeping up with policy and regulation, it’s pretty easy to have missed it.

TL;DR – Procrastination

3. When is the deadline for compliance?

May 25, 2018 (Oh my. Where did the time go?)

4. I’m not compliant! What do I need to do?

For those of you who don’t sell to the EU, your job is a little easier. We went through the steps on our own site so that we could see first hand how some of this would work. The steps we took for updating our WordPress site included:

• Updating to the newest version of WordPress (4.9.6). This update provides you with a couple of great tools to help you comply:
  • Privacy Policy Generator – WordPress will now help you generate your own Privacy Policy. This policy needs to be written in language that is easily understandable to the user, and free of too much legal jargon. It also must be easily accessible on your site.
  • Data Export – Should someone reach out and say that they want to know what data of theirs you possess, you can now export it through the Tools>Privacy section in your dashboard. Simply enter the person’s email and once that person validates their request, you will be able to email them a copy of all data you have stored.
  • Data Removal – if someone reaches out to you and wants their data removed, WordPress now offers the ability to remove it with the click of a button. You are not required to delete data that you are legally obligated to keep.

• Writing our Privacy Policy according to the Tools provided in the WordPress update.
• Adding EU Cookie Consent notifications to our site. This serves as a pop up that allows visitors to accept or opt out of data collection.
• Checking Analytics for compliance. This includes IP anonymization and removing any PII variables from form url strings.
• Training our staff on how to export and remove data when requested.
• Checking our 3rd party plugins for compliance.

These are the first steps we’ve taken to be sure we are able to comply, should someone request that we no longer hold their data. We are lucky in that we don’t collect a lot of sensitive data, but E-commerce sites that ship worldwide and businesses who provide services internationally will need to heed these guidelines more fully. For those businesses we highly recommend seeking out the advice of a lawyer.

If you would like help with GDPR and WordPress Compliance on your site, follow the link below and fill out our simple questionnaire. We’ll get back to you with a reasonable quote to help get you closer to compliance and sleep better at night.