If you are a web publisher with visitors coming from Europe, no matter if you write about food, butterflies or NZ casinos for your phone, you have probably heard of the initialism “GDPR”. You probably know that it has to do with privacy protection and the way websites handle the visitors’ personal information. Below, you’ll find a crash course on what the GDPR means and how you can become compliant (if you haven’t already).

What is the GDPR

The GDPR stands for “General Data Protection Regulation”, and is the name of a European Union law enacted with the goal of giving EU citizens the right to control how their personal data is handled. The law took effect on May 25th – you have probably noticed that pretty much every online service you registered with, no matter if it’s a newsletter or a social network, has sent you a notification about its changing privacy policy if you happen to reside in the EU. Or perhaps even if you don’t. And you will want to comply with it, too, if you have a website, considering that the fines, if you don’t, can be pretty hefty (EUR 20 million or 4% of the company’s global annual revenue – albeit this probably only applies to major international online groups like Facebook and Google).

But fear not – even if you are not complying with this regulation, you won’t find yourself opening the door at home to a pair of GDPR officers taking everything you own. Those services that don’t comply will be notified first, then warned, then hit with a suspension of data processing, and the fine is the last resort.

Does the GDPR apply to WordPress websites?

Yes, it does. It applies to every business, no matter in which country, that is visited by people living in the European Union. The goal of the regulation is to protect the users’ personally identifying information, including names, email addresses, physical addresses, IP addresses, health data, income levels, and such. What you need to do is to get your visitors’ explicit consent for you storing and using such information – no pre-ticked checkboxes for them to receive your newsletter but true, real consent expressed by themselves. Did we mention that the goal of the GDPR is to improve the data processing standards online?

Besides, you must inform all of your EU-based visitors how and why their data is processed and used. In the case of a WordPress blog, the users leave their email addresses to comment and may get notified of replies to their comments. You have to let them know about this, and in the case of a breach – if your website is hacked and the database stolen, you have to inform them right away of the incident.

WordPress GDPR compliance

The core WordPress software comes with new privacy tools in the 4.9.6 update. Among them, you get a tool that can export an individual user’s personal data, WordPress and plugin data, and erase a user’s personal data from the database. Besides, it also comes with an improved tool to create and maintain a website privacy policy, and a new comment form that allows users to opt out of cookies saving their personal data.