If you are in business and hold data on EU based customers and/or suppliers then the new GDPR rules apply to you, even if you don’t have a website!
I’m not going to go into what all the rules are, as there is plenty of information available including on the Information Commissioners Office website and the EU website.
But, what I want to point out to you are a couple of new WordPress related tools that will help you comply with the new legislation.
Firstly, the latest version of WordPress (4.9.6), released on 17th May 2018, comes equipped with some additions that will help you to quickly comply with three of the rules.
If you haven’t updated your website to the latest version of WordPress, now is the time to do it!
Privacy Policy
The new version of WordPress comes with a fill-in-the-blanks Privacy Policy. If you look under Settings there is a new Privacy option which allows you to either point to an existing page or create a new Privacy page.
When you click on Create New Page button (under Settings->Privacy) WordPress will create the page with some prompts that then allow you to add in your exact information. If you are not sure, at the top of the page there is a link to a page that has further suggestions on what to put in each section of the privacy policy.
This makes it a lot easier to create your privacy policy page with the right information for both website visitors and compliance authorities.
Export/Erase Personal Data
One of the GDPR regulations relates to people being able to ask you what data you hold on them.
If your WordPress website does not collect any data (ie it is not an ecommerce website) it will be doubtful that any data is held on the website. Having said that some plugins may hold data. For instance some contact forms save the completed field data into the database.
If that is the case, under the Tools menu there are two new options. One is Export Personal Data allowing you to download a CSV file of any data held on the person and the other is Erase Personal Data.
Both these options will only apply to people who have an account on your WordPress website, but both can be helpful in helping you comply with any requests for data you hold or a person’s right to be forgotten.
Plugins
A number of Plugins have been created that will help WordPress website owners comply with the new regulations, but at the time of writing this, WP GDPR Compliance appears to be one of the most comprehensive plugins.
The WP GDPR Compliance plugin automatically detects which Form plugin that you are using and can automatically add the tick box to the form just above the Submit button. Having said that, at this moment in time it can only be used with a few of the most common plugins, although the developers continue to improve on this and adding more.
In addition, WP GDPR Compliance plugin can be used to create a Privacy Policy page, again a fill-in-the-blanks template is created but with guidance on what is required.
Form Fills
Another GDPR regulation relates to permission based responses to visitors who complete a contact form. To me this is a bit of a silly one as if a person fills out a contact form it is implied that they want you to respond to their enquiry, but I’m not a lawyer. However, the person is required to tick a box giving you permission to use their data in order to respond to their enquiry. By the way, that does not extend to adding them to your newsletter. As far as I can tell, that requires separate consent which must recorded.
Please remember these tools are just that, tools. It is up to you as the website owner to ensure that all aspects of your website and your business are compliant with the new GDPR regulations.