When it comes to Privacy, Europe had been working strictly to make sure every website reveal how they are collecting data about the visitors. The European Union’s General Data Protection Regulation (GDPR) takes effect on May 25. It requires the same i.e. companies and site owners to be transparent about how they collect, use, and share personal data. WordPress as a platform powers maximum number of websites around the world, and today they have rolled out version 4.9.6 is now available with Privacy as its main highlight.
GDPR also gives individuals more access and choice when it comes to how their own personal data is collected, used, and shared. WordPress has added a number of new privacy features in this release. Let’s have a look at it.
Configure Privacy in WordPress site
After an upgrade to WordPress 4.9.6, and if you are using the default theme of WordPress, you should see some changes right away.
Privacy Policy Page in WordPress
Website owners can now create a dedicated privacy policy page using an inbuilt tool in WordPress. While you can always use an existing page where you had mentioned everything, if you haven’t the template will include a format for most of the things that are recommended in European Union’s General Data Protection Regulation (GDPR).
In your WordPress Dashboard, as admin, to Settings > Privacy. I will suggest you look at the template first, but you can always link an existing Privacy Page of your website.
This new page lets you add sections or which you collect data, and why you do it under the heading “What personal data we collect and why we collect it”. The section expands to
- Comments
- Media
- Contact forms
- Cookies
- Embedded content from other websites
- Analytics
- Who we share your data with.
- How long we retain your data.
- Other information
- How you protect data
- What data breach procedures we have in place
- What third parties we receive data from
- What automated decision making and/or profiling we do with user data
- Industry regulatory disclosure requirements
You will need to explain everything, and for most of the things, a template data is available which you can modify according to your website.
Apart from this, WordPress has also created a guide that includes insights from WordPress and participating plugins on how they handle personal data. The company recommends you to copy and past it into your site’s privacy policy to help you get started. Learn more in our Privacy section of the Plugin Handbook on wordpress.org.
Personal Data Export and Erasure
WordPress also includes a tool which allows you to export or erase personal data from your website. This tool will come in handy if at all it becomes necessary for you to do it. While the data export is very simple as it allows site owners to export a ZIP file containing a user’s personal data, using data gathered by WordPress and participating plugins. Data Erasure is what is interesting.
Data Erasure is a new email-based method that site owners can use to confirm personal data requests. This request confirmation tool works for both export and erasure requests, and for both registered users and commenters. It can erase a user’s personal data, including data collected by participating plugins.
So for example, if someone requests you to remove his data from your website, you can ask the email id which is with the website You then use this interface to get his confirmation. Once received, you can delete all his data. A confirmation is then sent across.
Comments: Visitors who are not part of the website i.e. Logged-out commenters will have a choice if their name, email address, and website will be saved in a cookie on their browser. In simple words, those fields in the comment box will not be auto-filled when you visit to comment again.
Why do you need follow this?
Privacy of users have been long breached, and used for advertisements, and tracking them wherever they go. While it gets companies, and website owners a lot of money, it’s not a healthy practice. And if you don’t get this part? European Union’s General Data Protection Regulation (GDPR) has made this a law.
If you don’t follow this, it will affect you in long term. Even big companies like Google which runs the biggest advertisement platform, Adsense, will be asking site owners to comply. When using an analytics tool, you will have to comply with it.
Under non-compliance, EU has authority to take fine from you in terms of money. It will start from a Warning to Reprimand to Suspension of data processing to Fine which could be Up to €20 million or 4% of global annual turnover. This is important for those doing business in EU, and for those outside, the companies connected with you would ask you to take proper action.
TIP: WordPress offers several plugins that you can use to make your blog GDPR compliant. A free one which is easy to implement among them is Quantcast GDPR Consent. You can configure it yourself here or download it from WordPress.org.
