The General Data Protection Regulation (GDPR) implemented by the European Union (EU) is targeted at controlling the way websites/companies collect, use, and store customer data. Despite the regulations being from the EU, it impacts all companies who have European customers and websites who have visitors from the European region. In simple words, almost all websites have to ensure that they are GDPR compliant.
Many WordPress website owners are not completely aware of the data that they collect from users and the way it is being stored. With plugins performing most of these actions, keeping a tab on customer data was not prioritized until now. In order to make WordPress sites GDPR compliant, the developers released WordPress 4.9.6 version. Here are the top three privacy-related changes that have been introduced through this release.
1. Privacy Policy Page
Since the GDPR mandates that the customer’s consent is required before you obtain and use customer data, WordPress has added an option for website owners to create a privacy policy page. Through this page, site owners can explain to visitors all that they need to know about the way their data will be used and stored. WordPress also recommends that the privacy policy information of various plugins that you use for your website should also be mentioned on your privacy policy page.
This update displays the privacy policy on the login and registration pages. However, it is advisable to add a link, manually, to all pages of your website in the footer.
2. Commenter Information
Prior this update, commenters who are not logged in to WordPress would have their name, email address, and website saved in the cookies on their browser. With this update, commenters have an option to save these details in the cookies or they can opt against it.
As a website owner, you must ensure that you keep this in mind for any plugins used by you for managing comments on your site.
3. Data Storage
Another big aspect of GDPR compliance is data storage. Currently, site owners can download a compressed (ZIP) file containing users’ personal data obtained by WordPress and all installed plugins.
Post the 4.9.6 update, you will be able to erase the personal data of a user if you receive a specific request. This also includes the plugin data. The update has added an email-based confirmation system to verify requests and erasures where website owners can confirm these, for both, registered users and commenters.
Summing Up
At its core, the GDPR strives to ensure the right to privacy of customers. This involves better handling of the customer data, regular updates, data security, etc. A WP Hosting provider can handle data storage as well as WordPress updates and plugins update to meet with the GDPR provisions.