How to make your WordPress website GDPR compliant

How to make your WordPress website GDPR compliant

In this article, we’ll be outlining some tips to help you comply with the General Data Protection Regulation (GDPR) privacy law, which takes effect on May 25, 2018.

Please Note:

This article is provided as a resource, but is not legal advice. We recommend you contact your legal counsel to find out how the GDPR affects you.
 


Make sure everything on your site is up to date

Please update your WordPress to the latest version: v4.9.6, and also update CeraMag theme to v1.2.1.

And please also update all plugins on your site to the latest version.
 


Comments Consent Checkbox

WordPress added Commenter Cookie Opt-In in the latest version.

After updating your WordPress to v4.9.6, a consent checkbox will be added to the comment form:

When a logged out user comments on a post, they are asked for their name, email, and website. This information is stored locally in the commenter’s browser for two purposes:

When they leave another comment on the site, their name, email, and website will be pre-populated into the respective fields.

  1. If their comment is held for moderation, they can return to that post and remove the comment before it is approved.
  2. The information stored in this cookie is for convenience and is not essential. Therefore, the user needs to be given the choice to opt in or opt out of the storage of this data.

For this reason, a checkbox has been added to the comment form that allows commenters to opt-in to storing this data in the cookie. This checkbox will be unchecked by default, as opt-in is an action the user must explicitly approve.

CeraMag theme v1.2.1 is compatible with WordPress 4.9.6.
 


Build your Privacy Policy Pages

WordPress 4.9.6 introduced the ability to easily select a page as a privacy policy for a site in the Settings > Privacy section of the admin area. For new sites, a privacy policy template page will automatically be created in draft status.

And on that page you can also find the “Privacy Policy Guide” provided by WordPress.

“It’s also up to you as the site owner to communicate how your customers’ information is being used — it’s more of a communication and process question, rather than something that can be solved with technology.

You may need to update your privacy policy to explain how your site complies with GDPR.”

https://woocommerce.com/2017/12/gdpr-compliance-woocommerce/

Hide the new GDPR tools

If you’d like to remove/hide the new GDPR tools introduced in WordPress 4.9.6, you may use this plugin: https://wordpress.org/plugins/disable-privacy-tools/
 


CeraMag Extension

CeraMag theme doesn’t include any feature that would collect/store/transfer the visitors’ personal data. However, there are a few features in the required plugin CeraMag Extension would collect some data.

When you check the “Privacy Policy Guide” (on your site admin panel > Settings > Privacy > “Check out our guide”), you can see that we have added suggesting text of your Privacy Policy about how data would be collected when using features included in CeraMag Extension. You can copy those suggesting text into your Privacy Policy page and edit to suit your needs.

Social share buttons

FYI: When a visitor click the social share button to share content (a post or a product) to this visitor’s social media site, no any personal data has been collected or stored by our users’ websites.
 


Contact Form 7

By default, WordPress does not include a contact form. When you install CeraMag theme, you will see the note that we recommend install the third-party plugin “Contact Form 7” to create a contact form on your WordPress site.

If you are using this plugin, please update it to the latest version. Then add an acceptance checkbox to your contact form.

Please check their official documentation for more details: https://contactform7.com/acceptance-checkbox/
 


WooCommerce

Please read this article: https://businessbloomer.com/how-to-make-a-woocommerce-website-gdpr-compliant-12-steps/

More resources:

 


MailChimp for WordPress Plugin

Please check this plugin’s official doc for more information: https://kb.mc4wp.com/gdpr-compliance/

This plugin added a new “agree to terms” checkbox to field helper since version 4.2.2.

The markup may look like the following:

<p>
	<label><input name="_mc4wp_agree_to_terms" type="checkbox" value="1" required="">I have read and agree to the terms & conditions</label>
</p>

If you need support when using this plugin please go to: https://wordpress.org/support/plugin/mailchimp-for-wp

For MailChimp users:

More information about store your contacts’ personal information in your MailChimp account, please read this article: https://blog.mailchimp.com/gdpr-tools-from-mailchimp/

 


Cookies

Please check this page: https://ec.europa.eu/info/cookies_en
 


Google Font

There is a lot of misinformation being spread around the EU GDPR compliance when using Google Fonts. However, no any official statements about this so far. And according to Google Font Privacy Policy, we see that continued use of Google Fonts as low to zero risk:

The Google Fonts API is designed to limit the collection, storage, and use of end-user data to what is needed to serve fonts efficiently.

Use of Google Fonts is unauthenticated. No cookies are sent by website visitors to the Google Fonts API. Requests to the Google Fonts API are made to resource-specific domains, such as fonts.googleapis.com or fonts.gstatic.com, so that your requests for fonts are separate from and do not contain any credentials you send to google.com while using other Google services that are authenticated, such as Gmail.

https://developers.google.com/fonts/faq#what_does_using_the_google_fonts_api_mean_for_the_privacy_of_my_users

In addition, we have seen websites of many large companies still use Google fonts – we think that if using Google fonts is not GDPR compliant, they will avoid doing so.

However, we will add more features for fonts in future updates of our themes. For example, a feature that allows users to use other fonts instead of Google Fonts.
 


Contact Information

Identify how visitors can contact you if they want to get a copy of or remove their data from your site.

 


Get some inspiration

We recommend that you check out websites of large companies and read their privacy policies to get some inspiration when writing yours.