As from May 25th 2018, if your website is available to citizens in the EU or UK, you MUST make sure you comply with the GDPR (General Data Protection Regulations). If you have a WordPress website, this tutorial shows you the inbuilt functions (from WordPress 4.9.6) that make it easy for you to comply.
- Update your Privacy Policy
Under ‘Settings’ > ‘privacy’ you can view and edit your current privacy policy or create a new one. WordPress includes a template for you covering all of the necessary points.
- Enable Subscribers to receive their personal data.
Under tools, you’ll see options to export personal data and delete personal data. These are used either when a subscriber asks for details of any data the webiste holds on him/her OR when a subscriber asks to have his/her data deleted.Exporting Personal Data:
Under tools > export personal data, you can send an email to a subscriber direct from the dashboard asking them to confirm their request. Then, when they respond, you just click a button to send them the information.
Deleting Personal Data:
If a subscriber asks to have his/her data deleted, WordPress has a feature to do this for you. Again, you can send an email to the subscriber asking them to confirm their request. Once they respond, it is just a single click to delete their data. - Contact Forms
Make sure to add an unchecked checkbox on all of your contact forms requesting users to tick the box to agree to your privacy policy BEFORE they submit the form. - Optin-In Forms
All forms MUST be opt-in (meaning that users have to check a box to opt in (i.e. agree to your terms and conditions and understanding your privacy policy – when agreeing to receive emails).
