If you are in business and hold data on EU based customers and/or suppliers then the new GDPR rules apply to you, even if you don’t have a website!
But, what I want to point out to you are a couple of new WordPress related tools that will help you comply with the new legislation.
Firstly, the latest version of WordPress (4.9.6), released on 17th May 2018, comes equipped with some additions that will help you to quickly comply with three of the rules.
If you haven’t updated your website to the latest version of WordPress, now is the time to do it!
Export/Erase Personal Data
One of the GDPR regulations relates to people being able to ask you what data you hold on them.
If your WordPress website does not collect any data (ie it is not an ecommerce website) it will be doubtful that any data is held on the website. Having said that some plugins may hold data. For instance some contact forms save the completed field data into the database.
If that is the case, under the Tools menu there are two new options. One is Export Personal Data allowing you to download a CSV file of any data held on the person and the other is Erase Personal Data.
Both these options will only apply to people who have an account on your WordPress website, but both can be helpful in helping you comply with any requests for data you hold or a person’s right to be forgotten.
A number of Plugins have been created that will help WordPress website owners comply with the new regulations, but at the time of writing this, WP GDPR Compliance appears to be one of the most comprehensive plugins.
The WP GDPR Compliance plugin automatically detects which Form plugin that you are using and can automatically add the tick box to the form just above the Submit button. Having said that, at this moment in time it can only be used with a few of the most common plugins, although the developers continue to improve on this and adding more.
Another GDPR regulation relates to permission based responses to visitors who complete a contact form. To me this is a bit of a silly one as if a person fills out a contact form it is implied that they want you to respond to their enquiry, but I’m not a lawyer. However, the person is required to tick a box giving you permission to use their data in order to respond to their enquiry. By the way, that does not extend to adding them to your newsletter. As far as I can tell, that requires separate consent which must recorded.
Please remember these tools are just that, tools. It is up to you as the website owner to ensure that all aspects of your website and your business are compliant with the new GDPR regulations.