The General Data Protection Regulation (GDPR) implemented by the European Union (EU) is targeted at controlling the way websites/companies collect, use, and store customer data. Despite the regulations being from the EU, it impacts all companies who have European customers and websites who have visitors from the European region. In simple words, almost all websites have to ensure that they are GDPR compliant.
Many WordPress website owners are not completely aware of the data that they collect from users and the way it is being stored. With plugins performing most of these actions, keeping a tab on customer data was not prioritized until now. In order to make WordPress sites GDPR compliant, the developers released WordPress 4.9.6 version. Here are the top three privacy-related changes that have been introduced through this release.
Prior this update, commenters who are not logged in to WordPress would have their name, email address, and website saved in the cookies on their browser. With this update, commenters have an option to save these details in the cookies or they can opt against it.
As a website owner, you must ensure that you keep this in mind for any plugins used by you for managing comments on your site.
Another big aspect of GDPR compliance is data storage. Currently, site owners can download a compressed (ZIP) file containing users’ personal data obtained by WordPress and all installed plugins.
Post the 4.9.6 update, you will be able to erase the personal data of a user if you receive a specific request. This also includes the plugin data. The update has added an email-based confirmation system to verify requests and erasures where website owners can confirm these, for both, registered users and commenters.
At its core, the GDPR strives to ensure the right to privacy of customers. This involves better handling of the customer data, regular updates, data security, etc. A WP Hosting provider can handle data storage as well as WordPress updates and plugins update to meet with the GDPR provisions.